Performance Evaluation of Multicast Source Authentication Scheme

Mohan, Yogendra; Krishna, C. Rama; Singh, Karan

doi:10.1007/978-981-10-8536-9_38

Yogendra Mohan¹⁷,
C. Rama Krishna¹⁸ &
Karan Singh¹⁹

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 729))

1541 Accesses
2 Citations

Abstract

Multicast is a one to group communication. The applications of multicast are broadcasting stock quotes, videoconferencing, and software distribution. The deployment of efficient and secure communication mechanism is hindered because of the lack of security. There are various schemes such as simple hash scheme, hash tree scheme, and hash tree signature scheme. But these existing approaches also suffer from communication overhead and computation overhead. To solve the major problem of security concern is solved with support of source authentication mechanism. The purpose of our work is to evaluate the performance of multicast source authentication. The objectives of the proposed work are to reduce the communication overhead and computation cost of multicast communication system. The proposed work is implemented in QualNet 5.1.2.

Access provided by CONRICYT-eBooks. Download conference paper PDF

Integrated Approach for Multicast Source Authentication and Congestion Control

A Multicast Authentication Protocol (MAP) for Dynamic Multicast Groups in Wireless Networks

The Adaptive Multicast Data Origin Authentication Protocol

Keywords

1 Introduction

The large-scale development of Internet and use of electronics meant for communication resulted the new digital era of communication. The data or information can be sent to various network like unicast, broadcast, multicast, etc. In the case of unicast, there is one-to-one communication, while in case of broadcast one-to-all communication and in case of multicast the communication is between one source to a group of destinations. The demand of multipoint communications (multicast) among various parties is increasing. Unicast communications are overheaded and underutilized. Multicasting is increasing day by day for various applications such as video on demand (VoD), IPTv, broadcasting, and stock quotes. The multicast IP address is well known as class D. That is why, there are many security obstacles present in multicast. There is a need to maintain security goals to provide security at source and group ends. In multicast network, the source is not necessarily member of the group, so untrusted source may cause the rescuer deployment of the multicast services. Hash and digital signatures are the used for integrity [1], authentication, and non-repudiation. However, these mechanisms is used to design for point-to-point [2] transmission, and embedded in multicasting.

Multicast communication suffers from various challenges such as congestion, security threats, and addressing and the security threat is a biggest challenge in the multicast. This challenge is handled by source authentication and group authentication. Source authentication is main objective of proposed work. The researchers [3,4,5,6,7,8,9] have provided the mechanism for source authentication. The authors have used RSA [10, 11] for digital signature to achieve the source authentication [12], but existing mechanisms suffered from computation overhead and communication overhead. To solve these problems, we are proposing source authentication mechanism which is based on Elliptic Curve Cryptography Digital Signature Algorithm (ECDSA) [13, 14] for multicasting. The proposed approach is known as Elliptic Curve Cryptography Source Authentication (ECCSA).

2 Related Works

The literature possess several approaches and models for providing source authentication in multicast communication. The issues and challenges in the area of multicast security are described in this section existing multicast source authentication protocol such as simple off-line chaining, tree chaining, EMSS, and HMSA are described with their advantages and disadvantages.

In Hash chaining [9] scheme, the working of sender and receiver are described below into the blocks [15] then the hash of the first block is computed and signs the hash of the first block. The technique of the hash chaining scheme, sender first divides message M into 4 blocks {B₁, B₂, B₃, B₄} then computes the hash of the first block, signs it, and transmit to each receiver.

In tree chaining [16, 17] scheme each packet carries the required authentication information so that each can be individually verifiable. In other words, even if n − 1 out of n packets are lost the authenticity of the single received packet can be verified. The stream is signed block by block.

Efficient Multi-chained Stream Signature (EMSS) [18, 19] scheme each packet of the stream is hash linked [20, 21] to many target packets. Even if some packets are lost; a received packet is verifiable if it remains a hash-link path that relates the packet to a signature packet. For a given packet, the EMSS chooses target packets randomly.

