Computer Science CSC 774 Adv. Net. SecurityDr. Peng Ning1 CSC 774 Advanced Network Security Topic 4. Broadcast Authentication.

Slides:



Advertisements
Similar presentations
Giuseppe Bianchi Lecture 6.1: Extras: Merkle Trees.
Advertisements

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 6. Security in Mobile Ad-Hoc Networks.
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 4.2 BiBa.
CSC 774 Advanced Network Security
Digital Signatures and Hash Functions. Digital Signatures.
Computer Science Dr. Peng NingCSC 774 Advanced Network Security1 Topic 3.2: Micro Payments.
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 5 Group Key Management.
LOGO Multi-user Broadcast Authentication in Wireless Sensor Networks ICU Myunghan Yoo.
Computer Science 1 Efficient Self-healing Group Key Distribution With Revocation Capability Archana Rajagopal CSC 774 Presentation Based on Original Slides.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.
Security Issues In Sensor Networks By Priya Palanivelu.
Timed Efficient Stream Loss-Tolerant Authentication. (RFC 4082) Habib Moukalled 1/29/08.
KIANOOSH MOKHTARIAN SCHOOL OF COMPUTING SCIENCE SIMON FRASER UNIVERSITY 3/24/2008 Secure Multimedia Streaming.
Key Distribution in Sensor Networks (work in progress report) Adrian Perrig UC Berkeley.
Authenticating streamed data in the presence of random packet loss March 17th, Philippe Golle, Stanford University.
Security & Efficiency in Ad- Hoc Routing Protocol with emphasis on Distance Vector and Link State. Ayo Fakolujo Wichita State University.
SPINS: Security Protocols for Sensor Networks Adrian Perrig, Robert Szewczyk, Victor Wen, David Culler, J.D. Tygar Research Topics in Security in the context.
SPINS: Security Protocols for Sensor Networks Adrian Perrig Robert Szewczyk Victor Wen David Culler Doug TygarUC Berkeley.
ITIS 6010/8010: Wireless Network Security Weichao Wang.
Multicast Security CS239 Advanced Network Security April 16 th, 2003 Yuken Goto.
Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.
1 Timed Efficient Stream Loss-tolerant Authentication.
Computer Science CSC 774Dr. Peng Ning1 CSC 774 Advanced Network Security Topic 2. Review of Cryptographic Techniques.
Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.5 Public Key Algorithms.
CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS
Lecture 2: Message Authentication Anish Arora CSE5473 Introduction to Network Security.
Security Introduction Class February Overview  Security Properties  Security Primitives  Sample Protocols.
CS5204 – Fall Cryptographic Security Presenter: Hamid Al-Hamadi October 13, 2009.
Mitigating DoS Attacks against Broadcast Authentication in Wireless Sensor Networks Peng Ning, An Liu North Carolina State University and Wenliang Du Syracuse.
CS555Topic 211 Cryptography CS 555 Topic 21: Digital Schemes (1)
Computer Science Secure Hierarchical In-network Data Aggregation for Sensor Networks Steve McKinney CSC 774 – Dr. Ning Acknowledgment: Slides based on.
Secure Aggregation for Wireless Networks Lingxuan Hu David Evans [lingxuan, Department of Computer.
Message Authentication  message authentication is concerned with: protecting the integrity of a message protecting the integrity of a message validating.
1 Chapter 11: Message Authentication and Hash Functions Fourth Edition by William Stallings Lecture slides by Lawrie Brown (modified by Prof. M. Singhal,
GZ06 : Mobile and Adaptive Systems A Secure On-Demand Routing Protocol for Ad Hoc Networks Allan HUNT Wandao PUNYAPORN Yong CHENG Tingting OUYANG.
Cryptography, Authentication and Digital Signatures
SPINS: Security Protocols in Sensor Networks
Authors: Yih-Chun Hu, Adrian Perrig, David B. Johnson
Security on Sensor Networks Presented by Min-gyu Cho SPINS: Security Protocol for Sensor Networks TinySec: Security for TinyOS SPINS: Security Protocol.
Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols ► Acts as denial of service by disrupting the flow of data between a source and.
Computer Science CSC 774 Adv. Net. Security1 Presenter: Tong Zhou 11/21/2015 Practical Broadcast Authentication in Sensor Networks.
Chapter 11 Message Authentication and Hash Functions.
Cryptography and Network Security Chapter 12 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Computer Science 1 TinySeRSync: Secure and Resilient Time Synchronization in Wireless Sensor Networks Speaker: Sangwon Hyun Acknowledgement: Slides were.
Group-based Source Authentication in VANETs You Lu, Biao Zhou, Fei Jia, Mario Gerla UCLA {youlu, zhb, feijia,
Multi-user Broadcast Authentication in Wireless Sensor Networks Kui Ren, Wenjing Lou, Yanchao Zhang SECON2007 Manar Mahmoud Abou elwafa.
Efficient Distribution of Key Chain Commitments for Broadcast Authentication in Distributed Sensor Networks Donggang Liu and Peng Ning Department of Computer.
Shambhu Upadhyaya 1 Ad Hoc Networks – Network Access Control Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 20)
Efficient Distribution of Key Chain Commitments for Broadcast Authentication in Distributed Sensor Networks Random Key Predistribution Schemes for Sensor.
Cryptography and Network Security (CS435) Part Nine (Message Authentication)
Efficient and Secure Source Authentication for Multicast 報告者 : 李宗穎 Proceedings of the Internet Society Network and Distributed System Security Symposium.
Security for Broadcast Network
1 Security for Broadcast Network Most slides are from the lecture notes of prof. Adrian Perrig.
4343 X2 – The Transport Layer Tanenbaum Ch.6.
Author: Na Ruan, Yoshiaki Hori Published in:
Authenticating streamed data in the presence of random packet loss February 8 th, 2001 Philippe Golle Nagendra Modadugu Stanford University.
Cryptographic Security Aveek Chakraborty CS5204 – Operating Systems1.
S E A D Secure Efficient Distance Vector Routing for Mobile Wireless Ad Hoc Networks Yih-Chun Hu,David B.Johnson, Adrian Perrig.
Presented by: Reut Barazani Limor Levy. Contents Introduction Digital signature broadcast message authentication TESLA broadcast message authentication.
Computer Science Least Privilege and Privilege Deprivation: Towards Tolerating Mobile Sink Compromises in Wireless Sensor Network Presented by Jennifer.
CSCE 715: Network Systems Security
The TESLA Broadcast Authentication Protocol CS 218 Fall 2017
Ariadne A Secure On-Demand Routing Protocol for Ad Hoc Networks
SPINS: Security Protocols for Sensor Networks
CS/ECE 418 Introduction to Network Security
BROADCAST AUTHENTICATION
Data Integrity: Applications of Cryptographic Hash Functions
SPINS: Security Protocols for Sensor Networks
Outline A. Perrig, R. Szewczyk, V. Wen, D. Culler, and J. D. Tygar. SPINS: Security protocols for sensor networks. In Proceedings of MOBICOM, 2001 Sensor.
Presentation transcript:

Computer Science CSC 774 Adv. Net. SecurityDr. Peng Ning1 CSC 774 Advanced Network Security Topic 4. Broadcast Authentication

Computer Science CSC 774 Adv. Net. SecurityDr. Peng Ning2 What Is Broadcast Authentication? One sender; multiple receivers –All receivers need to authenticate messages from the sender.

Computer Science CSC 774 Adv. Net. SecurityDr. Peng Ning3 Challenges in Broadcast Authentication Can we use symmetric cryptography in the same way as in point-to-point authentication? How about public key cryptography? –Effectiveness? –Cost? Research in broadcast authentication –Reduce the number of public key cryptographic operations

Computer Science CSC 774 Adv. Net. SecurityDr. Peng Ning4 CSC 774 Advanced Network Security Topic 4.1 TESLA and EMSS

Computer Science CSC 774 Adv. Net. SecurityDr. Peng Ning5 Outline Two Schemes –TESLA Sender Authentication Strong loss robustness High Scalability Minimal overhead –EMSS Non-Repudiation High loss robustness Low overhead

Computer Science CSC 774 Adv. Net. SecurityDr. Peng Ning6 TESLA - Properties Low computational overhead Low per packet communication overhead Arbitrary packet loss tolerated Unidirectional data flow No sender side buffering High guarantee of authentication Freshness of data

Computer Science CSC 774 Adv. Net. SecurityDr. Peng Ning7 TESLA – Overview Timed Efficient Stream Loss–tolerant Authentication Based on timed and delayed release of keys by the sender Sender commits to a random key K and transmits it to the receivers without revealing it Sender attaches a MAC to the next packet P i with K as the MAC key Sender releases the key in packet P i+1 and receiver uses this key K to verify P i Need a security assurance

