Upload
amritha-alex
View
316
Download
0
Embed Size (px)
Citation preview
5/12/2018 Main Pjct Mabs - slidepdf.com
http://slidepdf.com/reader/full/main-pjct-mabs 1/12
MULTICAST AUTHENTICATION BASED
ON
BATCH SIGNATURE
Amritha Alex Panicker
Parvathy C
Sneha Anne Jacob
5/12/2018 Main Pjct Mabs - slidepdf.com
http://slidepdf.com/reader/full/main-pjct-mabs 2/12
MABS
1
College of Engineering, Chengannur
1. Introduction
1.1 Introduction
Multicat is an efficient method to deliver multimedia content from a sender to a group of
receivers and is gaining po pular a pplications such as realtime stock quotes, interactive
games, video conference, live video broadcast, or video on demand. Authentication is one
of the critical to pics in securing multicast in an environment attractive to malicious attacks.
Basically, multicast authentication may provide the following security services:
1. Data integrity: Each receiver should be able to assure that received packets have not
been modified during transmissions.
2. Data origin authentication: Each receiver should be able to assure that each received
packet comes from the real sender as it claims.
3. No repudiation: The sender of a packet should not be able to deny sending the packet to
receiver in case there is a dis pute between the sender and receiver.
All the three services can be supported by an asymmetric key technique called signature. In
an ideal case, the sender generates a signature for each packet with its private key, which is
called signing, and each receiver checks the validity of the signature with the sender¶s
pu blic key, which is called verifying. If the verification succeeds, the receiver knows the
packet is authentic. Designing a multicast authentication protocol is not an easy task.
Generally, there are following issues in real world challenging the design. First, efficiency
needs to be considered, es pecially for receivers. Com pared with the multicast sender, which
could be a powerf ul server, receivers can have different ca pabilities and resources.
The receiver heterogeneity requires that the multicast authentication protocol be
able to execute on not only powerf ul deskto p com puters but also resource-constrained
mobile handsets. In particular, latency, com putation, and communication overhead are
major issues to be considered. Second, packet loss is inevitable. In the Internet, congestion
at routers is a major reason causing packet loss. An overloaded router dro ps buffered
packets according to its preset control policy. Though TCP provides a certain
retransmission ca pability, multicast content is mainly transmitted over UDP, which does not
provide any loss recovery support. In mobile
5/12/2018 Main Pjct Mabs - slidepdf.com
http://slidepdf.com/reader/full/main-pjct-mabs 3/12
MABS
2
College of Engineering, Chengannur
Designing a multicast authentication protocol is not an easy as, there are
following issues in real world challenging the design. First, efficiency needs to be
considered, es pecially for receivers. Second is the packet loss that ha ppens during the
im plementation phase. Therefore, for a pplications where the quality of service is critical to
end users, a multicast authentication protocol should provide a certain level of resilience to
packet loss. S pecifically, the im pact of packet loss on the authenticity of the already-
received packets should be as small as possible.
2 Software Requirement Specifications
2.1 Introduction
2.1.1 Purpose
This document s pecifies the requirements and s pecification set forth for Multicast
Authentication based on Batch Signature. Multicast Authentication based on Batch
Signature provides a framework for perfect resilence to data loss over a network. This
SRS document covers the entire project at this stage of develo pment. The final software will
have the features according to the document.
2.1.2 Scope
Conventional block-based multicast authentication schemes overlook the heterogeneity of
receivers by letting the sender choose the block size, divide a multicast stream into blocks,
associate each block with a signature, and s pread the effect of the signature across all the
packets in the block through hash gra phs or coding algorithms. The correlation among
packets makes them vulnerable to packet loss, which is inherent in the Internet and wireless
networks. We pro pose a novel framework, Multicast Authentication based on Batch
Signature to eliminate the correlation among packets and thus to provide the perfect
resilience to packet loss. Also we introduce an enhanced scheme which combines the basic
scheme with a packet filtering mechanism to alleviate the Denial-of-Service(DoS) im pact
while preserving the perfect resilience to packet loss.Multicast is an efficient method to
deliver multimedia content from a sender to a group of receivers and is gaining po pular
a pplications such as real-time stock quotes, interactive games, video conference, live video
broadcast, or video on demand.
