Distillation Codes and Applications to DoS Resistant Multicast Authentication

We introduce distillation codes, a method for streaming and storing data. Like erasure codes, distillation codes allow information to be decoded from a sufficiently large quorum of symbols. In contrast to erasure codes, distillation codes are robust against pollution attacks, a powerful class of denial of service (DoS) attacks in which adversaries inject invalid symbols during the decoding process. We examine applications of distillation codes to multicast authentication. Previous applications of erasure codes to multicast authentication are vulnerable to low bandwidth pollution attacks. We demonstrate pollution attacks against previous approaches which prevent receivers from verifying any authentic packets. To resist pollution attacks, we introduce Pollution Resistant Authenticated Block Streams, which have low overhead and can tolerate arbitrary patterns of packet loss within a block up to a predetermined number of packets. In the face of 40Mb/s of attack traffic, PRABS receivers successfully authenticate the stream and consume only 10% of their CPU.