有效率抵抗污染攻擊的多點傳送認證協定

Abstract

在每個多點傳送的封包加上數位簽章會耗費很多資源。為了減少安全性所帶來的花費，有人提出平攤產生簽章花費的方法。另一方面，為了容忍在多點傳送環境中封包遺失的情況，通常會加上容錯的編碼方法。 然而當攻擊者傳送不合法封包時，容錯的解碼流程會被搗亂，因而產生錯誤的資訊。這種攻擊方式被稱之為污染攻擊。目前解決污染攻擊的方法非常沒有效率，為了改善這個問題，我們提出了一個有效率解決污染攻擊的多點傳送認證協定。

Signing every multicast packet incurs high overhead. To reduce security overhead, signature amortization is proposed. On the other hand, to tolerate packet loss, erasure codes is used to enhance signature amortization. However, signature amortization is weak against pollution attack which occurs when an attacker injects packets to disturb the erasure decoding procedure, and consequently denies the service. Current solution to this pollution attack is heavyweight and inefficient. To cope with this problem, we propose a new lightweight, pollution-attack resistant multicast authentication scheme (PARM), which generates evidence for each packet that can validated by the receiver. This approach effectively resists pollution attacks and has better performance than previous proposed solutions.