5/12/2018 Main Pjct Mabs - slidepdf.com
http://slidepdf.com/reader/full/main-pjct-mabs 4/12
MABS
3
College of Engineering, Chengannur
2.1.3 Definitions,Acronyms and Abbrevations
MABS-Multicast Authentication based on Batch Signature
DoS-Denial-of-Service
DSA-Digital Signal Algorithm
BLS- Boneh±Lynn±Shacham signature
RSA- Rivest- Shamir-Adleman signature
2.1.4 Overview
The SRS document provides descri ption about the system requirements, interfaces, features
and f unctionalities.
2.2 General Description
2.2.1 Product Perspective
In the pro posed system multicast authentication protocol, namely MABS, the correlation
among packets is eliminated and thus it provides a perfect resilience to packet loss. It is also
efficient in terms of latency, com putation, and communication overhead due to an efficient
cry ptogra phic primitive called batch signature, which supports the authentication of any
number of packets simultaneously. We also present an enhanced scheme which combines
the basic scheme with a packet filtering mechanism to alleviate the DoS im pact while
preventing packet loss.
2.2.2 Product Function
In the pro posed system multicast authentication protocol, namely MABS, including two
schemes. The basic scheme (M
ABS-B) eliminates the correlation among p
ackets and thus
provides the perfect resilience to packet loss, and it is also efficient in terms of latency,
com putation, and communication overhead due to an efficient cry ptogra phic primitive
called batch signature, which supports the authentication of any number of packets
simultaneously. We also present an enhanced scheme MABS-E, which combines the basic
5/12/2018 Main Pjct Mabs - slidepdf.com
http://slidepdf.com/reader/full/main-pjct-mabs 5/12
MABS
4
College of Engineering, Chengannur
scheme with a packet filtering mechanism to alleviate the DoS im pact while preserving the
perfect resilience to packet loss.
2.2.3 User characteristics
The software has a user who will be registering in the Deskto p a pplication that we would be
develo ping. At this point he would be provided with a password. This password is being
stored in the database which is used for f urther login by the user . Users include:
y Clients who wish to access the facilities in a pplication
y MABS Admin
The user interface has to be develo ped in Netbeans IDE 6.9.1. The user has several o ptions
such as:
1. Registration
2. Signing
3. U pdating profile
4. Data transfer mode
5. View re port
2.2.4 General Constraints
1. There exists a client server communication. A high bandwidth communication is
necessary.
2. This system can be supported in only those systems which provide Java support.
2.2.5 Database Requirements
The list of clients along with login details of each user is maintained at the server in a
database which is accessed by the a pplication r unning at the server side.
2.2.6 Assumptions and Dependencies
y Pro per network connection is necessary between the com puters for the pro per working
of the system.
y Software must be installed at all the systems.
5/12/2018 Main Pjct Mabs - slidepdf.com
http://slidepdf.com/reader/full/main-pjct-mabs 6/12
MABS
5
College of Engineering, Chengannur
2.2.7 User Interface
The user interface is provided such that firstly the user has to login for using the
facilities provided by the a pplication. A hel p menu will also be provided in the main
window. A login o ption is provided where the user has to enter password. The password is
validated and the user gets access to the a pplication. O ptions for transferring, receiving and
re ports are provided in the a pplication. User is also provided with an o ption to change
password. After carrying out intended o perations user is logged out using logout o ption. A
hel p menu will be provided in the interface. This menu driven support facilitates user to
use the facilities provided by the software and describes the initial user how to move
through the a pplication.
