Signature Amortization Technique for Authenticating Delay Sensitive Stream



Similar documents
Overview of CSS SSL. SSL Cryptography Overview CHAPTER

The Feasibility of SET-IBS and SET-IBOOS Protocols in Cluster-Based Wireless Sensor Network

Overview. SSL Cryptography Overview CHAPTER 1

Improved Online/Offline Signature Schemes

Implementation and Comparison of Various Digital Signature Algorithms. -Nazia Sarang Boise State University

Network Security. Gaurav Naik Gus Anderson. College of Engineering. Drexel University, Philadelphia, PA. Drexel University. College of Engineering

How encryption works to provide confidentiality. How hashing works to provide integrity. How digital signatures work to provide authenticity and

MANAGING OF AUTHENTICATING PASSWORD BY MEANS OF NUMEROUS SERVERS

Introduction to Computer Security

Flexible Deterministic Packet Marking: An IP Traceback Scheme Against DDOS Attacks

Message Authentication Codes

IMPLEMENTATION OF RESPONSIBLE DATA STORAGE IN CONSISTENT CLOUD ENVIRONMENT

Journal of Electronic Banking Systems

A NEW APPROACH TO ENHANCE SECURITY IN MPLS NETWORK

Practice Questions. CS161 Computer Security, Fall 2008

Authentication requirement Authentication function MAC Hash function Security of

Capture Resilient ElGamal Signature Protocols

Message authentication and. digital signatures

Lukasz Pater CMMS Administrator and Developer

Cryptographic hash functions and MACs Solved Exercises for Cryptographic Hash Functions and MACs

Digital Signatures. Meka N.L.Sneha. Indiana State University. October 2015

Video Authentication for H.264/AVC using Digital Signature Standard and Secure Hash Algorithm

SECURITY ANALYSIS OF PASSWORD BASED MUTUAL AUTHENTICATION METHOD FOR REMOTE USER

RIGOROUS PUBLIC AUDITING SUPPORT ON SHARED DATA STORED IN THE CLOUD BY PRIVACY-PRESERVING MECHANISM

SECURE AND EFFICIENT PRIVACY-PRESERVING PUBLIC AUDITING SCHEME FOR CLOUD STORAGE

A SECURE DATA TRANSMISSION FOR CLUSTER- BASED WIRELESS SENSOR NETWORKS IS INTRODUCED

Network Security. Security Attacks. Normal flow: Interruption: 孫 宏 民 Phone: 國 立 清 華 大 學 資 訊 工 程 系 資 訊 安 全 實 驗 室

Network Security. Computer Networking Lecture 08. March 19, HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

DATA SECURITY IN CLOUD USING ADVANCED SECURE DE-DUPLICATION

Ranked Keyword Search Using RSE over Outsourced Cloud Data

Keywords Cloud Storage, Error Identification, Partitioning, Cloud Storage Integrity Checking, Digital Signature Extraction, Encryption, Decryption

Authentication, digital signatures, PRNG

Chapter 6 Electronic Mail Security

Overview of Cryptographic Tools for Data Security. Murat Kantarcioglu

Recommendation for Applications Using Approved Hash Algorithms

Group Security Model in Wireless Sensor Network using Identity Based Cryptographic Scheme

Single Sign-On Secure Authentication Password Mechanism

SECURITY IN NETWORKS

Secure File Transfer Using USB

Security Considerations for Intrinsic Monitoring within IPv6 Networks: Work in Progress

Security Strength of RSA and Attribute Based Encryption for Data Security in Cloud Computing

SINGLE SIGN-ON MECHANISM FOR DISTRIBUTED COMPUTING SECURITY ENVIRONMENT

Index Terms: Cloud Computing, Cloud Security, Mitigation Attack, Service Composition, Data Integrity. 1. Introduction

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

CIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives

Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography

Strengthen RFID Tags Security Using New Data Structure

Cryptography and Network Security Chapter 11. Fourth Edition by William Stallings


Security over Cloud Data through Encryption Standards

Outline. Computer Science 418. Digital Signatures: Observations. Digital Signatures: Definition. Definition 1 (Digital signature) Digital Signatures

