A Trapdoor Hash-Based Mechanism for Stream Authentication

Digital streaming Internet applications such as online gaming, multimedia playback, presentations, news feeds, and stock quotes involve end-users with very low tolerance for high latency, low data rates, and playback interruption. To protect such delay-sensitive streams against malicious attacks, security mechanisms need to be designed to efficiently process long sequence of bits. We study the problem of efficient authentication for real-time and delay-sensitive streams commonly seen in content distribution, multicast, and peer-to-peer networks. We propose a novel signature amortization technique based on trapdoor hash functions for authenticating individual data blocks in a stream. Our technique provides: 1) Resilience against transmission losses of intermediate blocks in the stream; 2) Small and constant memory/compute requirements at the sender and receiver; 3) Minimal constant communication overhead needed for transmission of authenticating information. Our proposed technique renders authentication of digital streams practical and efficient. We substantiate this claim by constructing DL-SA, a discrete-log-based instantiation of the proposed technique. DL-SA provides adaptive stream verification, where the receiver has control over modulating computation cost versus buffer size. Our performance analysis demonstrates that DL-SA incurs the least per-block communication and signature generation overheads compared to existing schemes with comparable features.