2.3External Interface Requirements
2.3.1 Hardware and Software Requirements
Software Requirements
y Front end : Java
y Back end : My SQL
y O perating system : Windows
y IDE : Net Beans
Hardware Requirements
y Processor : Pentium IV OR Above
y Primary Memory : 256 MB RAM
y Storage : 40 GB Hard Disk
2.3.2 Functional Requirements
MABS can achieve perfect resilience to packet loss in lossy channels in the sense that no
matter how many packets are lost the already-received packets can still be authenticated by
receivers.MABS-B is efficient in terms of less latency, com putation, and communication
overhead. Though MABS-E is less efficient than MABS-B since it includes the DoS
defense, its overhead is still at the same level as previous schemes.Two new batch signature
schemes based on BLS and DSA are introduced
5/12/2018 Main Pjct Mabs - slidepdf.com
http://slidepdf.com/reader/full/main-pjct-mabs 7/12
MABS
6
College of Engineering, Chengannur
2.4 Non-Functional Requirements
2.4.1 Performance
The system is ex pected to fit according to the performance.It should use less memory and
should be easily accessible by user. Memory management should be done wisely so that
none of the memory goes wasted. The system should provide perfect resilience to packet
loss, and it is also efficient in terms of latency, com putation, and communication overhead
along with a secure multicast.
2.4.2 Maintainability
The a pplication will be designed in a manner that it is easy to modify the software system
later when required and to incor porate new requirements in the individual modules.
2.4.3 Security Requirements
The system is ex pected to give a secure multicast using batch signature along with a user
authenticated password protection to access the a pplication.
2.4.4 Portability
This a pplication will be develo ped using platform inde pendent java technology. Hence it
provides portability.
3. Data Flow Diagram
Context diagram
Context diagrams are used early in a project to get agreement on the sco pe under
investigation. Context diagrams are ty pically included in a requirements document. These
diagrams must be read by all project stakeholders and thus should be written in plain
language, so the stakeholders can understand items within the document.
It shows the system as a whole in its environment. It defines what/who will interact with the
system and the high-level of data/materials into/out of the system.
5/12/2018 Main Pjct Mabs - slidepdf.com
http://slidepdf.com/reader/full/main-pjct-mabs 8/12
MABS
7
College of Engineering, Chengannur
Level 0
Level 1
5/12/2018 Main Pjct Mabs - slidepdf.com
http://slidepdf.com/reader/full/main-pjct-mabs 9/12
MABS
8
College of Engineering, Chengannur
Level 2
Module Description
User Management:
A user is allowed to enter the a pplication after authentication of that particular user.
Users have to provide user name and password .If a particular user is not in the login table,
then he can¶t access the system .For unregistered users there is an o ption for signing.
After login the user will be provided with o ptions for broadcasting, unicasting and
multicasting data. The user will be provided with an inbox containing with files sent to the
user by others. User will also be provided with o ptions to join and unjoin multicast
5/12/2018 Main Pjct Mabs - slidepdf.com
http://slidepdf.com/reader/full/main-pjct-mabs 10/12
MABS
9
College of Engineering, Chengannur
groups. User can also add or remove others from multicast groups owned by him. Users will
be provided with re ports to review details of previous transmission.
Network Management :
Network management is concerned with division of data into packets, grouping of
packets into batches, encry ption of data, signature generation at the sender side and
detection of batches, decry ption of data, signature verification at the receiver side. It also
consists of generation of acknowledgement system for UDP packets, resending of
unacknowledged packets and detection of duplicate packets. Detection and prevention of
DoS attack is also the f unction of this module.
Various schemes:
Batch RSA
RSA is a very po pular cry ptogra phic algorithm in many security protocols. In order to use
RSA, a sender chooses two large random primes P and Q to get N=PQ, and then calculates
two ex ponents e, d such that ed=1mod(N), where (N)=(P-1)(Q-1). The sender pu blishes
(e, N) as its pu blic key and kee ps d in secret as its private key. A signature of a message m
can be generated as = (h(m))d mod N, where h( ) is a collision resistant hash f unction. The
sender sends {m,} to a receiver that can verify the authenticity of message m by checkinge = h(m) mod N.
