基于消息认证码的组播源认证研究被引量：1

On Improving Multicast Source Authentication to Achieve Better Security

下载PDF

导出

摘要在组播安全技术中 ,源认证技术一直是其主要的问题。文中就基于消息认证码的源认证技术 ( TESLA)进行了详细的分析和研究 ,对其存在的问题进行了改进 ,并给出了在此认证技术中关键参数——公开延迟时间间隔——的计算方法 ,最后给出了实验结果。 TESLA (Timed Efficient Stream Loss Tolerant Authentication) is a new and, more importantly, authoritative type of multicast source authentication technology based on MAC (Message Authentication Code). But TESLA still suffers, in our opinion, from two shortcomings that hurt its efficiency in providing security. This paper aims to overcome these two shortcomings as much as possible. Section 1 reviews the principles involved in TESLA in some detail so as to be in a position to explain clearly our improvements. Section 2 gives quite detailed description of our improvements. Subsection 2.1 deals with the first improvement. According to TESLA, each data packet must be stored for a time, however short, before decoding, thus making the receiver vulnerable to DoS (Denial of Service) attack. Subsection 2.1 explains a method that does not require storage of each data packet for a time, thus making receiver not vulnerable to DoS attack. Subsection 2.2 deals with the second improvement concerning time of disclosure delay d , which is an important parameter in multicast source authentication. Disclosure delay d should be suitably chosen: too small is bad for security; too big is burdersome on the system. TESLA does not explain how to select the suitable value for d ; subsection 2.2 does explain how to select the suitable value of d . Section 3 gives and discusses experimental results; the discussion shows preliminarily that our two improvements on TESLA are indeed effective for providing better security.

作者赵安军郭雷姚俊

机构地区西北工业大学自动化学院

出处《西北工业大学学报》 EI CAS CSCD 北大核心 2004年第1期45-49,共5页 Journal of Northwestern Polytechnical University

基金国家自然科学基金 (6 0 175 0 0 1)资助

关键词组播源认证 TESLA 消息认证码组播安全公开延迟时间间隔通信安全网络安全 multicast source authentication, TESLA(Timed Efficient Stream Loss Tolerant Authentication), MAC(Message Authentication Code),disclosure delay, security

分类号 TP393.08 [自动化与计算机技术—计算机应用技术]

引文网络
相关文献

参考文献8

1[1]Canetti R, Garay J, Itkis G. Multicast Security: A Taxonomy and some Efficient Constructions. In Proc INFOCOM′99, 1999, 2: 708～716
2[2]Kruus P. A Survey of Multicast Security Issues and Architectures. 21st National Information Systems Security Conf, Alington, VA, 1998
3[3]Rivest R L, Shamir A, Adleman L M. A Method for Obtaining Digital Signatures and Public-key Cryptosystems. Communications of the ACM, 1978, 21(2): 120～126
4[4]Perrig A, Canetti R, Briscoe B. TESLA: Multicast Source Authentication Transform. http://www.securemulticast.org/ msec-bof-5-Perrig-tesla-ietf-bofPDF.PDF. 2000
5[5]Golle P, Modadugu N. Authenticating Streamed Data in the Presence of Random Packet Loss. In Proc NDSS′01, 2001
6[6]Boneh D, Durfee G, Franklin M. Lower Bounds for Multicast Message Authentication. In Proc Eurocrypt 2001, Lecture Notes in Computer Science, Springer, 2001
7[7]Bellare M, Canetti R, Krawczyk H. Message Authentication Using Hash Functions--The HMAC Construction. RSA Laboratories CryptoBytes, 1996, 2(1)
8[8]Rohatgi P. A Compact and Fast Hybrid Signature Scheme for Multicast Packet. In Proceedings of the 6th ACM Conference on Computer and Communications Security, 1999, 93～100