Jin et al. [22] proposed a hybrid approach (HMSA) in which hash tree and hash chaining scheme are combined. In this approach, the author has targeted on the main disadvantage that occurs with both the scheme.

This section explained the existing multicast source authentication protocol with non-repudiation [11] and their advantages and disadvantages. There is no scheme which will satisfy all the requirements for multicast source authentication. In the next section, a novel multicast source authentication with non-repudiation protocol hash redundancy mitigation scheme for multicast source authentication [23] is proposed which makes a tradeoff between communications overhead [24] and robustness [25] against the packet loss.

3 Proposed Method

Multicast communication suffers from various attacks such as distributed denial of service (DDoS) [26, 27], Message modification [25], replay attacks [28], and eavesdropping [29]. The attacker uses the source as data transmitter or it works as a source of data because multicast IP address [30] are well known to everyone. There is a need to provide a mechanism which protects the source of multicast communication and mechanism is known as multicast source authentication (MSA). This subsection is providing the procedure for packet generation procedure [31] and packet verification [32] procedure as follows:

Sender Side

Packet Generation Procedure: M is a message of any size and message is divided into blocks. The block size may be 2, 4, 8, 16, 32, 64, and 128(packets) (Fig. 1).

Hash Generation: The main arguments of the proposed work are based on following procedure.

Sender generates H_ij (i = 1 and j = 1to 8) of first block root hash [H₁₁₈] by using packet hashes H₁₁, H₁₂, H₁₈ and hashes of the internal node. Similarly for others blocks.
Sender signed over root hash of the first block.
Sender sends signed hash of first block root to each receiver
Sender sends first packets P₁₁ of block one with packet ID, sibling hashes of current packet path to root (H₁₂, H₁₃₄, and H₁₅₈) and second block root hash [H₁₁₈].
Sender sends the second packet with only first packet hash value h₁₁. Because it uses to generate root hash of the value H₁₁. Because it is used to generate root hash of the sender side.
Now, Sender sends the P₁₃ with H₁₄ and H₁₂ only and uses the stored values to generate the root of the first block.
Sender sends the P₁₄ with only H₁₃.
Now, sender sends packets P₁₅, P₁₆, P₁₇, and P₁₈ according to step 4, 5, 6 and 7. So sender sends P₁₅ with a sibling (H_16, H₁₇₈, H₁₁₈) with second block root [H₁₁₈], P₁₆ with H₁₅ and P₁₇ with H₁₈+H₁₅₆.
Repeat all steps for n − 1 block and with last block no need to send the signature root packet.

Signature Generation & Distribution: Associate the root hash (H) of packet Pi with signature and does the following:

Choose a random number k (integer) between 1 to N − 1.
Generate Hash (P)
Generate the curve point k ·G = (a, b)
Generate e = a mod N. If e = 0 then go back to step 1
Generate \( d = (k^{ - 1} )\left( {h_{l} + ed_{a} } \right)\bmod \,N \). if \( d = 0, \) then go to step 1.
Sender’s signature for the root hash of packet Pi is the pair of integers (e, d).

Receiver Side

To verify Sender signature (e, d) on H: Receiver associated with public key C_a does the following:

Verify that e and d are integers between 1 to (N − 1)
Generate h = H(m)
Generate \( t = (d^{ - 1} ) \, \text{mod}\, N \)
Generate \( v1 = h_{l} t\, \text{mod}\, N \) and \( v2 = et\, \text{mod}\, N \)
Generate curve point x \( v1G + v2 \) C_a
If a = 0, then reject the signature, \( v = a\, \text{mod}\, N \)
Accept the signature if v = e.

Digest Regeneration and Verification of Root Hash

Receivers first receive the signed hash root of the first block.
Receivers unsigned the root hash and store it.
Receivers receive packet P₁₁ and compute H₁₁.
Now regenerate the hash root of the first block with help of H₁₂, H₁₃₄, H₁₅₈ and computed first block root hash [H₁₁₈].

