02-05-2011, 11:26 AM
Reducing Delay and Enhancing DoSResistance in Multicast Authentication
Through Multigrade Security
IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 1, NO. 2,
Language java
Abstract—
Many techniques for multicast authentication employethe principle of delayed key disclosure. These methods introducedelay in authentication, employ receiver-side buffers, and are susceptibleto denial-of-service (DoS) attacks. Delayed key disclosureschemes have a binary concept of authentication and do not incorporate
any notion of partial trust. This paper introduces staggeredtimed efficient stream loss-tolerant authentication (TESLA), amethod for achieving multigrade authentication in multicastscenarios that reduces the delay needed to filter forged multicastpackets and, consequently, mitigates the effects of DoS attacks.Staggered TESLA involves modifications to the popular multicastauthentication scheme, TESLA, by incorporating the notion of
multilevel trust through the use of multiple, staggered authenticationkeys in creating message authentication codes (MACs) fora multicast packet. We provide guidelines for determining theappropriate buffer size, and show that the use of multiple MACsand, hence, multiple grades of authentication, allows the receiverto flush forged packets quicker than in conventional TESLA. Asa result, staggered TESLA provides an advantage against DoSattacks compared to conventional TESLA. We then examine twonew strategies for reducing the time needed for complete authentication.In the first strategy, the multicast source uses assuranceofthetrustworthiness of entities in a neighborhood of the source,in conjunction with themultigradeauthenticationprovidedbystaggered TESLA. The second strategy achieves reduced delay byintroducing additional key distributors in the network