Authenticating streamed data in the presence of random packet loss February 8 th, 2001 Philippe Golle Nagendra Modadugu Stanford University.

Slides:



Advertisements
Similar presentations
Chapter 3 Public Key Cryptography and Message authentication.
Advertisements

CprE 458/558: Real-Time Systems
1 The Pollution Attack in P2P Live Video Streaming: Measurement Results and Defenses Prithula Dhungel Xiaojun Hei Keith W. Ross Nitesh Saxena Polytechnic.
Giuseppe Bianchi Lecture 6.1: Extras: Merkle Trees.
Introduction to Algorithms
Advanced Security Constructions and Key Management Class 16.
Lecture Implementations. The efficiency of a particular cryptographic scheme based on any one of the algebraic structures will depend on a number.
Digital Signatures and Hash Functions. Digital Signatures.
1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.
Chapter 6 outline r 6.1 Multimedia Networking Applications r 6.2 Streaming stored audio and video m RTSP r 6.3 Real-time, Interactive Multimedia: Internet.
Real-Time Authentication Using Digital Signature Schema Marissa Hollingsworth BOISECRYPT ‘09.
Mohamed Hefeeda 1 School of Computing Science Simon Fraser University, Canada Analysis of Multimedia Authentication Schemes Mohamed Hefeeda (Joint work.
Mohamed Hefeeda 1 School of Computing Science Simon Fraser University, Canada End-to-End Secure Delivery of Scalable Video Streams Mohamed Hefeeda (Joint.
Dynamic Internet Congestion with Bursts Stefan Schmid Roger Wattenhofer Distributed Computing Group, ETH Zurich 13th International Conference On High Performance.
Hash functions a hash function produces a fingerprint of some file/message/data h = H(M)  condenses a variable-length message M  to a fixed-sized fingerprint.
An Error-Resilient GOP Structure for Robust Video Transmission Tao Fang, Lap-Pui Chau Electrical and Electronic Engineering, Nanyan Techonological University.
Distributed Video Streaming Over Internet Thinh PQ Nguyen and Avideh Zakhor Berkeley, CA, USA Presented By Sam.
Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden
Multiple Sender Distributed Video Streaming Thinh Nguyen, Avideh Zakhor appears on “IEEE Transactions On Multimedia, vol. 6, no. 2, April, 2004”
KIANOOSH MOKHTARIAN SCHOOL OF COMPUTING SCIENCE SIMON FRASER UNIVERSITY 3/24/2008 Secure Multimedia Streaming.
Authenticating streamed data in the presence of random packet loss March 17th, Philippe Golle, Stanford University.
Security & Efficiency in Ad- Hoc Routing Protocol with emphasis on Distance Vector and Link State. Ayo Fakolujo Wichita State University.
UNIVERSITY OF MASSACHUSETTS Dept
Multiple Sender Distributed Video Streaming Thinh Nguyen (IEEE Member) Avideh Zakhor (IEEE Fellow) IEEE Transactions on multimedia 2004.
Adaptive Playout Scheduling Using Time- scale Modification in Packet Voice Communications Yi J. Liang, Nikolaus Farber, Bernd Girod Information Systems.
SPINS: Security Protocols for Sensor Networks Adrian Perrig Robert Szewczyk Victor Wen David Culler Doug TygarUC Berkeley.
Scalable Authentication of MPEG-4 Streams Yongdong Wu & Robert H. Deng present: Yu-Song Syu.
UDP© Dr. Ayman Abdel-Hamid, CS4254 Spring CS4254 Computer Network Architecture and Programming Dr. Ayman A. Abdel-Hamid Computer Science Department.
Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.
1 Timed Efficient Stream Loss-tolerant Authentication.
Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.5 Public Key Algorithms.
Computer Science CSC 774 Adv. Net. SecurityDr. Peng Ning1 CSC 774 Advanced Network Security Topic 4. Broadcast Authentication.
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
Localized Asynchronous Packet Scheduling for Buffered Crossbar Switches Deng Pan and Yuanyuan Yang State University of New York Stony Brook.
1 Public-Key Cryptography and Message Authentication Ola Flygt Växjö University, Sweden
