International Journal of Engineering Trends and Technology- Volume3Issue3- 2012
EFFICIENT SIGNATURE SCHEMES BASED ON MABS
(MULTICAST AUTHNETCATION BASED ON BATCH SIGNATURE)
S.Backyalakshmi 1
Dr.V.PalanisamyMCA., M.Tech.,P.hd 2
M.Phil Scholar
Head of the department, Associate professor
Dept of computer science &engg
Dept of computer science &engg
Alagappa University
Alagappa University
Karaikudi-630 003
Karaikudi-630 003
primitive called the batch signature, it
ABSTRACT:
In
Traditional
Multicast
is
an
provides efficient latency, computation and
internet work service that provides efficient
communication
delivery of data from a source to multiple
signature scheme called MABS-E combines
receivers.
the basic scheme MABS-B and a packet
It
requirements
reduces
the
the
network
of
bandwidth
and
the
filtering
mechanism
computational overhead of the host devices.
injection.
Digital
Key words:
signature
provides
authenticity,
overhead.
to
An
tolerate
Authentication, Signature.
of applications in everywhere computing
1. INTRODUCTION
Existing
digital
signature
schemes are computationally expensive; the
ideal approach of signing and verifying each
packet
independently
raises
a
serious
challenge to resource constrained devices. In
order to
reduce
computation
overhead,
conventional schemes use efficient signature
algorithms and are vulnerable to packet
injection by malicious Here, MABS can
achieve perfect resilience to packet loss in
lossy channels in the sense that no matter how
many packets are lost, the already received
packets can still be authenticated by receivers.
Basic scheme MABS-B reduces the packet loss
by
eliminating the relationship between
packets, and due to its efficient cryptographic
ISSN: 2231-5381
packet
Multicast,
integrity and non-repudiation to many kinds
environment.
enhanced
Multicast [1] is an efficient method to
deliver multimedia content from a sender to a
group of receivers and is gaining popular
applications such as real time stock quotes,
interactive games, video conference, live video
broadcast, or video on demand. Authentication is
the act of confirming the truth of an attribute of a
datum
or
authentication
entity.
Basically,
may provide
the
multicast
following
security services, Data Integrity, Data origin
authentication, Non repudiation. All the three
services can be supported by an asymmetrickey
technique called signature. In an ideal case, the
sender generates a signature for each packet with
its private key, which is called signing, and each
receiver checks the validity of the signature with
http://www.internationaljournalssrg.org
Page 334
International Journal of Engineering Trends and Technology- Volume3Issue3- 2012
the sender’s public key, which is called
1. Our MABS can achieve perfect resilience to
verifying. If the verification succeeds, the
packetloss in lossy channels in the sense that no
receiver knows the packet is authentic.
matterhow many packets are lost the already-
Generally, there are following issues in
real world
challenging
the
design. First,
received packets can still be authenticated by
receivers.
efficiency needs to beconsidered, especially for
2. MABS-B is efficient in terms of less
receivers. Second, packet loss is inevitable. In
latency,computation,
the Internet, congestion at routers is a major
overhead. ThoughMABS-E is less efficient than
reason causing packet loss. Though TCP
MABS-B since itincludes the DoS defense.
provides
retransmissioncapability,
3. We propose two new batch signature schemes
multicast content is mainly transmitted over
basedon BLS and DSA and show they are
UDP, which does not provide any loss recovery
moreefficient than the batch RSA [5] signature
support. In mobile environments, the situation is
scheme.
a
certain
and
communication
even worse. Recently, we demonstrated that
batch signature schemes can be used to improve
2. RELATED WORK
the performance of broadcast authentication [2],
Efficiency and packet loss resilience
[3]. In this paper, we present ourcomprehensive
can hardly be supported simultaneously by
study on this approach and propose a novel
conventional multicast schemes. As is well
multicast authentication protocol called MABS
known that existing digital signature algorithms
(in short forMulticast Authentication based on
are
Batch Signature). MABSincludes two schemes.
approach of signing and verifying each packet
The basic scheme (called MABS-Bhereafter)
independently raises a serious challenge to
utilizes
asymmetric
resource-constrained devices. Another problem
cryptographicprimitive called batch signature
with schemes in is that they are vulnerable to
[5], [6], [7], which supports theauthentication of
packet injection by malicious attackers.