Batch DSA
A DSA digital signature is com puted using a set of domain parameters, a private key x, a
per message secret number k , data to be signed, and a hash f unction. A digital signature is
verified using the same domain parameters, a pu blic key y that is mathematically associated
with the private key x used to generate the digital signature, data to be verified, and the
same hash f unction that was used during signature generation.
p= a prime modulus, where 2L±1 < p < 2L, and L is the bit length of p.
q =a prime divisor of ( p ± 1), where 2N±1 < q < 2 N, and N is the bit length of q.
g =a generator of the su bgroup of order q mod p, such that 1 < g < p.
x =the private key that must remain secret; x is a randomly or pseudo randomly generated
integer, such that 0 < x < q, i.e., x is in the range [1, q±1].
5/12/2018 Main Pjct Mabs - slidepdf.com
http://slidepdf.com/reader/full/main-pjct-mabs 11/12
MABS
10
College of Engineering, Chengannur
y =the pu blic key, where y = gx mod p.
k =a secret number that is unique to each message; k is a randomly or pseudo randomly
generated integer, such that 0 < k < q, i.e., k is in the range [1, q±1].
h() =a hash f unction.
Given message m, the signer generates a signature by randomly selecting an integer k with
0 < k < q. Com puting h = h(m). Com puting r = (gk mod p) mod q, and com puting s = rk ±
hx mod q. The signature for m is (r,s). The receiver can verify message m by first
com puting h=h(m) and then checking whether ((gsr-1 yhr-1) mod p) mod q = r
This is because if the packet is authentic, then
((gsr-1 yhr-1) mod p) mod q =((g(s+hx)r-1) mod p) mod q =( gk mod p) mod q =r
Batch BLS
The BLS signature scheme uses a cry ptogra phic primitive called pairing.Let
be a non-degenerate, efficiently com putable, bilinear pairing f unction
where G, GT are groups of prime order, r . Let g be a generator of G. The key generation
algorithm selects a random integer x in the interval [0, r í 1]. The private key is x. The
holder of the private key pu blishes the pu blic key, g x.
Signing: Given the private key x, and some message m, we com pute the signature byhashing the string m, as h = H (m). We out put the signature = h x.
Verification: Given a signature and a pu blic key g x, we verify that e(, g ) = e( H (m), g
x).
Admin Management:
Admin is allowed to enter the a pplication after authentication. Admin has to provide
user name and password .After login admin can change the network, firewall settings, setthe key for signing of packets.
5/12/2018 Main Pjct Mabs - slidepdf.com
http://slidepdf.com/reader/full/main-pjct-mabs 12/12
MABS
11
College of Engineering, Chengannur
4. Conclusion
To reduce the signature verification overheads in the secure multimedia multicasting, block-
based authentication schemes have been pro posed. Unfortunately, most previous schemes
have many problems such as vulnerability to packet loss and lack of resilience to denial of service (DoS) attack. To overcome these problems, we develo p a novel authentication
scheme MABS. MABS is perfectly resilient to packet loss due to the elimination of the
correlation among packets and can effectively deal with DoS attack. Moreover, the use of
batch signature can achieve the efficiency less than or com parable with the conventional
schemes. Finally, we f urther develo p two new batch signature schemes based on BLS and
DSA, which are more efficient than the batch RSA signature scheme.
5. References
y Yun Zhou, Xiaoyan Zhu, Yuguang Fang , ́ MABS: Multicast Authentication Based on
Batch Signature´ IEEE Transactions on mobile com puting, July 2010
y P. Judge and M. Ammar, ³Securit y Issues and Solutions in Multicast Content
Distribution: A Surve y ,´ IEEE Networ k Magazine, vol. 17, no. 1, pp. 30-36, Jan./Feb.
2003.
y htt p://en.wiki pedia.org/wiki