Main Pjct Mabs

5/12/2018 Main Pjct Mabs - slidepdf.com

http://slidepdf.com/reader/full/main-pjct-mabs 1/12

MULTICAST AUTHENTICATION BASED

ON

BATCH SIGNATURE

Amritha Alex Panicker

Parvathy C

Sneha Anne Jacob



MABS

1

College of Engineering, Chengannur

1. Introduction

1.1 Introduction

Multicat is an efficient method to deliver multimedia content from a sender to a group of

receivers and is gaining po pular a pplications such as realtime stock quotes, interactive

games, video conference, live video broadcast, or video on demand. Authentication is one

of the critical to pics in securing multicast in an environment attractive to malicious attacks.

Basically, multicast authentication may provide the following security services:

1. Data integrity: Each receiver should be able to assure that received packets have not

been modified during transmissions.

2. Data origin authentication: Each receiver should be able to assure that each received

packet comes from the real sender as it claims.

3. No repudiation: The sender of a packet should not be able to deny sending the packet to

receiver in case there is a dis pute between the sender and receiver.

All the three services can be supported by an asymmetric key technique called signature. In

an ideal case, the sender generates a signature for each packet with its private key, which is

called signing, and each receiver checks the validity of the signature with the sender¶s

pu blic key, which is called verifying. If the verification succeeds, the receiver knows the

packet is authentic. Designing a multicast authentication protocol is not an easy task.

Generally, there are following issues in real world challenging the design. First, efficiency

needs to be considered, es pecially for receivers. Com pared with the multicast sender, which

could be a powerf ul server, receivers can have different ca pabilities and resources.

The receiver heterogeneity requires that the multicast authentication protocol be

able to execute on not only powerf ul deskto p com puters but also resource-constrained

mobile handsets. In particular, latency, com putation, and communication overhead are

major issues to be considered. Second, packet loss is inevitable. In the Internet, congestion

at routers is a major reason causing packet loss. An overloaded router dro ps buffered

packets according to its preset control policy. Though TCP provides a certain

retransmission ca pability, multicast content is mainly transmitted over UDP, which does not

provide any loss recovery support. In mobile



MABS

2


Designing a multicast authentication protocol is not an easy as, there are

following issues in real world challenging the design. First, efficiency needs to be

considered, es pecially for receivers. Second is the packet loss that ha ppens during the

im plementation phase. Therefore, for a pplications where the quality of service is critical to

end users, a multicast authentication protocol should provide a certain level of resilience to

packet loss. S pecifically, the im pact of packet loss on the authenticity of the already-

received packets should be as small as possible.

2 Software Requirement Specifications

2.1 Introduction

2.1.1 Purpose

This document s pecifies the requirements and s pecification set forth for Multicast

Authentication based on Batch Signature. Multicast Authentication based on Batch

Signature provides a framework for perfect resilence to data loss over a network. This

SRS document covers the entire project at this stage of develo pment. The final software will

have the features according to the document.

2.1.2 Scope

Conventional block-based multicast authentication schemes overlook the heterogeneity of

receivers by letting the sender choose the block size, divide a multicast stream into blocks,

associate each block with a signature, and s pread the effect of the signature across all the

packets in the block through hash gra phs or coding algorithms. The correlation among

packets makes them vulnerable to packet loss, which is inherent in the Internet and wireless

networks. We pro pose a novel framework, Multicast Authentication based on Batch

Signature to eliminate the correlation among packets and thus to provide the perfect

resilience to packet loss. Also we introduce an enhanced scheme which combines the basic

scheme with a packet filtering mechanism to alleviate the Denial-of-Service(DoS) im pact

while preserving the perfect resilience to packet loss.Multicast is an efficient method to

deliver multimedia content from a sender to a group of receivers and is gaining po pular

a pplications such as real-time stock quotes, interactive games, video conference, live video

broadcast, or video on demand.



MABS

3


2.1.3 Definitions,Acronyms and Abbrevations

MABS-Multicast Authentication based on Batch Signature

DoS-Denial-of-Service

DSA-Digital Signal Algorithm

BLS- Boneh±Lynn±Shacham signature

RSA- Rivest- Shamir-Adleman signature

2.1.4 Overview

The SRS document provides descri ption about the system requirements, interfaces, features

and f unctionalities.

2.2 General Description

2.2.1 Product Perspective

In the pro posed system multicast authentication protocol, namely MABS, the correlation

among packets is eliminated and thus it provides a perfect resilience to packet loss. It is also

efficient in terms of latency, com putation, and communication overhead due to an efficient

cry ptogra phic primitive called batch signature, which supports the authentication of any

number of packets simultaneously. We also present an enhanced scheme which combines

the basic scheme with a packet filtering mechanism to alleviate the DoS im pact while

preventing packet loss.