Computer Science CSC 774 Adv. Net. SecurityDr. Peng Ning8 TESLA – Scheme I Each packet P i+1 authenticates P i Problems? –Security? Robustness? K i ’=F’(K i )

Computer Science CSC 774 Adv. Net. SecurityDr. Peng Ning9 TESLA – Scheme I (Cont’d ) If attacker gets P i+1 before receiver gets P i, it can forge P i Security Condition –ArrT i +  t < T i+1 –Sender’s clock is no more than  t seconds ahead of that of the receivers –One simple way: constant data rate Packet loss not tolerated

Computer Science CSC 774 Adv. Net. SecurityDr. Peng Ning10 TESLA – Scheme II Generate a sequence of keys { K i } with one-way function F F v (x) = F v-1 ( F(x) ) K o = F n (K n ) K i = F n-i (K n ) Attacker cannot invert F or compute any K j given K i, where j>i Receiver can compute all K j from K i, where j < i –K j = F i-j (K i ); K’ i = F’ (K i )

Computer Science CSC 774 Adv. Net. SecurityDr. Peng Ning11 TESLA – Scheme II (Cont’d)

Computer Science CSC 774 Adv. Net. SecurityDr. Peng Ning12 TESLA – Scheme III Remaining problems with Scheme II –Inefficient for fast packet rates –Sender cannot send P i+1 until all receivers receive P i Scheme III –Does not require that sender wait for receiver to get P i before it sends P i+1 –Basic idea: Disclose K i in P i+d instead of P i+1

Computer Science CSC 774 Adv. Net. SecurityDr. Peng Ning13 TESLA – Scheme III (Cont’d) Disclosure delay d =  (  tMax + d NMax )r  –  tMax : maximum clock discrepancy –d NMax : maximum network delay –r: packet rate Security Condition: –ArrT i +  t < T i+d Question: –Does choosing a large d affect the security?

Computer Science CSC 774 Adv. Net. SecurityDr. Peng Ning14 TESLA – Scheme IV Deals with dynamic transmission rates Divide time into intervals Use the same K i to compute the MAC of all packets in the same interval i All packets in the same interval disclose the key K i-d Achieve key disclosure based on intervals rather than on packet indexes

Computer Science CSC 774 Adv. Net. SecurityDr. Peng Ning15 TESLA – Scheme IV (Cont’d)

Computer Science CSC 774 Adv. Net. SecurityDr. Peng Ning16 TESLA – Scheme IV (Cont’d) Interval index: i = (t – T o )/T  K i ’ = F’(K i ) for each packet in interval i P j = Security condition: –i + d > i’ –i’ = (t j +  t -T o )/T  i’ is the farthest interval the sender can be in

Computer Science CSC 774 Adv. Net. SecurityDr. Peng Ning17 TESLA – Scheme V In Scheme IV: –A small d will force remote users to drop packets –A large d will cause unacceptable delay for fast receivers Scheme V –Use multiple authentication chains with different values of d Receiver verifies one security condition for each chain C i, and drops the packet is none is satisfied

Computer Science CSC 774 Adv. Net. SecurityDr. Peng Ning18 TESLA--Immediate Authentication M j+vd can be immediately authenticated once packet j is authenticated Not to be confused with packet j+vd being authenticated

Computer Science CSC 774 Adv. Net. SecurityDr. Peng Ning19 TESLA – Initial Time Synchronization R  S: Nonce S  R: {Sender Time t S, Nonce, …}K s -1 R only cares the maximum time value at S. Max clock discrepancy:  T = t S -t R

Computer Science CSC 774 Adv. Net. SecurityDr. Peng Ning20 EMSS Efficient Multichained Streamed Signature Useful where –Non Repudiation required –Time synchronization may be a problem Based on signing a small number of special packets in the stream Each packet linked to a signed packet via multiple hash chains

Computer Science CSC 774 Adv. Net. SecurityDr. Peng Ning21 EMSS – Basic Signature Scheme

Computer Science CSC 774 Adv. Net. SecurityDr. Peng Ning22 EMSS – Basic Signature Scheme (Cont’d) Sender sends periodic signature packets P i is verifiable if there exists a path from P i to any signature packet S j

Computer Science CSC 774 Adv. Net. SecurityDr. Peng Ning23 EMSS – Extended Scheme Basic scheme has too much redundancy Split hash into k chunks, where any k’ chunks are sufficient to allow the receivers to validate the information –Rabin’s Information Dispersal Algorithm –Some upper few bits of hash Requires any k’ out of k packets to arrive More robust

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.