同被引文献22

1陈慧,熊光泽,刘璟.组播分组数据源鉴别综述[J].计算机科学,2004,31(5):27-30. 被引量：2
2[1]T Dierks,C Allen.The TLS protocol.Version 1.0.RFC 2246,1999
3[2]S Kent,K Seo.Security architecture for the Internet protocol.RFC 4301,2005
4[3]Thomas Hardjono,Lakshminath R Dondeti.Multicast and Group Security.Boston:Artech House,2003
5[4]C K Wong,S S Lam.Digital signatures for flows and multicasts.IEEE/ACM Trans on Networking,1999,7(4):502-513
6[5]R Gennaro,P Rohatgi.How to sign digital streams.In:Advances in Cryptology-CRYPTO,LNCS 1294.Berlin:Springer-Verlag,1997
7[6]B Briscoe,R Canetti,et al.TESLA:Multicast source authentication transform.http://www.securemulticast.org/msec-bof-5-Perrig-tesla-ietf-bofPDF.PDF,2006-05
8[8]J Park,E Chong,H Siegel.Efficient multicast packet authentication using signature amortization.In:Proc of the IEEE Symposium on Security and Privacy.Los Alamitos,CA:IEEE Computer Society Press,2002
9[9]A Perrig,R Canetti,J Tygar,et al.Efficient authentication and signing of multicast streams over lossy channels.In:Proc of IEEE Symposium on Security and Privacy.Los Alamitos,CA:IEEE Computer Society Press,2000.56-73
10[10]R Canetti,J Garay,G Itkis,et al.Multicast security:A taxonomy and efficient constructions.In:Proc of IEEE INFOCOM.Los Alamitos,CA:IEEE Computer Society Press,1999

引证文献1

1韩华,鲁士文,蒋占卿,张峰.组播源认证技术TESLA研究[J].计算机研究与发展,2006,43(z2):82-86. 被引量：1

二级引证文献1

1韩华.改进GDOI以支持TESLA的组播安全解决方案[J].中国人民公安大学学报（自然科学版）,2010,16(2):42-45. 被引量：1

1赵安军,徐邦海,郭雷.动态Ad hoc网络环境下组播源认证研究[J].计算机应用研究,2007,24(1):291-293. 被引量：1
2邹艳.基于抗碰撞函数和分组认证树的组播源认证方案[J].计算机工程与应用,2004,40(28):137-138.
3邹艳,符云清,祝伟华.安全组播中源认证方案的研究[J].计算机科学,2004,31(12):40-40.
4朱宁.典型组播源认证方案比较研究[J].计算机光盘软件与应用,2013,16(14):77-78.
5周虹,蒋兴浩,姚亦峰,孙锬锋.基于哈稀链和认证树的组播源认证[J].通信技术,2007,40(12):264-266.
6戴卫国,孙乐昌,单洪.组播安全研究[J].安徽电子信息职业技术学院学报,2004,3(5):41-42. 被引量：1
7沈玉利,姚俊,赵安军,郭雷.一种基于数字水印的视频多点广播立即源认证模型[J].湛江海洋大学学报,2005,25(4):68-71.
8李洋,徐国爱,钮心忻,杨义先.树链混合的组播源认证改进方案[J].华中科技大学学报（自然科学版）,2011,39(7):50-53. 被引量：2
9武涛,郑雪峰,张文军,刘振华,穆翠霞.基于树链认证的一种组播源认证方案[J].计算机应用研究,2010,27(3):1071-1073. 被引量：1
10邹艳.基于满二叉树和杂凑函数的组播源认证方法[J].计算机应用与软件,2005,22(7):114-115.

西北工业大学学报

2004年第1期

浏览历史

内容加载中请稍等...

基于消息认证码的组播源认证研究被引量：1

参考文献8

同被引文献22

引证文献1

二级引证文献1

相关作者

相关机构

相关主题

浏览历史

基于消息认证码的组播源认证研究 被引量：1

参考文献8

同被引文献22

引证文献1

二级引证文献1

相关作者

相关机构

相关主题

浏览历史

基于消息认证码的组播源认证研究被引量：1