an
efficient
any number of packets simultaneouslywith one
signature
verification,
to
An
attacker
expensive,
may
the
ideal
compromise
a
the
multicast system by intentionally injecting
efficiencyand packet loss problems in general
forged packets to consume receivers’ resource,
environments.
scheme (called
leading to Denial of Service (DoS). Compared
MABS-E hereafter) combinesMABS-B with
with the efficiency requirement and packet loss
packet filtering to alleviate the DoS impactin
problems, the DoS attack is not common, but it
hostile environments. MABS provides data
is still important in hostile environments [3].
integrity,
and
Schemes in that follow the ideal approach of
nonrepudiation as previous asymmetric key
signing and verifying each packet individually,
based
but reduce the computation overhead at the
Theenhanced
origin
protocols.
address
computationally
authentication,
In
addition,
thefollowing contributions:
we
make
sender by using one-time signatures or k-time
signatures. They are suitable for RSA which is
ISSN: 2231-5381
http://www.internationaljournalssrg.org
Page 335
International Journal of Engineering Trends and Technology- Volume3Issue3- 2012
expensive on signing while cheap on verifying.
wireless networks. The correlation among
For each packet, however, each receiver needs to
packets can incur additional latency. Consider
perform one more verification on its one-time or
the high layer application needs new data from
k-time signature plus one ordinary signature
the low layer authentication module in order to
verification.
sender a smooth video stream possible that the
packets buffered at the low layer authentication
Graph chaining was studied in which, a
module are not verifiable because the correlated
multicast stream is divided into blocks and each
packets, especially the block signatures, have not
block is associated with a signature. In each
been received to the client user. It is desirable
block, the hash of each packet is embedded into
that the lower layer authentication module
several other packets in a deterministic or
delivers authenticated packets to the high layer
probabilistic way. The hashes form a graph, in
application at the time when the high layer
which each path links a packet to the block
application needs new data.
signature. Each receiver verifies the block
In the per-packet signature design it is
signature and authenticates all the packets
through the paths in the graph. In this paper, we
not a problem, since each packet can be
independently verifiable at any time. In view of
focus on the signature approach.
the problems regarding the sender-favored blockbased approach, we conceive a receiver-oriented
3. PROPOSED WORK
approach
by
taking
into
account
the
Our target is to authenticate multicast
heterogeneity of the receivers. In order to fulfill
streams from a sender to multiple receivers.
the requirement, the basic scheme MABS-B uses
Generally, the sender is a powerful multicast
an efficient cryptographic primitive called batch
server managed by a central authority and can be
signature
trustful. The sender signs each packet with a
verifying the signatures of any number of
signature and transmits it to multiple receivers
packets it can input them into an algorithm.
through
a
multicast
routing
which
supports
simultaneously
protocol.
Authenticating a multicast stream can be
PROCEDURE
achieved
1. Given a batch of packets that have been signed
by
signing
and
verifying
each
packet[4]. However, the per-packet signature
by the sender, Batch Verify() outputs True.
design
high
2. Given a batch of packets including some
computation cost they do reduce the computation
unauthentic packets, the probability that Batch
cost, but also introduce new problems.
Verify() outputsTrue is very low.
has
been
criticized
for
its
The
computation
complexity
of
Batch
The block design builds up correlation
Verify()comes with the fact that there are some
among packets and makes them vulnerable to
additional cost on processing multiple packets.
packet loss, which is inherent in the Internet and
The merit of batch signature is that the batch size
ISSN: 2231-5381
http://www.internationaljournalssrg.org
Page 336
International Journal of Engineering Trends and Technology- Volume3Issue3- 2012
is chosen by each receiver, which can optimize
proved in that when all the messages are distinct,
its own batch size, so that the batch size will not
batch RSA is resistant to signature forgery as
be unmanageably large. In order to show the
long as the underlying RSA algorithm is secure.
merit
of
signature
preaggregation,
we
implemented batch signature by using our Batch-
3.2. Merle tree
BLS as an example.
We present an enhanced scheme called
MABS-E, which combines the basic scheme
MABS-B uses per-packet signature
instead
of
per-block
signature
and
thus
MABS-E and a packet filtering mechanism to
tolerate packet injection.
