DaTA -- Data-Transparent Authentication Without Communication Overhead

2006 Securecomm and Workshops Pub Date : 2006-08-01 DOI:10.1109/SECCOMW.2006.359567

Songqing Chen, Shiping Chen, Xinyuan Wang, S. Jajodia

{"title":"DaTA -- Data-Transparent Authentication Without Communication Overhead","authors":"Songqing Chen, Shiping Chen, Xinyuan Wang, S. Jajodia","doi":"10.1109/SECCOMW.2006.359567","DOIUrl":null,"url":null,"abstract":"With the development of Internet computing techniques, continuous data streams from remote sites are commonly used in scientific and commercial applications. Correspondingly, there is increasing demand of assuring the integrity and authenticity of received data streams. Existing strategies of assuring data integrity and authenticity mainly use message authentication codes (MAC) generated on data blocks and transfer the MAC to the receiver for authentication through either out of band communication or in band communication. Transferring the MAC via out of band communication inevitably introduces communication overhead and additional complexity to synchronize the out of band communication with the data communication. Transferring the MAC via in band channel can be achieved by either appending the MAC to the original data or embedding the MAC into the original data, which would either incur communication overhead or change the original data. It would be desirable to be able to authenticate the stream data without any communication overhead and changing the original data at the same time. To deal with data packet or block loss, many of existing stream data authentication schemes rely on hash chaining, the current usage of which results in uncertainty in authenticating the subsequent data blocks once the first data packet or block loss is detected. In this paper, we propose a novel application layer authentication strategy called DaTA. This authentication scheme requires no change to the original data and causes no additional communication overhead. In addition, it can continue authenticating the rest of data stream even if some data loss has been detected. Our analysis shows that our authentication scheme is robust against packet loss and network jitter. We have implemented a prototype system to evaluate its performance. Our empirical results show that our proposed scheme is efficient and practical under various network conditions","PeriodicalId":156828,"journal":{"name":"2006 Securecomm and Workshops","volume":"17 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2006-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2006 Securecomm and Workshops","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SECCOMW.2006.359567","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

Abstract

With the development of Internet computing techniques, continuous data streams from remote sites are commonly used in scientific and commercial applications. Correspondingly, there is increasing demand of assuring the integrity and authenticity of received data streams. Existing strategies of assuring data integrity and authenticity mainly use message authentication codes (MAC) generated on data blocks and transfer the MAC to the receiver for authentication through either out of band communication or in band communication. Transferring the MAC via out of band communication inevitably introduces communication overhead and additional complexity to synchronize the out of band communication with the data communication. Transferring the MAC via in band channel can be achieved by either appending the MAC to the original data or embedding the MAC into the original data, which would either incur communication overhead or change the original data. It would be desirable to be able to authenticate the stream data without any communication overhead and changing the original data at the same time. To deal with data packet or block loss, many of existing stream data authentication schemes rely on hash chaining, the current usage of which results in uncertainty in authenticating the subsequent data blocks once the first data packet or block loss is detected. In this paper, we propose a novel application layer authentication strategy called DaTA. This authentication scheme requires no change to the original data and causes no additional communication overhead. In addition, it can continue authenticating the rest of data stream even if some data loss has been detected. Our analysis shows that our authentication scheme is robust against packet loss and network jitter. We have implemented a prototype system to evaluate its performance. Our empirical results show that our proposed scheme is efficient and practical under various network conditions

查看原文本刊更多论文

数据——没有通信开销的数据透明认证

随着互联网计算技术的发展，来自远程站点的连续数据流被广泛用于科学和商业应用。相应的，对保证接收数据流的完整性和真实性的要求也越来越高。现有的数据完整性和真实性保证策略主要是利用数据块上生成的消息认证码(message authentication code, MAC)，通过带外通信或带内通信将MAC传递给接收方进行认证。通过带外通信传输MAC不可避免地引入了通信开销和同步带外通信与数据通信的额外复杂性。通过带内信道传输MAC可以通过将MAC附加到原始数据或将MAC嵌入到原始数据中来实现，这要么会增加通信开销，要么会改变原始数据。希望能够在没有任何通信开销和同时更改原始数据的情况下对流数据进行身份验证。为了处理数据包或数据块丢失，许多现有的流数据认证方案依赖于哈希链，目前的使用导致在检测到第一个数据包或数据块丢失后对后续数据块的认证存在不确定性。本文提出了一种新的应用层认证策略DaTA。此身份验证方案不需要更改原始数据，也不会造成额外的通信开销。此外，即使检测到某些数据丢失，它也可以继续对数据流的其余部分进行身份验证。分析表明，该认证方案对丢包和网络抖动具有较强的鲁棒性。我们已经实现了一个原型系统来评估它的性能。实证结果表明，该方案在各种网络条件下都是有效和实用的

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2006 Securecomm and Workshops

自引率

0.00%

发文量