2.2.2 Product Function

In the pro posed system multicast authentication protocol, namely MABS, including two

schemes. The basic scheme (M

ABS-B) eliminates the correlation among p

ackets and thus

provides the perfect resilience to packet loss, and it is also efficient in terms of latency,

com putation, and communication overhead due to an efficient cry ptogra phic primitive

called batch signature, which supports the authentication of any number of packets

simultaneously. We also present an enhanced scheme MABS-E, which combines the basic



MABS

4


scheme with a packet filtering mechanism to alleviate the DoS im pact while preserving the

perfect resilience to packet loss.

2.2.3 User characteristics

The software has a user who will be registering in the Deskto p a pplication that we would be

develo ping. At this point he would be provided with a password. This password is being

stored in the database which is used for f urther login by the user . Users include:

y Clients who wish to access the facilities in a pplication

y MABS Admin

The user interface has to be develo ped in Netbeans IDE 6.9.1. The user has several o ptions

such as:

1. Registration

2. Signing

3. U pdating profile

4. Data transfer mode

5. View re port

2.2.4 General Constraints

1. There exists a client server communication. A high bandwidth communication is

necessary.

2. This system can be supported in only those systems which provide Java support.

2.2.5 Database Requirements

The list of clients along with login details of each user is maintained at the server in a

database which is accessed by the a pplication r unning at the server side.

2.2.6 Assumptions and Dependencies

y Pro per network connection is necessary between the com puters for the pro per working

of the system.

y Software must be installed at all the systems.



MABS

5


2.2.7 User Interface

The user interface is provided such that firstly the user has to login for using the

facilities provided by the a pplication. A hel p menu will also be provided in the main

window. A login o ption is provided where the user has to enter password. The password is

validated and the user gets access to the a pplication. O ptions for transferring, receiving and

re ports are provided in the a pplication. User is also provided with an o ption to change

password. After carrying out intended o perations user is logged out using logout o ption. A

hel p menu will be provided in the interface. This menu driven support facilitates user to

use the facilities provided by the software and describes the initial user how to move

through the a pplication.

2.3External Interface Requirements

2.3.1 Hardware and Software Requirements

Software Requirements

y Front end : Java

y Back end : My SQL

y O perating system : Windows

y IDE : Net Beans

Hardware Requirements

y Processor : Pentium IV OR Above

y Primary Memory : 256 MB RAM

y Storage : 40 GB Hard Disk

2.3.2 Functional Requirements

MABS can achieve perfect resilience to packet loss in lossy channels in the sense that no

matter how many packets are lost the already-received packets can still be authenticated by

receivers.MABS-B is efficient in terms of less latency, com putation, and communication

overhead. Though MABS-E is less efficient than MABS-B since it includes the DoS

defense, its overhead is still at the same level as previous schemes.Two new batch signature

schemes based on BLS and DSA are introduced



MABS

6


2.4 Non-Functional Requirements

2.4.1 Performance

The system is ex pected to fit according to the performance.It should use less memory and

should be easily accessible by user. Memory management should be done wisely so that

none of the memory goes wasted. The system should provide perfect resilience to packet

loss, and it is also efficient in terms of latency, com putation, and communication overhead

along with a secure multicast.

2.4.2 Maintainability

The a pplication will be designed in a manner that it is easy to modify the software system

later when required and to incor porate new requirements in the individual modules.

2.4.3 Security Requirements

The system is ex pected to give a secure multicast using batch signature along with a user

authenticated password protection to access the a pplication.

2.4.4 Portability

This a pplication will be develo ped using platform inde pendent java technology. Hence it

provides portability.

3. Data Flow Diagram

Context diagram

Context diagrams are used early in a project to get agreement on the sco pe under

investigation. Context diagrams are ty pically included in a requirements document. These

diagrams must be read by all project stakeholders and thus should be written in plain

language, so the stakeholders can understand items within the document.

It shows the system as a whole in its environment. It defines what/who will interact with the

system and the high-level of data/materials into/out of the system.



MABS

7


Level 0

Level 1



MABS

8


Level 2

Module Description

User Management:

A user is allowed to enter the a pplication after authentication of that particular user.

Users have to provide user name and password .If a particular user is not in the login table,

then he can¶t access the system .For unregistered users there is an o ption for signing.