In particular, the
eliminates the correlation among packets. The
sender attaches each packet with a mark, which
packet independency makes MABS-B perfect
is unique to the packet and cannot be spoofed.
resilient to packet loss. The Internet and wireless
At each receiver, the multicast stream is
channels tend to be lossy due to congestion or
classified into disjoint sets based on mark. Merle
channel instability, where packets can be lost
tree used to generate marks the sender constructs
according to different loss models, such as
a binary tree for eight packets. Each leaf is a
random loss or burst loss. In MABS-B, however,
hash of one packet. Each internal node is the
no matter how many packets are lost, the already
hash value on the concatenation of its left and
received packets can still be authenticated by
right children.
each receiver.
constructed as the set of the siblings of the nodes
For each packet, a mark is
along the path from the packet to the root.
3.1 Batch RSA Signature
4. PERFORMANCE EVALUATION
RSA is a very popular cryptographic
algorithm in many security protocols. In order to
use RSA, a sender chooses two large random
primes P and Q to get N =PQ, and then
calculates two exponents e,d∑*
N
such that ed =
1 mod ф(N), where ф (N) =(P -1)(Q -1). The
sender publishes (e,N) as its public key and
keeps d in secret as its private key. A signature
of a message m can be generated as σ = (h (m)) d
mod N, where h () is a collision-resistant hash
function. The sender sends {m, σ} to a receiver
that can verify the authenticity of the message m
by checking σ e =h(m) mod N. Before the batch
In this section, we evaluate MABS
performance in terms of resilience to packet loss,
efficiency, and DoS resilience. As we discussed
before, MABS does not assume any particular
underlying signature algorithm. This is also true
for all theliterature multicast authentication
schemes referenced in this paper. Therefore, all
the discussions and evaluations of MABS and
the literature works in Section 4.1 and Section
4.2are under the assumption that they are using
the same underlying signature algorithm. The
discussion of signature algorithms is in Section
4.3.
verification, the receiver must ensure all the
messages are distinct. Otherwise batch RSA is
vulnerable to the forgery attack.
ISSN: 2231-5381
It has been
http://www.internationaljournalssrg.org
Page 337
International Journal of Engineering Trends and Technology- Volume3Issue3- 2012
4.1 Resilience to Packet Loss
Computational Overhead of Different Batch
We use simulations to evaluate the resilience to
Schemes
packet loss. The metric here is the verification
rate, i.e., the ratio of the number of authenticated
packets to the number of received packets.We
Schemes
Sender
(per
packets)
1E
1E
2M
compare MABS with some well-known loss
tolerant
schemesEMSS
(AugChain) PiggyBack
augmented
chain
tree chain (Tree) and
SAIDA . These schemes are representatives of
graph chaining, tree
Batch RSA
Batch BLS
Batch DSA
(E-modular
Receiver(per
packets)
n
1 E+(2n-2)M
2 P+(2n-2)M
2 E+3n M
exponentiation.M-modular
multiplication.P-pairing.)
Chaining, and erasure coding schemes and are
widely used in performance evaluation in the
literature.
algorithm MD5 [9] and SHA-1 [10] and the
4.2 Efficiency
We
consider
communication
We also compare the length of two popular hash
signature length of
latency,
computation,
overhead
for
and
efficiency
evaluation under lossy channels and DoS
channels.
three signature algorithms in Table 2.
Given the same security level as 1,024-bit RSA,
BLS generates a 171-bit signature and DSA
generates a 320-bit signature. It is clear that by
4.3 Comparisons of Signature Schemes
using
Schemes
MD5
SHA-1
RSA
BLS
DSA
We compare the computation overhead of three
batch signature schemes in Table 1. RSA and
BLS require one modular exponentiation at the
sender
and
DSA
requires
two
modular
multiplications when r value is computed offline.
