 |
Secure Broadcast Authentication
|
|
|
Broadcast authentication
enables receivers of to verify that
received messages originated with the claimed
source and were not modified en-route. The
problem becomes more complex in common
settings where other receivers of the data are
untrusted, and where lost packets are not
retransmitted.
We propose several
approaches for secure broadcast
authentication and signature, including TESLA,
EMSS, MESS, and BiBa.
|
|
TESLA broadcast authentication
The TESLA protocol
leverages loose time synchronization between
the sender and receivers to provide highly
efficient broadcast authentication that only
relies on purely symmetric cryptographic
primitives. The asymmetry required for
secure broadcast authentication is achieved
through the use of one-way functions and the
(current) impossibility of time travel.
TESLA is described in
detail in our book, which has also been
translated into Japanese.
|
|
 Papers
Perrig, Adrian, Ran Canetti, Dawn Song, and Doug Tygar.
"The TESLA Broadcast Authentication Protocol."
In RSA Cryptobytes, Summer 2002.
[ PDF ]
Perrig, Adrian, Ran Canetti, Dawn Song, and Doug Tygar.
"Efficient and Secure Source Authentication for Multicast."
In Proceedings of
the Network and Distributed System Security
Symposium (NDSS), San Diego,
California, February 2001.
[ PDF ]
Perrig, Adrian, Ran Canetti, Dawn Song, and Doug Tygar.
"Efficient
Authentication and Signing of Multicast Streams over Lossy
Channels."
In Proceedings of
the IEEE Symposium on Security and
Privacy, Oakland, California, May
2000.
[ PDF ]
Source Code
Use of our TESLA
source code is at your own risk.
|
|
The Seven Cardinal Properties
We investigate the design space of
sensor network broadcast authentication. We show that prior approaches
can be organized based on a taxonomy of seven fundamental proprieties,
such that each approach can satisfy at most six of the seven
proprieties. An empirical study of the design space reveals
possibilities of new approaches, which we present in the following two
new authentication protocols: RPT and LEA. Based on this
taxonomy, we offer guidance in selecting the most appropriate protocol
based on an application's desired proprieties. Finally, we pose the
open challenge for the research community to devise a protocol
simultaneously providing all seven properties.
|
|
Papers
Luk, Mark, Adrian Perrig, and Bram Whillock.
"Seven Cardinal Properties of
Sensor Network Broadcast Authentication."
Fourth ACM Workshop on Security of
Ad Hoc and Sensor Networks (SASN 2006), Alexandria, Virginia,
October 30, 2006.
[ PDF ]
|
|
EMSS and MESS
EMSS and MESS are broadcast signature
protocols. The original EMSS protocol is
described in our Oakland paper, and the MESS
protocol (essentially EMSS with randomized
links) is described in our book.
|
|
Papers
Perrig, Adrian, Ran Canetti, Dawn Song, and Doug Tygar.
"Efficient
Authentication and Signing of Multicast Streams over Lossy
Channels."
In Proceedings of
the IEEE Symposium on Security and
Privacy, Oakland, California, May
2000.
[ PDF ]
|
|
BiBa
The Bins and Balls (BiBa) signature is an
efficient signature scheme that can be used
in conjunction with hash chains to form an
efficient broadcast signature mechanism. The
HORS signature by Reyzin and Reyzin
represents a substantial optimization over
BiBa, and the one-way chain tricks presented
in the BiBa paper also apply to the HORS
signature.
|
|
Papers
Perrig, Adrian.
"The BiBa One-Time
Signature and Broadcast Authentication Protocol ."
In Proceedings of
the ACM Conference on Computer and
Communications Security (CCS),
Philadelphia, Pennsylvania, November
2001.
[ PDF ]
|
|
Contact Us
|
|
|
Carnegie Mellon University 