Receivers verify the authentication of P₁₁, H₁₂, H₁₃₄, H₅₈ and second block hash of root, if stored root hash of block one is identical with the computed root hash of block one (Fig. 2).

Receivers store the value H₁₂, H₁₃₄, H₁₅₆; second block root hash [H₁₁₈].
Receivers get P₁₂ along with previous packet hash, i.e., H₁₁ then it computes the hash [33] of packet P₁₁ and generates first block root hash with the help of store hashes. If computed first block root hash H₁₁₈ is identical with stored first block root H₁₁₈, so source is authentic along with packet P₂.
Same way receiver received packet P₃, P₄ and with the help of stored value of hash to generate the first block root hash H₁₁₈. The proposed work flow chart is given in Fig. 3.

4 Result Analysis and Discussion

We use QualNet simulator version 5.0 to simulate our work. QualNet simulator provides wide a variety of simulations

A platform that can predict wireless wired and mixed platform network and networking device performance.

4.1 Parameters Used

There are following parameters used for implementation of the work are shown in Table 1.

Table 1 List of implementation parameters

Full size table

4.2 Experimental Topology

The general scenario of multicast is shown in Fig. 4. In this topology, there is one source and there are eight receivers. Source needs to send packet only once then in the network cloud there are many numbers of routers which makes a copy of the packet and send to its neighbor routers. Finally, packet is reached to the end router which makes many copies of packet as the number of receivers in a particular multicast group then transmit the packet to that entire receiver.

4.3 Result Analysis

There are many schemes [34, 35] discussed in literature survey and they used the RSA for source authentication for multicasting. According to NIST recommendation, achieving 128-bit security means that the RSA key should be at least 3072 bits although the same security can be provided using Elliptic Curve Cryptography Digital Signature Algorithm (ECDSA) [36] with the key of 256 bits. Hence the key size has been reduced.

Effect of Packet Size on Computation Time

It can be observed from the Fig. 5 that the computation time in case of HTS is highest and computation time SHS and HTSS are approximately equal and greater than ECCSA scheme.

Effect of Packet Size on Computation Time

It can be observed from the Fig. 6 that the computation time in case of HTS is highest and computation time SHS and HTSS are approximately equal and greater than ECCSA scheme.

Effect of Packet Size on Communication Overhead

It can be observed from the Fig. 7 that the communication overhead is less than SHS, HTS, and HTSS.

Effect of Packet Size on Verification Rate

It can be observed from the Fig. 8 that the verification rate of ECCSA is greater than the HTS [37] but less than HTSS and SHS. The verification rate is a little bit less but the other advantage of ECCSA schemes is less communication overhead because the ECCSA scheme did not send the redundant data through the channel.

Effect of Packet Size on Communication Overhead

Figure 8 shows the comparative result of existing schemes and purposed scheme. The base of comparison is communication overhead on block size 16 (packets). It can be observed from the graph that the communication overhead is less than the SHS, HTS and HTSS.

5 Conclusions

The multicast source authentication technique known as Elliptic Curve Cryptography Source Authentication is proposed. This approach is a combination of two different algorithms which perform its operation according to network conditions. This scheme is used to reduce the computation overhead and communication overhead and the scheme have less communication overhead as compared to SHS, HTS, and HTSS.

The proposed work is for wired multicast communication model but rapid growth of wireless communication and wireless-based application like military application, software updates, audio, video conferencing, intelligent houses etc. force us to deploy the techniques for multicast source authentication with non-repudiation which can efficiently work on wired as well as wireless (heterogeneous) environment.

