Loss-Tolerant Stream Authentication via Configurable Integration of One-Time Signatures and Hash-Graphs

  • Alwyn Goh
  • G. S. Poh
  • David C. L. Ngo
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2828)


We present a stream authentication framework featuring preemptive one-time signatures and reactive hash-graphs, thereby enabling simultaneous realisation of near-online performance and packet-loss tolerance. Stream authentication is executed on packet aggregations at three levels ie: (1) GM chaining of packets within groups, (2) WL star connectivity of GM authenticator nodes within meta-groups, and (3) signature m-chaining between meta-groups. The proposed framework leverages the most attractive functional attributes of the constituent mechanisms ie: (1) immediate verifiability of one-time signatures and WL star nodes, (2) robust loss-tolerance of WL stars, and (3) efficient loss-tolerance of GM chains; while compensating for various structural characteristics ie: (1) high overhead of one-time signatures and WL stars, and (2) loss-intolerance of the GM chain authenticators. The resultant scheme can be operated in various configurations based on: (1) ratio of GM chain to WL star occurence, (2) frequency of one-time signature affixation, and (3) redundancy and spacing of signature-chain.


Signature Scheme Communication Overhead Motion Picture Expert Group Packet Aggregation Simultaneous Realisation 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Gennaro, R., Rohatgi, P.: How to Sign Digital Streams. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 180–197. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  2. 2.
    Wong, C.K., Lam, S.S.: Digital Signatures for Flows and Multicasts, Comp Sc Tech Rep TR-98-15, U Texas at Austin (1998), Also in IEEE ICNP 1998Google Scholar
  3. 3.
    Golle, P., Modadugu, N.: Authenticating Streamed Data in the Presence of Random Packet Loss. In: ISOC Network and Distributed System Security Symp., pp. 13–22 (2001)Google Scholar
  4. 4.
    Rohatgi, P.: A Compact and Fast Hybrid Signature Scheme for Multicast Packet Authentication and Others Protocols. In: 6th ACM Conf. on Comp. and Comms Security, pp. 93–100 (1999)Google Scholar
  5. 5.
    Perrig, A., Canetti, R., Tygar, J.D., Song, D.: Efficient Authentication and Signing of Multicast Streams over Lossy Channels. In: IEEE Symp. on Security and Privacy, pp. 56–73 (2000)Google Scholar
  6. 6.
    Miner, S., Staddon, J.: Graph-based Authentication of Digital Streams. In: IEEE Symp. on Security and Privacy (2001)Google Scholar
  7. 7.
    Perrig, A.: The BiBa One-Time Signature and Broadcast Authentication Protocol. In: 8th ACM Conf. on Comp. and Comms Security, pp. 28–37 (2001)Google Scholar
  8. 8.
    Paxson, V.: End-to-end Internet Packet Dynamics. IEEE/ACM Trans. on Networking 7, 277–292 (1999)Google Scholar
  9. 9.
    Borella, M., Swider, D., Uludag, S., Brewster, G.: Internet Packet Loss: Measurement and Implications for End-to-end QoS. In: Intl. Conf. Parallel Processing (1998)Google Scholar
  10. 10.
    Even, S., Goldreich, O., Micali, S.: On-line/Off-line Digital Signatures. J. Cryptology 9(1), 35–67 (1996)MathSciNetCrossRefzbMATHGoogle Scholar
  11. 11.
    Merkle, R.C.: A Digital Signature based on a Conventional Encryption Function. In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 369–378. Springer, Heidelberg (1988)Google Scholar
  12. 12.
    Merkle, R.C.: A Certified Digital Signature. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 218–238. Springer, Heidelberg (1990)Google Scholar
  13. 13.
    Goldwasser, S., Micali, S., Rivest, R.: A Digital Signature Scheme Secure Against Adaptive Chosen Message Attack. Siam J. Comp. 17(2), 281–308 (1988)MathSciNetCrossRefzbMATHGoogle Scholar
  14. 14.
    Rabin, M.O.: Digital Signatures and Public-Key Functions as Intractable as Factorization. Comp. Sc. Tech. Rep. MIT/LCS/TR-212, MIT (1979)Google Scholar
  15. 15.
    Poh, G.S.: Loss-Tolerant Stream Authentication Based on One-Time Signatures and Hash- Graphs. Comp. Sc. Masters Thesis, University Sains MalaysiaGoogle Scholar

Copyright information

© IFIP International Federation for Information Processing 2003

Authors and Affiliations

  • Alwyn Goh
    • 1
  • G. S. Poh
    • 2
  • David C. L. Ngo
    • 3
  1. 1.Corentix LaboratoriesPetaling JayaMalaysia
  2. 2.MimosTechnology Park MalaysiaKuala LumpurMalaysia
  3. 3.Faculty of Information Science & TechnologyMultimedia UniversityMelakaMalaysia

Personalised recommendations