Signature Amortization Using Multiple Connected Chains

  • Qusai Abuein
  • Susumu Shibusawa
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3677)


Amortization schemes for authenticating streamed data have been introduced as a solution to reduce the high overhead that sign-each schemes suffer from. The hash chains structure of amortization schemes and the number of hash values appended to other packets affect the efficiency of the authentication scheme specially against packet loss. Which packets should have hashes appended to the signature packet and how many hashes to append to it have no solutions yet. This paper introduces a new hash chain construction to achieve longer resistance against packet loss and reduces the overhead. The proposed scheme consists of multiple connected chains, each chain links several packets together. Our scheme specifies clearly how to choose the packets that should have hashes appended to a signature packet, in addition to deriving their loss probability. We study the effect of the number of hashes that are appended to a signature packet on the overhead. We introduce a measure so as to know the number of packets receivers need to buffer until they can authenticate the received packets. The number of chains of our model plays a main role in the efficiency of our scheme in terms of loss resistance and overhead.


Multicast stream authentication hash chain signature amortization web security 


  1. 1.
    Rohatgi, P.: A compact and fast hybrid signature scheme for multicast packet authentication. In: Proc. of the 6th ACM Conf. on Computer and Communications Security (1999)Google Scholar
  2. 2.
    Jiang, W., Schulzrinne, H.: Modeling of packet loss and delay and their effect on real-time multimedia service quality. In: Proc. of 10th Int. Workshop on Network and Operations System Support for Digital Audio and Video (2000)Google Scholar
  3. 3.
    Perrig, A., Canetti, R., Tygar, J.D., Song, D.: Efficient authentication and signing of multicast streams over lossy channels. In: IEEE Symposium on Security and Privacy, pp. 56–73 (2000)Google Scholar
  4. 4.
    Wong, C.K., Lam, S.S.: Digital signatures for flows and multicasts. IEEE/ACM Trans. on Networking 7, 502–513 (1999)CrossRefGoogle Scholar
  5. 5.
    Golle, P., Modadugu, N.: Authenticating streamed data in the presence of random packet loss. In: Proc. of ISOC Network and Distributed System Security Symposium, pp. 13–22 (2001)Google Scholar
  6. 6.
    Gennaro, R., Rohatgi, P.: How to sign digital streams. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 180–197. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  7. 7.
    Chan, A.: A graph-theoretical analysis of multicast authentication. In: Proc. of the 23rd Int. Conf. on Distributed Computing Systems (2003)Google Scholar
  8. 8.
    Miner, S., Staddon, J.: Graph-based authentication of digital streams. In: Proc. of the IEEE Symposium on Research in Security and Privacy, pp. 232–246 (2001)Google Scholar
  9. 9.
    Alain, P., Refik, M.: Authenticating real time packet stream and multicast. In: Proc. of 7th IEEE Symposium on Computers and Communications (2002)Google Scholar
  10. 10.
    Park, J., Chong, E., Siegel, H.: Efficient multicast stream authentication using erasure codes. ACM Trans. on Information and System Security 6, 258 (2003)CrossRefGoogle Scholar
  11. 11.
    Cucinotta, T., Cecchetti, G., Ferraro, G.: Adopting redundancy techniques for multicast stream authentication. In: Proc. of the 9th IEEE Workshop on FTDCS (2003)Google Scholar
  12. 12.
    Perrig, A., Tygar, J.D.: Secure Broadcast Communication in Wired and Wireless Networks. Kluwer Academic Publishers, Dordrecht (2003)CrossRefGoogle Scholar
  13. 13.
    Stallings, W.: Cryptography and Network Security Principles and Practices. Prentice-Hall, Englewood Cliffs (2003)Google Scholar
  14. 14.
    Wong, C., Lam, S.: Digital signatures for flows and multicasts. Technical Report TR-98-15. Dept. of Computer Sciences, University of Texas at Austin (1998)Google Scholar
  15. 15.
    Lysyanskaya, A., Tamassia, R., Triandopoulos, N.: Multicast authentication in fully adversarial networks. In: Proc. of IEEE Symposium on Security and Privacy, pp. 241–255 (2004)Google Scholar
  16. 16.
    Abuein, Q., Shibusawa, S.: Efficient multicast authentication scheme using signature amortization. In: Proc. of the IASTED Int. Conf. on CIIT (2004)Google Scholar
  17. 17.
    Abuein, Q., Shibusawa, S.: New chain construction for multicast stream authentication. In: Proc. of the ICENCO Int. Conf. on NTIS (2004)Google Scholar
  18. 18.
    Sanneck, H., Carle, G., Koodli, R.: A framework model for packet loss metrics based on loss runlengths. In: SPIE/ACM SIGMM Multimedia Computing and Networking Conf. (2000)Google Scholar
  19. 19.
    Yajnik, M., Kurose, J., Towsley, D.: Packet loss correlation in the mbone multicast network. In: Proc. of IEEE Global Internet (1996)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2005

Authors and Affiliations

  • Qusai Abuein
    • 1
  • Susumu Shibusawa
    • 2
  1. 1.Graduate School of Science and EngineeringJapan
  2. 2.Department of Computer and Information SciencesIbaraki UniversityHitachi, IbarakiJapan

Personalised recommendations