Usually one c-bit modular exponentiationis
equivalent to 1.5c modular multiplications over
Length(bits)
128
160
1024
171
320
or
BLS
DSA,
MABS can
achieve
more
bandwidth efficiency than using RSA, and could
be even more efficient than conventionalschemes
using a large number of hashes.
the same field. Moreover, a c-bit modular
exponentiation in DLP is equivalent to ac/6bit
5. CONCLUSION
modular exponentiation in BLSfor the same
security level. Therefore, we can estimate thatthe
computation overhead of one 1,024-bit RSA
signing operation is roughly equivalent to that of
768 DSA signing operations (1,536 modular
multiplications) and that of 6 BLS signing
operations (each one is corresponding to255
modular multiplications).
Table 1
ISSN: 2231-5381
While
transmitting
data
in
a
network, existing system faces some problems
like
signature
verification,
congestion,
computing block size, vulnerability to packet
loss and lack of resilience to denial of service
(DoS) attack. To overcome these problems
related research papers have been studied. A
novel authentication scheme called MABS
isused in the proposed system. MABS will be a
http://www.internationaljournalssrg.org
Page 338
International Journal of Engineering Trends and Technology- Volume3Issue3- 2012
perfect solution to packet loss due to the
can only be applied for text files. So a new and
elimination of the correlation among packets and
efficient
can effectively deal with DoS attack. Moreover,
Cryptography (ECC) which can also applied for
the use of batch signature can achieve the
other files like ppt,pdffiles,etc can be used.
efficiency comparable with the conventional
Finally, we further develop two new batch
schemes. Finally,
signature schemes based on BLS which are more
further
two new batch
signature schemes based on BLS and DSA are
algorithm
called
Elliptic
Curve
efficient than batch RSA signature scheme.
developed which are more efficient than the
batch RSA signature scheme. RSA algorithm
6. REFERENCES
1. S.E. Deering, “Multicast Routing in Internetworks and
Extended LANs,” Proc. ACM SIGCOMM Symp. Comm.
Architectures and Protocols, pp. 55-64, Aug. 1988
2. Y. Zhou and Y. Fang, “BABRA: Batch-Based Broadcast
Authentication in Wireless Sensor Networks,” Proc. IEEE
GLOBECOM, Nov. 2006.
3. Y. Zhou and Y. Fang, “Multimedia Broadcast
Authentication Based on Batch Signature,” IEEE Comm.
Magazine, vol. 45, no. 8, pp. 72-77, Aug. 2007.
4. P. Judge and M. Ammar, “Security Issues and Solutions in
Mulicast Content Distribution: A Survey,” IEEE Network
Magazine, vol. 17, no. 1, pp. 30-36, Jan./Feb. 2003.
5. R.L. Rivest, A. Shamir, and L. Adleman, “A Method for
Obtaining
Digital
Signatures
and
Public-Key
Cryptosystems,” Comm. ACM, vol. 21, no. 2, pp. 120-126,
Feb. 1978.
6. L. Harn, “Batch Verifying Multiple RSA Digital
Signatures,” IEE Electronic Letters, vol. 34, no. 12, pp. 12191220, June 1998.
7. M. Bellare, J.A. Garay, and T. Rabin, “Fast Batch
Verification for
Modular Exponentiation and Digital
Signatures,” Proc. Advances in Cryptology (EUROCRYPT
’98), pp. 236-250, May 1998
8. S. Even, O. Goldreich, and S. Micali, “On-Line/Offline
Digital Signatures,”
J. Cryptology, vol. 9, pp. 35-67, 1996.
9. R. Rivest, “The MD5 Message-Digest Algorithm,” RFC
1319, Apr.
1992.
10. D. Eastlake and P. Jones, “US Secure Hash Algorithm 1
(SHA1),”
RFC 3174, Sept. 2001.
BIOGRAPHY
S.BACKYA LAKSHMI
Ms.S.BACKYA LAKSHMI is a Research scholar in the Department of Computer Science and
Engineering, Alagappa University, Karaikudi, Tamilnadu, India. She has received her M.Sc in Computer
Science from Alagappa University,Karaikudi, Tamilnadu in the year of 2011. She has presented her work
in International and National level conferences. Her areas ofresearch interests include network security.
Dr.V.PALANISAMY
Prof. Dr V.PALANISAMY is working as an Associate Professor in the Department of
Computer Science and Engineering, Alagappa University, Karaikukdi, Tamilnadu.
ISSN: 2231-5381
http://www.internationaljournalssrg.org
Page 339