Mitigating DoS Attacks against Broadcast Authentication in Wireless Sensor Networks Peng Ning, An Liu North Carolina State University and Wenliang Du Syracuse.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 21 “Public-Key Cryptography.
Acknowledgements: William Stallings.William Stallings All rights Reserved Session 4 Public Key Cryptography (Part 2) Network Security Essentials Application.
Multimedia and Mobile communications Laboratory Augmenting Mobile 3G Using WiFi Aruna Balasubramanian, Ratul Mahajan, Arun Venkataramani Jimin.
GZ06 : Mobile and Adaptive Systems A Secure On-Demand Routing Protocol for Ad Hoc Networks Allan HUNT Wandao PUNYAPORN Yong CHENG Tingting OUYANG.
Security for the Optimized Link- State Routing Protocol for Wireless Ad Hoc Networks Stephen Asherson Computer Science MSc Student DNA Lab 1.
TCP/IP Protocol Suite 1 Chapter 25 Upon completion you will be able to: Multimedia Know the characteristics of the 3 types of services Understand the methods.
1 Lecture 17 – March 21, 2002 Content-delivery services. Multimedia services Reminder  next week individual meetings and project status report are due.
Implementing EFECT Easy Fast Efficient Certification Technique Ivan Nestlerode Bell Labs Lucent Technologies Based on EFECT paper by: Phil MacKenzie, Bell.
Efficient Downloading and Updating Application on Smart Cards Yongsu Park, Junyoung Heo, Yookun Cho School of Computer Science and Engineering Seoul National.
Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.
Expander Graphs for Digital Stream Authentication and Robust Overlay Networks Presented by Neeraj Agrawal, Zifei Zhong.
Computer Science CSC 774 Adv. Net. Security1 Presenter: Tong Zhou 11/21/2015 Practical Broadcast Authentication in Sensor Networks.
Advanced Technology Laboratories Practical Considerations for Smoothing Multimedia Traffic over Packet- Switched Networks Christos Tryfonas
Efficient Distribution of Key Chain Commitments for Broadcast Authentication in Distributed Sensor Networks Donggang Liu and Peng Ning Department of Computer.
T. S. Eugene Ngeugeneng at cs.rice.edu Rice University1 COMP/ELEC 429/556 Introduction to Computer Networks Principles of Congestion Control Some slides.
Efficient and Secure Source Authentication for Multicast 報告者 : 李宗穎 Proceedings of the Internet Society Network and Distributed System Security Symposium.
The Analysis of Optimal Stream Merging Solutions for Media-on- Demand Amotz Bar-Noy CUNY and Brooklyn College Richard Ladner University of Washington.
TCP/IP Protocol Suite 1 Chapter 25 Upon completion you will be able to: Multimedia Know the characteristics of the 3 types of services Understand the methods.
DIGITAL SIGNATURE(DS) IN VIDEO. Contents  What is Digital Signature(DS)?  General Signature Vs. Digital Signatures  How DS is Different from Encryption?
1 Transport Layer: Basics Outline Intro to transport UDP Congestion control basics.
IT 221: Introduction to Information Security Principles Lecture 5: Message Authentications, Hash Functions and Hash/Mac Algorithms For Educational Purposes.
COM 5336 Lecture 8 Digital Signatures
Forward Secure Signatures on Smart Cards A. Hülsing, J. Buchmann, C. Busold | TU Darmstadt | A. Hülsing | 1.
หัวข้อบรรยาย Stream cipher RC4 WEP (in)security LFSR CSS (in)security.
Cryptographic Hash Function. A hash function H accepts a variable-length block of data as input and produces a fixed-size hash value h = H(M). The principal.
Cryptographic Hash Function
CS/ECE 478 Introduction to Network Security
BROADCAST AUTHENTICATION
Data Integrity: Applications of Cryptographic Hash Functions
Pre-image Resistance: Given a, hard to find b such that ____
Self Organized Networks
UNIVERSITY OF MASSACHUSETTS Dept
UNIVERSITY OF MASSACHUSETTS Dept
Project proposal Multi-stream and multi-path audio transmission
Presentation transcript:

Authenticating streamed data in the presence of random packet loss February 8 th, 2001 Philippe Golle Nagendra Modadugu Stanford University

