Presentation is loading. Please wait.

Presentation is loading. Please wait.

TESLA Based Frame Authentication

Published byMarcus Ekström Modified over 5 years ago

Similar presentations

Presentation on theme: "TESLA Based Frame Authentication"— Presentation transcript:

1 TESLA Based Frame Authentication
Month Year doc.: IEEE yy/xxxxr0 September 2019 TESLA Based Frame Authentication Date: Authors: Hitoshi Morioka, SRC Software John Doe, Some Company

2 Month Year doc.: IEEE yy/xxxxr0 September 2019 Abstract This presentation describes an additional information about TESLA based frame authentication that is proposed in 11-19/451r3. Hitoshi Morioka, SRC Software John Doe, Some Company

3 September 2019 TESLA TESLA is an algorithm that enables all receivers check integrity and authenticate the source of each frame in multicast or broadcast data stream. TESLA uses One-way key chain. One-way key chain is based on the nature of one-way hash function. In case of Vi+1 = Hash(Vi) Calculating Vi+1 from Vi is easy. Calculating Vi from Vi+1 is difficult. (practically impossible) Vi Vi+1 easy difficult Hitoshi Morioka, SRC Software

4 September 2019 Key Generation A transmitter generates a series of keys by using hash function. Random Seed Hash Hash Hash Hash Hash K0 K1 K2 KN-1 KN Hash’ Hash’ Hash’ Hash’ Hash’ K’0 K’1 K’2 K’N-1 K’N Hitoshi Morioka, SRC Software

5 Authenticator Generation
September 2019 Authenticator Generation The transmitter generates authenticator by HMAC hash function with the generated key. The key to generate the authenticator is changed in a fixed duration Tk in reverse sequence of the key chain. Data HMAC-Hash(Key = K’i) Authenticator K’N-1 K’N-2 K’N-3 K’N-4 K’N-5 K’0 time TK TK TK TK TK TK Hitoshi Morioka, SRC Software

6 September 2019 Key Disclosure The transmitter discloses the keys after d * Tk (d >= 2) Data Data Data Data Data Data Auth (K’N-1) Auth (K’N-2) Auth (K’N-3) Auth (K’N-4) Auth (K’N-4) Auth (K’0) KN-1 KN-2 KN-3 K2 Disclosed Key (d = 2) KN-1 KN-2 KN-3 K2 Authenticator Key K’N-1 K’N-2 K’N-3 K’N-4 K’N-5 K’0 time TK TK TK TK TK TK Hitoshi Morioka, SRC Software

7 Frame Authentication K’N K’N-1 K’N-2 K’N-3 K’N-4 K’N-5 time KN KN-1
September 2019 Frame Authentication Receiver buffers frames until the key is disclosed. The key integrity is verified as following: If Hash(Ki-1) = Ki and Ki is already verified, Ki-1 is correct. The buffered frames are authenticated by the key calculated from the disclosed key. Key for authenticator K’N K’N-1 K’N-2 K’N-3 K’N-4 K’N-5 time Disclosed Key KN KN-1 KN-2 KN-3 Hash’ Verify Verify Verify K’N Authenticate frames signed by K’N Hitoshi Morioka, SRC Software

8 The First Key Verification
September 2019 The First Key Verification The first key, KN, has to be verified by other method. KN should be verified by public key algorithm KN Signature Hitoshi Morioka, SRC Software

9 The Last d keys Disclosure
September 2019 The Last d keys Disclosure The last d keys, K1 and K0 when d = 2, should be disclosed after the key sequence finished. Data Auth (K’0) K1 K2 K0 K2 K’0 time Tk Hitoshi Morioka, SRC Software

10 Frame Sequence TK TI September 2019 eBCS Info frame eBCS Data frames
eBCS Info frame includes Ks,N (where s is the seq num of eBCS Info) Ks-1,L (where L is the last used key index) Ks-1,L+1 (if d = 2) Timestamp TI TK d eBCS Info sequence number Public key with CA signature Signature by the sender’s private key eBCS Data frame includes Ks,i+2 (where s is the seq num of eBCS Info, d=2) As,i (Authenticator generated by the key K’s,i) Key index: i eBCS Info seq num: s Sender generates one-way key chain before generating each eBCS Info frame (Ks,N, Ks,N-1, Ks,N-2, …, Ks,0) eBCS Info frame Transmitted in TI interval eBCS Data frames TK TI Hitoshi Morioka, SRC Software

11 Recovery from Missing Frames
September 2019 Recovery from Missing Frames In case of missing KS,5 and KS,4: KS,5 and KS,4 can be calculated from KS,3 KS,4 = Hash(KS,3) KS,5 = Hash(KS,4) In this case, the receiver has to buffer the frames that have the authenticator generated by KS,5 and KS,4 until receiving KS,3. KS-1,0 KS-1,1 KS,8 KS,0 KS,1 KS+1,8 AS,5 KS,7 AS,4 KS,6 AS,3 KS,5 AS,2 KS,4 AS,1 KS,3 AS,0 KS,2 Sequence S Sequence S+1 Hitoshi Morioka, SRC Software

