Denial-of-service resistant multicast authentication protocol with prediction hashing and one-way key chain

Requirements that need to be met by multicast authentication schemes are packet authenticity, packet loss robustness, loss model independence, and denial of service (DoS) resistance. We develop an efficient multicast authentication scheme for real-time streaming applications that is resistant to denial-of-service attacks while consuming much less resources (CPU and buffer) at receivers compared to previously proposed schemes. This scheme utilizes prediction hashing (PH) and one-way key chain (OKC) techniques based on erasure codes and distillation codes. PH and OKC techniques enable the receiver to significantly reduce the CPU overhead and buffer requirements compared to other block-based solution approaches. Analysis conducted indicates that this new scheme consumes much less CPU time and buffer space than one of the recently proposed denial-of-service (DoS) resistant multicast authentication schemes, pollution resistant authenticated block streams (PRABS) (Karlof et al., 2004), by a factor of more than 5 for buffer requirement and 3 for CPU requirement.