Distillation Codes and Applications to DoS Resistant Multicast Authentication
نویسندگان
چکیده
We introduce distillation codes, a method for streaming and storing data. Like erasure codes, distillation codes allow information to be decoded from a sufficiently large quorum of symbols. In contrast to erasure codes, distillation codes are robust against pollution attacks, a powerful class of denial of service (DoS) attacks in which adversaries inject invalid symbols during the decoding process. We examine applications of distillation codes to multicast authentication. Previous applications of erasure codes to multicast authentication are vulnerable to low bandwidth pollution attacks. We demonstrate pollution attacks against previous approaches which prevent receivers from verifying any authentic packets. To resist pollution attacks, we introduce Pollution Resistant Authenticated Block Streams, which have low overhead and can tolerate arbitrary patterns of packet loss within a block up to a predetermined number of packets. In the face of 40Mb/s of attack traffic, PRABS receivers successfully authenticate the stream and consume only 10% of their CPU.
منابع مشابه
Simulation-Based Performance Evaluation of Predictive-Hashing Based Multicast Authentication Protocol
1 This work was supported by ARO grant 48575-RT-ISP. Abstract A predictive-hashing based Denial-of-Service (DoS) resistant multicast authentication protocol was proposed based upon predictive-hashing, one-way key chain, erasure codes, and distillation codes techniques [4, 5]. It was claimed that this new scheme should be more resistant to various types of DoS attacks, and its worst-case resourc...
متن کاملResource Requirement Analysis for a Predictive-Hashing Based Multicast Authentication Protocol
A new multicast authentication scheme for real-time streaming applications was proposed [28] that is resistant to denial-of-service attacks with less resource usages (CPU and buffer) at receivers compared to previously proposed schemes. This scheme utilizes prediction hashing (PH) and one-way key chain (OKC) techniques based on erasure codes and distillation codes. Detailed protocol description...
متن کاملDoS-Resistant Attribute-Based Encryption in Mobile Cloud Computing with Revocation
Security and privacy are very important challenges for outsourced private data over cloud storages. By taking Attribute-Based Encryption (ABE) for Access Control (AC) purpose we use fine-grained AC over cloud storage. In this paper, we extend previous Ciphertext Policy ABE (CP-ABE) schemes especially for mobile and resource-constrained devices in a cloud computing environment in two aspects, a ...
متن کاملMulticast Routing Authentication System using Advanced Tesla
The present strategies that reduce the delay associated with multicast authentication, make more efficient usage of receiver-side buffers, make delayed key disclosure authentication more resilient to buffer overflow denial of service attacks, and allow for multiple levels of trust in authentication. Throughout this base paper, the main focus of discussion will be on the popular multicast authen...
متن کاملEnhancing privacy of recent authentication schemes for low-cost RFID systems
Nowadays Radio Frequency Identification (RFID) systems have appeared in lots of identification and authentication applications. In some sensitive applications, providing secure and confidential communication is very important for end-users. To this aim, different RFID authentication protocols have been proposed, which have tried to provide security and privacy of RFID users. In this paper, we a...
متن کامل