Understanding and Integrating KODAK Picture Authentication Cameras

A Comprehensive Data Forwarding Technique under Cloud with Dynamic Notification

Paper-based Document Authentication using Digital Signature and QR Code

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Message Authentication

A PERFORMANCE EVALUATION OF COMMON ENCRYPTION TECHNIQUES WITH SECURE WATERMARK SYSTEM (SWS)

Network Security (2) CPSC 441 Department of Computer Science University of Calgary

Secure Alternate Viable Technique of Securely Sharing The Personal Health Records in Cloud

Digital Signatures. Murat Kantarcioglu. Based on Prof. Li s Slides. Digital Signatures: The Problem

CSCE 465 Computer & Network Security

Lecture 9: Application of Cryptography

CRYPTOGRAPHY IN NETWORK SECURITY

An Efficient Security Based Multi Owner Data Sharing for Un-Trusted Groups Using Broadcast Encryption Techniques in Cloud

Efficient Framework for Deploying Information in Cloud Virtual Datacenters with Cryptography Algorithms

An Efficient Multi-Keyword Ranked Secure Search On Crypto Drive With Privacy Retaining

HASH CODE BASED SECURITY IN CLOUD COMPUTING

How To Secure Cloud Computing, Public Auditing, Security, And Access Control In A Cloud Storage System

SECURE CLOUD STORAGE PRIVACY-PRESERVING PUBLIC AUDITING FOR DATA STORAGE SECURITY IN CLOUD

Improving data integrity on cloud storage services

Secure Group Oriented Data Access Model with Keyword Search Property in Cloud Computing Environment

Digital Signature Standard (DSS)

A Secure Intrusion Avoidance System Using Hybrid Cryptography

Efficient Unlinkable Secret Handshakes for Anonymous Communications

Electronic Mail Security. Security. is one of the most widely used and regarded network services currently message contents are not secure

Cryptography and Network Security Chapter 9

Surveying Cloud Storage Correctness using TPA with BLS

Key Hopping A Security Enhancement Scheme for IEEE WEP Standards

ARCHIVED PUBLICATION

Chapter 37. Secure Networks

Chapter 7: Network security

AN RC4 BASED LIGHT WEIGHT SECURE PROTOCOL FOR SENSOR NETWORKS

SECURITY STORAGE MODEL OF DATA IN CLOUD Sonia Arora 1 Pawan Luthra 2 1,2 Department of Computer Science & Engineering, SBSSTC

Application of Automatic Variable Password Technique in Das s Remote System Authentication Scheme Using Smart Card

Fighting product clones through digital signatures

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

Cryptography and Network Security Chapter 12

A novel deniable authentication protocol using generalized ElGamal signature scheme

IMPROVED SECURITY MEASURES FOR DATA IN KEY EXCHANGES IN CLOUD ENVIRONMENT

MESSAGE AUTHENTICATION IN AN IDENTITY-BASED ENCRYPTION SCHEME: 1-KEY-ENCRYPT-THEN-MAC

A Secure Decentralized Access Control Scheme for Data stored in Clouds

Secure Way of Storing Data in Cloud Using Third Party Auditor

Network Security Technology Network Management

Transcription:

Signature Amortization Technique for Authenticating Delay Sensitive Stream M Bruntha 1, Dr J. Premalatha Ph.D. 2 1 M.E., 2 Professor, Department of Information Technology, Kongu Engineering College, Perundurai, Erode. EMAIL ID:bruntha027@gmail.com, premalatha1969@yahoo.com Abstract-A Content Distribution Network (CDN) is a collection of large number of server deployed in different area across the internet. CDN serves end-users with high availability of content and high performance. It mainly supports application like ecommerce, live digital streaming media, on demand streaming media, etc. In such application end-users involve with very low tolerance for high latency, low data rate, varying communication overhead. The Existing work use Digital Signature technique to authenticate delay sensitive streams which does not overcome the above mentioned requirements. In the proposed work, a security mechanism known as Trapdoor hash based signature amortization technique is implemented. This authenticates individual data blocks in a stream and the signature is generated using DL-SA signature scheme. The proposed technique provide high tolerance for loss of intermediate blocks, higher signing and verification rate, limited communication overhead. Keyword- Signature amortization, trapdoor hash function, content distribution, digital signature. I. INTRODUCTION A Content Distribution Network (CDN) is a collection of large number of server deployed in different area across the internet. The main goal of a CDN is to serve content to end-users with high availability and high performance. It provides large content over the internet and mainly supports application like ecommerce, live digital streaming media, on demand streaming media, etc. In addition to high availability and performance, CDN provides protection of data while transmitting from the unauthorized user and monitor their access. Streaming media is multimedia that provides data to the end-user constantly while being delivered by a provider. A client receives a part of a data before the entire file has been transmitted. To deliver such Streaming content over the internet a content distribution network is used to distribute and deliver the content. In a streaming application end-users involve with very low tolerance for high latency, low data rate, varying communication overhead. A. Digital Signature A Digital Signature is mainly used for authenticating a digital message or document. A valid digital signature provides an assurance to end users that the message was created by a sender, such that the sender cannot deny having sent the message and that the message was not altered during transmission. Digital Signature employs a public key cryptography where a private key along with message is used to provide a signature, public key along with message and signature is used to perform a signature verification where the message is either accepted or rejected for authentication. B. Network Security Services Network security is mainly used to protect data and monitor unauthorized access of the user over network. Network provides a various services to protect data. 1. Authentication Authentication is used to confirm the truth of a data or entity. Authentication done by message encryption is the process of encoding the entire message using the private key. An encryption algorithm is used for encoding. Authentication done by Message Authentication Code (MAC) is the process of generating code and that code is encrypted using private key. MAC is used to authenticate a message and to provide integrity and authenticity assurances on the message. Integrity assurances detect changes in message, while authenticity assurances affirm the message origin. Authentication done by Hash function is the process of generating a hash value and this value is used to authenticate the message. Hash functions are primarily used to generate fixed-length output data for the original data of variable length. 2. Authorization Authorization is the process of verifying the access rights of the user. The process of authorization is distinct from that of authentication. A client whose authentication request is approved becomes authorized to access the data. PSG Polytechnic College, Coimbatore (ISO 9001 Certified Institution), Tamil Nadu, INDIA. Page 41

3. Access control Authorization is done with help of access control. Access to data is therefore usually controlled by insisting on an authentication procedure to establish with some degree of confidence, the identity of the user, granting privileges established for that identity. C. Cryptographic Hash Function A cryptographic hash function is a hash function that takes an arbitrary block of data and returns a fixed-size bit string called the cryptographic hash value. Hash value is also called as message digest. If any changes made to the data it automatically changes the hash value. D. One Way Hash Function A One-way function is a function that maps a domain into a range such that every function value has a unique inverse, with the condition that the calculation of the function i.e easy whereas the calculation of the inverse is infeasible. Y=f(X) easy X=f -1 (Y) infeasible Easy is defined to mean a problem that is solved in polynomial time as a function of input length. A problem is infeasible if the effort to solve it grows faster than polynomial time as a function of input size. E. Trapdoor Hash Function A trapdoor function is a function that is easy to compute in one direction, and difficult to compute in the opposite direction without special information, called the Trapdoor. Trapdoor functions are widely used in security purpose. It is one way and collision resistant hash function i.e given message m and hash value it is hard to find a message which is similar to original message such that both their hash value are same. Y=f k (X) easy, if k and X are known X=f -1 k (Y) easy, if k and Y are known X=f -1 k (Y) infeasible, if Y is known but k is not known F. Problem The existing authentication mechanism for stream poses various challenges. It require high signing rate and verification rate, requires limited communication overhead, and it must tolerate loss of intermediate blocks. The proposed trapdoor hash based signature amortization technique will tolerate out of order of arrival packet at the receiver side by comparing the hash value of individual block with any one of the previously received blocks hash value. It minimizes the delay in signing and verification of individual blocks by performing a fixed number of operations and limits the communication overhead by not appending the same authentication information in the subsequent blocks. PSG Polytechnic College, Coimbatore (ISO 9001 Certified Institution), Tamil Nadu, INDIA. Page 42 II. PROPOSED WORK The proposed signature amortization technique works by authenticating the initial block of a stream using a signature on trapdoor hash of the block s contents, and authenticating subsequent blocks of the stream by finding trapdoor collisions with the hash of the signed initial block. As long as the initial block containing the signature is reliably delivered and verified, the verifier authenticate any block in the stream by matching its trapdoor hash value with any previously computed trapdoor hash because all blocks in the stream hash to the same value, and thus, trapdoor hash of any arbitrary block in the stream is used for comparison during block verification. The proposed signature amortization technique is divided into two phases: Stream signing and Stream verification. The Stream signing phase, for initial block of content is done by first computing trapdoor hash value over the message. This hash value is then encrypted using private key to generate the signature which is used to authenticate the initial block. The signing for subsequent block of content is done by first computing the collision parameter r i. This parameter is used to authenticate the subsequent block only if the trapdoor hash value computed using this r i value matches any one of the previously computed hash value. Hence the sender, append only this r i parameter to the subsequent block and not the signature of the initial block. Because of this overhead is reduced when compared to On-line/Off-line technique where the signature of the initial block to append with the subsequent block also. The Stream verification phase, for initial block of content is done by first decrypting the signature using public key to get the hash value. Then the trapdoor hash value is computed for the received message. If both the hash value are same then the message is accepted, otherwise the block is dropped. The verification for the subsequent block is done by just computing the trapdoor hash value and comparing it with the hash value of any previously received hash value. Content modification attack, occur when an attacker on receiving the block from the sender, modifies the content of the message and pass it with all the other parameter as such to the receiver. Receiver on receiving this block easily identify that the block is attacked just by comparing the trapdoor hash value.