12 Dummy Data Frame Sequence S Sequence S+1 September 2019
TESLA key is usually piggybacked in eBCS frames. In case of no data to be sent in a TK, the transmitter transmits a dummy data frame which includes the key to be disclosed at the end of the TESLA key period. KS-1,0 KS-1,1 KS,8 KS,0 KS,1 KS+1,8 Dummy Data Frame AS,5 KS,7 AS,4 KS,6 AS,2 KS,4 AS,1 KS,3 AS,0 KS,2 AS,3 KS,5 Sequence S Sequence S+1 Hitoshi Morioka, SRC Software

13 Parameters d: Fixed to 2 is reasonable
September 2019 Parameters d: Fixed to 2 is reasonable TK: Longer TK requires receivers’ memory to buffer received frames The clock of the transmitter and the receivers have to be roughly synchronized with the accuracy of TK to prevent from replay attack. TI: Longer TI requires the transmitter’s memory to store a sequence of key chain. Hitoshi Morioka, SRC Software

Download ppt "TESLA Based Frame Authentication"

Similar presentations

Giuseppe Bianchi Lecture 6.1: Extras: Merkle Trees.

Giuseppe Bianchi Lecture 6.1: Extras: Merkle Trees.
Timed Efficient Stream Loss-Tolerant Authentication. (RFC 4082) Habib Moukalled 1/29/08.

Timed Efficient Stream Loss-Tolerant Authentication. (RFC 4082) Habib Moukalled 1/29/08.
A Lightweight Hop-by-Hop Authentication Protocol For Ad- Hoc Networks Speaker: Hsien-Pang Tsai Teacher: Kai-Wei Ke Date:2005/01/20.

A Lightweight Hop-by-Hop Authentication Protocol For Ad- Hoc Networks Speaker: Hsien-Pang Tsai Teacher: Kai-Wei Ke Date:2005/01/20.
ITIS 6010/8010: Wireless Network Security Weichao Wang.

ITIS 6010/8010: Wireless Network Security Weichao Wang.
1 Timed Efficient Stream Loss-tolerant Authentication.

1 Timed Efficient Stream Loss-tolerant Authentication.
Computer Science CSC 774 Adv. Net. SecurityDr. Peng Ning1 CSC 774 Advanced Network Security Topic 4. Broadcast Authentication.

Computer Science CSC 774 Adv. Net. SecurityDr. Peng Ning1 CSC 774 Advanced Network Security Topic 4. Broadcast Authentication.
AQA Computing A2 © Nelson Thornes 2009 Section 6.4 1 Unit 3 Section 6.4: Internet Security Digital Signatures and Certificates.

AQA Computing A2 © Nelson Thornes 2009 Section Unit 3 Section 6.4: Internet Security Digital Signatures and Certificates.
Authors: Yih-Chun Hu, Adrian Perrig, David B. Johnson

Authors: Yih-Chun Hu, Adrian Perrig, David B. Johnson
11-Basic Cryptography Dr. John P. Abraham Professor UTPA.

11-Basic Cryptography Dr. John P. Abraham Professor UTPA.
1 CMPT 471 Networking II Authentication and Encryption © Janice Regan, 2006-2013.

1 CMPT 471 Networking II Authentication and Encryption © Janice Regan,
Shambhu Upadhyaya 1 Ad Hoc Networks – Network Access Control Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 20)

Shambhu Upadhyaya 1 Ad Hoc Networks – Network Access Control Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 20)
Security for Broadcast Network

Security for Broadcast Network
IT 221: Introduction to Information Security Principles Lecture 5: Message Authentications, Hash Functions and Hash/Mac Algorithms For Educational Purposes.

IT 221: Introduction to Information Security Principles Lecture 5: Message Authentications, Hash Functions and Hash/Mac Algorithms For Educational Purposes.
Presented by: Reut Barazani Limor Levy. Contents Introduction Digital signature broadcast message authentication TESLA broadcast message authentication.

Presented by: Reut Barazani Limor Levy. Contents Introduction Digital signature broadcast message authentication TESLA broadcast message authentication.
Message Authentication Code

Message Authentication Code
Chapter 5 Network Security Protocols in Practice Part I

Chapter 5 Network Security Protocols in Practice Part I
OSA vs WEP WPA and WPA II Tools for hacking

OSA vs WEP WPA and WPA II Tools for hacking
Security Outline Encryption Algorithms Authentication Protocols

Security Outline Encryption Algorithms Authentication Protocols
Unit 3 Section 6.4: Internet Security

Unit 3 Section 6.4: Internet Security
Security Design.

Security Design.

Similar presentations

Ads by Google