Open AccessProceedings Article
DoS Protection for Reliably Authenticated Broadcast.
TLDR
A protocol is introduced that overcomes barriers and provides a simple and efficient scheme for authenticating broadcast packet communications based on a new technique called selective verification, and is analyzed theoretically, experimentally, and architecturally.Abstract:
Authenticating broadcast packet communications poses a challenge that cannot be addressed efficiently with public key signatures on each packet, or securely with the use of a pre-distributed shared secret key, or practically with unicast tunnels. Unreliability is an intrinsic problem: many broadcast protocols assume that some information will be lost, making it problematic to amortize the cost of a single public key signature across multiple packets. Forward Error Correction (FEC) can compensate for loss of packets, but denial of service risks prevent the naive use of both public keys and FEC in authentication. In this paper we introduce a protocol, Broadcast Authentication Streams (BAS), that overcomes these barriers and provides a simple and efficient scheme for authenticating broadcast packet communications based on a new technique called selective verification. We analyze BAS theoretically, experimentally, and architecturally.read more
Citations
More filters
Journal ArticleDOI
Mitigating DoS attacks against broadcast authentication in wireless sensor networks
Peng Ning,An Liu,Wenliang Du +2 more
TL;DR: This paper presents an efficient mechanism called message-specific puzzle to mitigate DoS attacks against signature-based or μTESLA-based broadcast authentication, which adds a weak authenticator in each broadcast packet, which can be efficiently verified by a regular sensor node, but takes a computationally powerful attacker a substantial amount of time to forge.
Journal ArticleDOI
Flexible, extensible, and efficient VANET authentication
TL;DR: This work proposes a new hybrid authentication mechanism, VANET authentication using signatures and TESLA++ (VAST), that combines the advantages of ECDSA signatures and tesLA++, and introduces a new certificate verification strategy that prevents denial of service attacks while requiring zero additional sender overhead.
Journal ArticleDOI
DDoS defense by offense
TL;DR: This paper presents the design, implementation, analysis, and experimental evaluation of speak-up, a defense against application-level distributed denial-of-service (DDoS), in which attackers cripple a server by sending legitimate-looking requests that consume computational resources.
Proceedings ArticleDOI
Flooding-resilient broadcast authentication for VANETs
Hsu-Chun Hsiao,Ahren Studer,Chen Chen,Adrian Perrig,Fan Bai,Bhargav R. Bellur,Aravind V. Iyer +6 more
TL;DR: Two efficient broadcast authentication schemes, Fast Authentication (FastAuth) and Selective Authentication (SelAuth) are proposed, as two countermeasures to signature flooding, and can make VANETs practical.
Proceedings ArticleDOI
Multicast authentication in fully adversarial networks
TL;DR: This work describes an efficient and scalable authentication scheme that is based on a novel combination of error-correcting codes with standard cryptographic primitives, and proves the security of the scheme and analyzes its performance in terms of the computational effort at the sender and receiver and the communication overhead.
References
More filters
Book
The Theory of Error-Correcting Codes
TL;DR: This book presents an introduction to BCH Codes and Finite Fields, and methods for Combining Codes, and discusses self-dual Codes and Invariant Theory, as well as nonlinear Codes, Hadamard Matrices, Designs and the Golay Code.
Book ChapterDOI
Probability Inequalities for sums of Bounded Random Variables
TL;DR: In this article, upper bounds for the probability that the sum S of n independent random variables exceeds its mean ES by a positive number nt are derived for certain sums of dependent random variables such as U statistics.
RTP: A Transport Protocol for Real-Time Applications
TL;DR: RTP provides end-to-end network transport functions suitable for applications transmitting real-time data over multicast or unicast network services and is augmented by a control protocol (RTCP) to allow monitoring of the data delivery in a manner scalable to large multicast networks.
Journal ArticleDOI
On the security of public key protocols
Danny Dolev,Andrew Chi-Chih Yao +1 more
TL;DR: Several models are formulated in which the security of protocols can be discussed precisely, and algorithms and characterizations that can be used to determine protocol security in these models are given.