Internet Radio Station 1234 =... 56

Signing Streams Goal: authenticity, non-repudiation Digital Signature 3 requirements for signing streams ‘On the fly’ authentication Low overhead (computation and communication) Robustness (resist packet loss)

Outline 1. Existing solutions Efficient signatures Amortized signatures 2. Our scheme Construction Optimally resistant to bursty packet loss Implementation

Sign each packet Sign each packet (RSA, DSA,…) Properties + Immediate authentication + Robust: packets individually verifiable - Computational load too high Optimization Numerous tricks (CRT, precomputations, etc…) Maximum: 100 signatures / second 1234

Amortization: hash function 12 Hash(2) Digital signature Collision-resistant hash function h: Given h(x), hard to find y such that h(x)=h(y) Hash 100 times faster than digital signature

Hash chain (Gennaro, Rohatgi) Sender processes the stream backwards Append the hash of P i+1 to P i Sign only the first packet Properties + Immediate authentication + Extremely efficient: 1 hash computation / packet Overhead: 20 bytes / packet - Vulnerable to packet loss - Offline stream only 1234 h(2) h(3)h(4) …

OTS chain (Gennaro, Rohatgi) Packet P i contains the public-key to verify P i+1 Faster than “sign each” for online streams Limitations: Overhead: 1000 bytes / packet (optimized: 300 bytes) Issue of packet loss 1234 K(2) K(3)K(4)

Packet groups (Wong & Lam) Sender: Packet 3 is sent as: Robust against worst-case packet-loss Trade-off More packets per group: buffering, communication overhead Fewer packets per group: computational overhead h(1) Sign hash

Packet groups: Tree Packet 3 is sent as: Properties Robust against worst-case packet loss Traded a few more hash computations for lower communication overhead Sign 3 78

Recap Started with a hash chain Immediate authentication Low computation and communication overhead Vulnerable to packet loss Offline streams only Improvement: tree scheme Immediate authentication Higher computation and communication overhead (trade-off) Resists packet loss Some buffering on sender side, none on receiver side

Our scheme Existing solutions Resistant to worst-case packet loss Trade-off between Computation/Communication cost Communication overhead matters: Standardized packet format USER_DATA section (MPEG video and audio) Open parallel connection not a realistic solution We propose a solution which is Resistant to average loss New trade-off: computational cost and authentication speed

Our scheme (contd) Model of packet loss Bursts (UDP) Goal: maximize length of single worst-case burst Resists multiple bursts Authentication complete delayed … XXXX

Construction: hash chain with redundancy Divide the stream into sequences of fixed length (say 50 or 100 packets) The last packet in each sequence is signed (and is presumed never lost) Property: the signature on the last packet ‘covers’ the hash of every packet in the sequence Generation and verification algorithm

Simple case: no packet buffering on sender side Chain of strength a: the hash of packet P i is appended to two other packets: P i+1 and P i+a Only the last packet is signed Example: chain of strength 3

Characteristics of a chain Sender: Buffers 1 packet Stores a hashes Receiver Buffers 2 hashes Can authenticate at the end of the sequence Resistance to loss Maximum burst length = a-1 (optimal)

Generic Construction (packet buffering on the sender side) If the sender can buffer a single packet: Example: augmented chain of strength 3

Generalization Sender buffers: p packets h hashes Start with a chain of strength (h-p) Insert (p-1) new packets in-between

Insertion 1 Very simple to implement Optimally resistant to loss But: the maximum number of hashes appended to a packet grows linearly with p

Insertion 2 Constant m Recursive embedding AB21 AB21

Characteristics Sender Buffers p packets Hash buffer of size h = a+p Receiver Buffers (p+3)/2 hashes Resistance to loss: maximum burst length =p(a-1) (optimal) fast recovery

Comparison with other schemes SchemeSignaturehashOverhead (bytes) lossverification WL star anyimmediate WL tree anyimmediate LW tree full anyimmediate Chains 11643burstsdelayed

Implementation

Conclusion Efficient stream authentication scheme. Strength: resistance to random loss (bursts) New trade-off: between computational complexity and time to authentication Implemented as plug-in to Real Audio Player

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.