A graph-theoretical analysis of multicast authentication

Message authentication is considered as a serious bottleneck to multicast security, particular for stream-type of traffic. The techniques of hash chaining and signature amortization have been proposed in many schemes for stream authentication, with or without multicast settings. However, none of them is optimal. They either have a large packet overhead or are not robust to packet loss. Some even have a large receiver delay and/or require a large receiver buffer size. These schemes are constructed based on ad hoc or trial-and-error methods. There lack tools to evaluate and compare their performances. There is no systematic way to construct these schemes either. In this paper, we introduce the notion of dependence-graphs which links these hash-chained schemes to the well-known graph theory, and provides an effective analytical tool to evaluate the performance of these schemes in the presence of packet loss. Many important metrics of a hash-chained authentication scheme can be readily and easily determined from the properties of its dependence-graph. As well, a dependencegraph demonstrates the design tradeoff between pairs of metrics. In fact, the application of dependence-graphs is not limited to analyzing hash-chained schemes, we show that with slight modifications a dependence-graph can be used to evaluate the performance of TESLA, a very efficient MAC-based scheme. Dependence-graphs also provide insights into constructing and optimizing hash-chained schemes.