MABS: Multicast Authentication Based on Batch Signature

Conventional block-based multicast authentication schemes overlook the heterogeneity of receivers by letting the sender choose the block size, divide a multicast stream into blocks, associate each block with a signature, and spread the effect of the signature across all the packets in the block through hash graphs or coding algorithms. The correlation among packets makes them vulnerable to packet loss, which is inherent in the Internet and wireless networks. Moreover, the lack of Denial of Service (DoS) resilience renders most of them vulnerable to packet injection in hostile environments. In this paper, we propose a novel multicast authentication protocol, namely MABS, including two schemes. The basic scheme (MABS-B) eliminates the correlation among packets and thus provides the perfect resilience to packet loss, and it is also efficient in terms of latency, computation, and communication overhead due to an efficient cryptographic primitive called batch signature, which supports the authentication of any number of packets simultaneously. We also present an enhanced scheme MABS-E, which combines the basic scheme with a packet filtering mechanism to alleviate the DoS impact while preserving the perfect resilience to packet loss.

传统的基于块的多播认证方案忽略了接收者的异质性，让发送者选择块的大小，将多播流分成块，将每个块与签名相关联，并通过哈希图或编码算法将签名的效果传播到块中的所有分组。分组之间的相关性使得它们容易受到分组丢失的影响，这是互联网和无线网络中固有的。此外，拒绝服务（DoS）弹性的缺乏，使他们中的大多数容易受到恶意环境中的数据包注入。本文提出了一种新的组播认证协议MABS，包括两个方案。基本方案（MABS-B）消除了数据包之间的相关性，从而提供了完美的恢复数据包丢失，它也是有效的延迟，计算和通信开销，由于一个有效的密码原语称为批签名，它支持任何数量的数据包的认证同时。我们还提出了一个增强的计划MABS-E，它结合了基本计划的数据包过滤机制，以减轻拒绝服务的影响，同时保持完美的弹性数据包丢失。