After login the user will be provided with o ptions for broadcasting, unicasting and

multicasting data. The user will be provided with an inbox containing with files sent to the

user by others. User will also be provided with o ptions to join and unjoin multicast



MABS

9


groups. User can also add or remove others from multicast groups owned by him. Users will

be provided with re ports to review details of previous transmission.

Network Management :

Network management is concerned with division of data into packets, grouping of

packets into batches, encry ption of data, signature generation at the sender side and

detection of batches, decry ption of data, signature verification at the receiver side. It also

consists of generation of acknowledgement system for UDP packets, resending of

unacknowledged packets and detection of duplicate packets. Detection and prevention of

DoS attack is also the f unction of this module.

Various schemes:

Batch RSA

RSA is a very po pular cry ptogra phic algorithm in many security protocols. In order to use

RSA, a sender chooses two large random primes P and Q to get N=PQ, and then calculates

two ex ponents e, d such that ed=1mod(N), where (N)=(P-1)(Q-1). The sender pu blishes

(e, N) as its pu blic key and kee ps d in secret as its private key. A signature of a message m

can be generated as = (h(m))d mod N, where h( ) is a collision resistant hash f unction. The

sender sends {m,} to a receiver that can verify the authenticity of message m by checkinge = h(m) mod N.

Batch DSA

A DSA digital signature is com puted using a set of domain parameters, a private key x, a

per message secret number k , data to be signed, and a hash f unction. A digital signature is

verified using the same domain parameters, a pu blic key y that is mathematically associated

with the private key x used to generate the digital signature, data to be verified, and the

same hash f unction that was used during signature generation.

p= a prime modulus, where 2L±1 < p < 2L, and L is the bit length of p.

q =a prime divisor of ( p ± 1), where 2N±1 < q < 2 N, and N is the bit length of q.

g =a generator of the su bgroup of order q mod p, such that 1 < g < p.

x =the private key that must remain secret; x is a randomly or pseudo randomly generated

integer, such that 0 < x < q, i.e., x is in the range [1, q±1].



MABS

10


y =the pu blic key, where y = gx mod p.

k =a secret number that is unique to each message; k is a randomly or pseudo randomly

generated integer, such that 0 < k < q, i.e., k is in the range [1, q±1].

h() =a hash f unction.

Given message m, the signer generates a signature by randomly selecting an integer k with

0 < k < q. Com puting h = h(m). Com puting r = (gk mod p) mod q, and com puting s = rk ±

hx mod q. The signature for m is (r,s). The receiver can verify message m by first

com puting h=h(m) and then checking whether ((gsr-1 yhr-1) mod p) mod q = r

This is because if the packet is authentic, then

((gsr-1 yhr-1) mod p) mod q =((g(s+hx)r-1) mod p) mod q =( gk mod p) mod q =r

Batch BLS

The BLS signature scheme uses a cry ptogra phic primitive called pairing.Let

be a non-degenerate, efficiently com putable, bilinear pairing f unction

where G, GT are groups of prime order, r . Let g be a generator of G. The key generation

algorithm selects a random integer x in the interval [0, r í 1]. The private key is x. The

holder of the private key pu blishes the pu blic key, g x.

Signing: Given the private key x, and some message m, we com pute the signature byhashing the string m, as h = H (m). We out put the signature = h x.

Verification: Given a signature and a pu blic key g x, we verify that e(, g ) = e( H (m), g

x).

Admin Management:

Admin is allowed to enter the a pplication after authentication. Admin has to provide

user name and password .After login admin can change the network, firewall settings, setthe key for signing of packets.



MABS

11


4. Conclusion

To reduce the signature verification overheads in the secure multimedia multicasting, block-

based authentication schemes have been pro posed. Unfortunately, most previous schemes

have many problems such as vulnerability to packet loss and lack of resilience to denial of service (DoS) attack. To overcome these problems, we develo p a novel authentication

scheme MABS. MABS is perfectly resilient to packet loss due to the elimination of the

correlation among packets and can effectively deal with DoS attack. Moreover, the use of

batch signature can achieve the efficiency less than or com parable with the conventional

schemes. Finally, we f urther develo p two new batch signature schemes based on BLS and

DSA, which are more efficient than the batch RSA signature scheme.

5. References

y Yun Zhou, Xiaoyan Zhu, Yuguang Fang , ́ MABS: Multicast Authentication Based on

Batch Signature´ IEEE Transactions on mobile com puting, July 2010

y P. Judge and M. Ammar, ³Securit y Issues and Solutions in Multicast Content

Distribution: A Surve y ,´ IEEE Networ k Magazine, vol. 17, no. 1, pp. 30-36, Jan./Feb.

2003.

y htt p://en.wiki pedia.org/wiki

Documents

Main Pjct Mabs