References

Challal Y, Bettahar H, Bouabdallah (2004) A taxonomy of multicast data origin authentication: issues and solutions. IEEE Comm Surveys Tutorials 6(3):34–57
Article Google Scholar
Wang Q, Nahrstedt K (2009) Time valid one-time signature for time-critical multicast data authentication. In: IEEE INFOCOM, Rio de Janeiro
Google Scholar
Balasubramanian K, Roopa R (2012) HTSS: hash tree signature scheme for multicast authentication. IJCA proceedings on international conference in recent trends in computational methods, communication and controls (ICON3C), no 6, pp 28–32, Apr 2012
Google Scholar
Berbecaru D, Albertalli L, Lioy A (2010) The forward diffusion scheme for multicast authentication. IEEE/ACM Trans Netw 18(6):1855–1868
Article Google Scholar
Perrig A, Canetti R, Song D, Tygar J (2001) Efficient and secure source authentication for multicast. In: Proceedings of network and distributed system security symposium (NDSS-2001), vol 1, pp 35–46
Google Scholar
Park JM, Chong E, Siegel H (2002) Efficient multicast packet authentication using signature amortization. In: Proceedings of the IEEE symposium on research in security and privacy, pp 227–240
Google Scholar
Lin IC, Sung CC (2010) An efficient source authentication for multicast based on Merkle hash tree. In: Proceedings of international conference on intelligent information hiding and multimedia signal processing (IIH-MSP-2010), pp 5–8, Oct 2010
Google Scholar
Perrig A, Tygar JD, Song D, Canetti R (2000) Efficient authentication and signing of multicast streams over lossy channels. In: IEEE Symposium on Security and Privacy, pp 56–73
Google Scholar
Perrig A, Tygar JD et al (2001) Efficient and secure source authentication for multicast. In: Internet society network and distributed system security, pp 35–46
Google Scholar
ElKabbany GF, Aslan HK (2012) Efficient design for the implementation of Wong-Lam multicast authentication protocol using two-levels of parallelism. IJCSI Int Comput Sci Issues 9(3, 1), May 2012
Google Scholar
Hou A, Yang S et al (2009) Secure elliptic curve generating algorithm over GF. Comput Eng 23:138–140
Google Scholar
Park JM, Siegel JM et al (2002) Efficient multicast packet authentication using signature amortization. In: IEEE Symposium on Security and Privacy
Google Scholar
Chan A (2003) A graph-theoretical analysis of multicast authentication. In: 23rd international conference on distributed computing systems
Google Scholar
Shiv kumar S, Umamaheswari G (2014) Certificate authority schemes using elliptic curve cryptography, rsa and their variants simulation using Ns2. Am J Appl Sci 11(2):171–179
Article Google Scholar
Sridevi J, Mangaiyarkarasi R (2011) Efficient multicast packet authentication using digital signature. Int J Comput Appl® (IJCA). In: International Conference on Emerging Technology Trends (ICETT)
Google Scholar
Jin-xin, Zhou ZG et al (2007) A hybrid and efficient scheme of multicast source authentication. In: Eighth ACIS international conference on software engineering, artificial intelligence networking and parallel/distributed computing, vol 2, pp 123–125
Google Scholar
Suri SS, Varghese G (2001) A lower bound for multicast key distribution. In: Proceedings of IEEE INFOCOM, pp 422–431, Apr 2001
Google Scholar
Eltaief H, Youssef H (2010) RMLCC: recovery-based multi-layer connected chain mechanism for multicast source authentication. In: 35th annual IEEE conference on local computer networks, Colorado
Google Scholar
Wong CK, Gouda M, Lam SS (1998) Secure group communications using key graph. In: Proceedings of the ACM SIGCOMM’98, Canada, pp 68–79, Sept 1998
Article Google Scholar
Boneh D, Franklin M et al (2001) Lower bounds for multicast message authentication. Eurocrypt, LNCS (2045):437–452
Google Scholar
Borella M, Swider D, Uludag S, Brewster G (1998) Internet packet loss: measurement and implications for end-to-end Qos. In: International conference on parallel processing, Aug 1998
Google Scholar
Gennaro R, Rohatgi P (2001) How to sign digital streams. Inf Comput
Article MathSciNet Google Scholar
Pannetrat A, Molva R (2003) Efficient multicast packet authentication. In: Proceedings of the ISOC network and distributed system security symposium, pp 251–262, Feb 2003
Google Scholar
Qing-Hai A, Lu X et al (2012) Research on design principles of elliptic curve public key cryptography and its implementation. In: International conference on computer science and service system 2012
Google Scholar
Perrig A, Canetti R, Tygar JD, Song D (2004) Efficient authentication and signing of multicast streams over lossy channels. In: Proceeding IEEE symposium on security and privacy (SP ’00), pp 56–75, Feb 2004
Google Scholar
Solum E, Chakravarthy R (2009) Modular over-the-wire configurable security forlonglived critical infrastructure monitoring systems. In: Proceedings of 3rd ACM international conference on distributed event-based systems (DEBS 2009), Nashville, TN, July 2009
Google Scholar
Choi S (2005) Denial-of-service resistant multicast authentication protocol with prediction hashing and one-way key chain. In: Seventh IEEE international symposium on multimedia (ISM ’05), Dec 2005
Google Scholar
Bergadano F, Crispo B et al (2002) Individual authentication in multiparty communications. Comput Secur 21(8):719–735
Article Google Scholar
Canetti R, Pinkas B et al (1999) Multicast security: a taxonomy and ecient constructions. INFOCOM
Google Scholar
Hauser CH, Thanigaina than Manivannan et al (2012) Evaluating multicast message authentication protocols for use in wide area power grid data delivery services. In: 45th Hawaii international conference on system sciences
Google Scholar
Zhou Y, Fang Y (2007) Multimedia broadcast authentication based on batch signature. IEEE Comm Magazine 45(8):72–77
Article Google Scholar
FeiJia and Mario Gerla (2010) Group-based secure source authentication protocol for VANETs. Workshop on Heterogeneous, Multi-hop Wireless and Mobile Networks, IEEE
Google Scholar
Challal Y, Bouabdallah A (2004) A taxonomy of multicast data origin authentication: issues and solutions. IEEE Commun Surv Tutorials—COMSUR 6(1–4):34–57
Article Google Scholar
Bergadano F, Crispo B (2000) Individual single source authentication on the MBone. In: IEEE international conference on multimedia and expo
Google Scholar
Fuloria F, Alvarez F (2010) The protection of substation communications. In Proceedings of SCADA security scientific symposium, Jan 2010
Google Scholar
Bai Z, Yang H, Zhang W (2011) Study on fast implementation of prime-field ECC. Commun Technol 12(87–89):92
Google Scholar
Pang S, Liu S, Cong F, Yao Z (2011) An efficient scalar multiplication algorithm on montgomery-form elliptic curve. Acta Electronica Sinica 04:865–868
Google Scholar

