1 / 33

Digital Signature for Flows and Multicast

Digital Signature for Flows and Multicast. Chung Kei Wong, student Member,IEEE and Simon S. LAM, Fellow,IEEE IEEE/ACM TRANSACTIONS ON NETWORKING, AUGUST 1999. Outline. Introduction Main idea Detail design Conclusion. Introduction. Basic concerns of securing data Confidentiality

melita
Download Presentation

Digital Signature for Flows and Multicast

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Digital Signature for Flows and Multicast Chung Kei Wong, student Member,IEEE and Simon S. LAM, Fellow,IEEE IEEE/ACM TRANSACTIONS ON NETWORKING, AUGUST 1999

  2. Outline • Introduction • Main idea • Detail design • Conclusion

  3. Introduction • Basic concerns of securing data • Confidentiality • Authentication • Integrity • Nonrepudiation

  4. Main idea • We present chaining techniques for signing/verifying multiple packets using a single signing/verification operation. • To further improve our procedures, we propose several extensions to the Feige–Fiat–Shamir digital signature scheme.

  5. Existing Techniques for Signing Flows • Sign-each • Flow • Nonreal-time generated flow • Real-time generated flow • Signing rate is important • Delay-sensitive flow • verification rate is important

  6. Characteristics in delivery of flows and multicast • For a multicasted flow, many receivers are limited in resource compared to sender, which is typically a dedicated server machine. In some environments, both senders and receivers may be limited in resource, e.g.,mobile computers using wireless communication.

  7. Characteristics in delivery of flows and multicast (cont.) • Delay sensitive flows require fast processing at receivers.Real-time generated flows require fast processing at senders as well. • Receivers may have widely different capabilities/resource. For example, receivers may be personal digital assistants, notebook computers, or desktop machine. Moreover, the resource available to a receiver for verifying signatures may vary over time.

  8. Requirements • The signing procedure is efficient and, for real-time generated flows, delay bounded. • The verification procedure is efficient(since many receivers have limited resource). • Packet in a flow are individually verifiable. • Packet signatures are small (I.e., small communication overhead).

  9. Chaining techniques • A. Star Chaining • D1,…D8,D1-8=h(D1,…,D8) • Di:message digest of packeti • D’1-8 = h(D1,D2,D3’,…,D8)

  10. Chaining techniques • B. Tree Chaining

  11. Comparison of Chaining Techniques 16 packets,deg = 2 Total:0.21+12.7 = 12.9ms Ave:12.9/16 = 0.81ms 12.7/0.81=15.68 Chaining time (milliseconds) for a block (a) at a signer

  12. Comparison of Chaining Techniques 16 packets,deg = 2 Total:0.4+0.24 = 0.64ms Ave:0.64/16 = 0.04ms 0.4/0.04=10 Chaining time (milliseconds) for a block (b) at a verifier (with caching of verified nodes).

  13. Flow Signing and Verification Procedures

  14. Bounded Delay Signing • Ds = T + chains(m) + Tsign • in period T at most m packets are generated and their packet digests computed. • chains(m):chaining time • Tsign:block digest signing time • Ds:delay upper bound • Real-time generated flow • Ds > 2(Tsign + chains(m))

  15. THE eFFS SIGNATURE SCHEME • A. Basic FFS Scheme • Parameter • (k,t) • N = p * q ( p , q : large prime) • V1,v2,…,vk(k random integers) • Si^2 = vi^-1 mod n • Signing key {s1,…sk,n} • Verifacation key {v1,v2,…,vk,n}

  16. THE eFFS SIGNATURE SCHEME • Signing step • 1)r1,…rt : t random integers between 1 to n. Compute xi = ri^2 mod n. for I = 1,..t. • 2)Calculate message digest:h(m,x1,…xt) {bij} : first k*t bits of message digest • 3)yi = ri * (s1^bi1 * … * sk^bik) mod n

  17. THE eFFS SIGNATURE SCHEME • Verify step • 1) zi = yi^2 * (v1^bi1 * … * v^bik) mod n • First k*t bits of message digest h(m,z1,…zt) = {bij}?

  18. Extensions to Speed up FFS • 1) Small Verification Key (small v-key) • To use the first k prime numbers as verification key components {vi}. • 2) Chinese Remainder Theorem (crt) • yi = ri * (s1^bi1 * … * sk^bik) mod n ((ai – bi) * q *qp^-1 +bi) qp^-1 = q^-1 mod p ai = ri * (s1^bi1 * … * sk^bik) mod p bi = ri * (s1^bi1 * … * sk^bik) mod q

  19. Extensions to Speed up FFS • 3) Precomputation (precomp) • k = 4 yi = ri * (s1^bi1 * … s4^bi4) mod n sb1…b4 = s1^bi1 * … s4^bi4 • 4-bit precomp,k=128,512modulus 128/4 * (2^4 – 1) = 480 additional memory :480*512 bits or 31kB • 8-bit,12bit,16bit:261kB,2.88Mb,33.6MB

  20. Extensions to Speed up FFS Performance Comparison

  21. Adjustable and Incremental Verification • Multiple keys(with different modulus size) • t-level signature • xi = yi^2 * (v1^bi1 * … * v^bik) mod n • To verify a t-level signature of message at security level l • (1) compute zi = yi^2 * (v1^bi1 * … * v^bik) mod n for I = 1 … l • (2) verify that z2,…,zl are equal to x2,…,xl respectively

  22. Adjustable and Incremental Verification • To increase the verification security level l1 from to l2 • 1) compute zi = yi^2 * (v1^bi1 * … * v^bik) mod n for I = l1+1 … l2 • 2) verify that zl1+1,…,z2 are equal to xl1+1,…,xl2 respectively • The size of a t-level signature • Kt + (2t - 1) * |n| • For 512-bit modulus and product kt = 128, a 1-level signature is 80 bytes and a 2-level signature is 208 bytes.

  23. Adjustable and Incremental Verification

  24. COMPARISON WITH OTHER SIGNATURE SCHEMES • 1024-byte packets • Pentium II 300-MHz machine running Linux. • Four different modulus sizes, 384, 512, 768, and 1024 bits,

  25. A. Key and Signature Sizes

  26. A. Key and Signature Sizes

  27. B. Signing and Verification Times

  28. C. Flow Signing and Verification Rates

  29. Conclusion • We have designed flow signing and verification procedures, based upon a tree-chaining technique, to meet the following requirements: • 1)flow signing is efficient and, for real-time generated flows,delay-bounded; • 2) flow verification is efficient (for receivers with limited resources); • 3) packets in a flow are individually verifiable (for best-effort multicast delivery); • 4) packet signatures are small (for a small communication overhead); and • 5) verification at a receiver is adjustable to different security levels and can be carried out incrementally (for receivers with limited resources).

  30. Conclusion • we propose several extensions to the Feige–Fiat–Shamir digital signature scheme to speed up both the signing and verification operations. • 1) eFFS is the fastest in signing (by a large margin over any of the other four schemes) and as fast as RSA in verification (tie for a close second behind Rabin). • 2) eFFS allows a tradeoff between memory and signing/verification time. • 3) eFFS allows adjustable and incremental verification by receivers.

  31. Conclusion • Question • Key management • Signing key size is very large • If the signer has only few resource?

More Related