Even if this attacked block is dropped, the next immediate subsequent block passes the verification phase as it depends on any previously received hash value. This indicates that the packet loss is tolerated while authenticating a stream using signature amortization technique. The (trapdoor, hash) key pair is used to generate the trapdoor hash values for security purpose. Private keys are known only to sender and the public key is known to receiver. C. Fragmentation The stream is divided into blocks of 1024 byes in size. Initial block is authenticated by generating the signature and subsequent block is authenticated by generating collision with any other block. If stream is not a multiple of 1024 bytes then padding bits are added. The Fig.1 indicates the fragmentation of given message. Fig.3.1. Content Modification Attack Thus the proposed signature amortization technique has highly robustness against packet loss Fast signing and verification rate constant per-block communication overhead A. Parameter Generation Module Parameter generation allows entities to choose and agree upon common system public parameters params=<p,q,α,h,g>. Given the prime number p as input, the following public parameters are generated. q prime number (i.e) q p-1 α an element of order q in Z* p (i.e) α q modp=1 H,G cryptographic hash function. Z p group of elements (i.e){0,1,...,p-1} Z q group of elements (i.e) {0,1,...,q-1} Z* p subgroup of Z p (i.e){1,...,p-1} Z* q subgroup of Z q (i.e){1,...,q-1} B. Key Generation Module An entity uses the system public parameters (params) generated from parameter generation to generate two key pairs. (private,public) key pait (i.e) (SK,PK,)=(x,X) Where x є Z* q and X= α x є Z* p (trapdoor,hash) key pair (i.e) (TK 0,HK 0 )=(y 0,Y 0 ) Where y 0 є Z* q and Y 0 = α y0 є Z* p The (private, public) key pair is used to generate and verify the signature of each block of streams. Fig 3.2. Fragmentation D. Generation and verification of signature for Initial block 1. Signature generation The sender first computes trapdoor hash value using the initial block content.the hash value is encrypted using the private key (SK) of the sender to generate the signature(σ) as follows: a) Compute the (private,public) key pair (i.e) (k0,r0). b) The hash value =H(m 0 ǁY 0 ) for the initial block is taken as the mid value. c) Compute the trapdoor hash value (m 0,r 0 ) using d) Compute the signature by DL-Schnorr signature scheme (i.e) σ=<t,r 0 >. This signature is then appended to the content of the first block p 0 to generate the signed block p 0 =<m 0, σ >. 2. Signature verification The receiver on receiving the initial block generates the verification process to authenticate the first block. The hash value is obtained by decrypting the signature using the public key (PK). From the block p 0, <m 0, σ > is extracted and Trapdoor hash value is computed. Both the hash value is compared to authenticate. PSG Polytechnic College, Coimbatore (ISO 9001 Certified Institution), Tamil Nadu, INDIA. Page 43

Fig. 3.3. Generation and verification of signature for Initial block Fig 3.4. Generation and verification of signature for Subsequent block a) Compute =H(m 0 ǁY 0 ) for the received initial block. b) Compute trapdoor hash value (m 0,r 0 ). c) Compute r'. If r'=r 0, the block is valid and store (m 0,r 0 ). The Fig 3.3 indicates the Signature generation and verification for initial block E. Generation and verification of signature for subsequent block 1. Signature generation The sender to sign the subsequent block p i (i 1) with the content m i, computes the collision parameter r i which is used to authenticate the subsequent block by finding collision with any one of the previously generated hash value. a) Compute the (Trapdoor,Hash) key pair (i.e) (y i, Y i ) and store it. b) Compute the hash value =H (m i ǁY i ). c) Compute the collision parameter r i. The sender appends r i and Y i to the content of the subsequent block p i to generate the signed subsequent block p i =<m i,r i, Y i > 2. Signature verification The receiver on receiving the subsequent block p i (i 1) parse the block as <m i,r i, Y i > to store Y i and verify the block for authentication. Trapdoor hash value is computed and compared with any one of the previously received hash value. a) Retrieve (m 0,r 0 ). b) Compute hash value and trapdoor hash value (m i, r i ). c) Ckeck (m 0,r 0 )= (m i, r i ).if check do not fails the block is valid. The Fig 3.4 indicates the Signature generation and verification for subsequent block PSG Polytechnic College, Coimbatore (ISO 9001 Certified Institution), Tamil Nadu, INDIA. Page 44

III. RESULT ANALYSIS A. Comparison of signing and verification time The algorithm is executed for different file size like 1Kb and 2Kb and the generation and verification rate is compared. As the file size increase, the time also increase gradually. This is because, if the length of the file is larger, the number of blocks increases and the signing and verification process is done for each subsequent block. Fig. 5.1. comparison of signing and verification time The above graph shows the timing for signing is higher than the verification. This is because at the sender side fragmentation of file and parameter generation is done in addition to signature generation, whereas at the receiver side only the signature verification process is performed. IV. CONCLUSION An efficient authentication of live, on-demand content is a challenging task, and requires fast signing and verification, tolerance against transmission loss and small per-block communication overhead. The proposed trapdoor hash-based signature amortization technique meets these challenges to provide efficient authentication of delay sensitive streams in content distribution network. The DL-SA scheme was designed to reduce the signing and verification cost per block and use smallest pre-block communication overhead. REFERENCES [1] Shamir and Y. Tauman, Improved Online/Offline Signature Schemes, CRYPTO 01: Proc. 21st Ann. Int l Cryptology Conf., pp. 355-367, 2001. [2] C.K. Wong and S.S. Lam, Digital Signatures for Flows and Multicasts, IEEE/ACM Trans. Networking, vol. 7, no. 4, pp. 502-513, Aug. 1999. [3] C.-P. Schnorr, Efficient Signature Generation by Smart Cards, J. Cryptology, vol. 4, no. 3, pp. 161-174, 1991. [4] P. Rohatgi, A Compact and Fast Hybrid Signature Scheme for Multicast Packet Authentication, Proc. ACM Conf. Computer and Comm. Security (CCS), pp. 93-100, 1999. [5] X. Chen, F. Zhang, H. Tian, B. Wei, W. Susilo, Y. Mu, H. Lee, and K. Kim, Efficient Generic Online/Offline (Threshold) Signatures without Key Exposure, Information Sciences, vol. 178, no. 21, pp.4192-203,2008. [6] L. Harn, W.-J. Hsin, and C. Lin, Efficient Online/Offline Signature Schemes Based on Multiple-Collision Trapdoor Hash Families, The Computer J., vol. 53, no. 9, pp. 1478-1484, 2010. PSG Polytechnic College, Coimbatore (ISO 9001 Certified Institution), Tamil Nadu, INDIA. Page 45

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information