Download references

Author information

Authors and Affiliations

CSED, NERIST, Nirjuli, 791109, Arunachal Pradesh, India
Yogendra Mohan
NITTTR, Chandigarh, 160019, India
C. Rama Krishna
School of Computer & Systems Sciences, Jawaharlal Nehru University, New Delhi, 110067, India
Karan Singh

Authors

Yogendra Mohan
View author publications
You can also search for this author in PubMed Google Scholar
C. Rama Krishna
View author publications
You can also search for this author in PubMed Google Scholar
Karan Singh
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yogendra Mohan .

Editor information

Editors and Affiliations

Department of Computer Science, Aligarh Muslim University, Aligarh, Uttar Pradesh, India
M. U. Bokhari
National Institute of Financial Management, Faridabad, Haryana, India
Namrata Agrawal
Bharati Vidyapeeth’s College of Engineering (BVCOE), New Delhi, India
Dharmendra Saini

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Mohan, Y., Krishna, C.R., Singh, K. (2018). Performance Evaluation of Multicast Source Authentication Scheme. In: Bokhari, M., Agrawal, N., Saini, D. (eds) Cyber Security. Advances in Intelligent Systems and Computing, vol 729. Springer, Singapore. https://doi.org/10.1007/978-981-10-8536-9_38

Download citation

DOI: https://doi.org/10.1007/978-981-10-8536-9_38
Published: 28 April 2018
Publisher Name: Springer, Singapore
Print ISBN: 978-981-10-8535-2
Online ISBN: 978-981-10-8536-9
eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics