A Pollution Attack Resistant Multicast Authentication Scheme Tolerant to Packet Loss

Assuring authenticity of packets is a critical security measure in multicast applications. Due to the high overhead of signing every multicast packet with a digital signature, schemes employing signature amortization abate this cost by endorsing a block of packets at once. By utilizing a fault-tolerant coding algorithm, signature amortization schemes can tolerate packet loss. However, enhancing these schemes with a fault-tolerant coding algorithm introduces pollution attacks, a form of denial of service attack in which the adversary injects invalid symbols into the decoding process. Unfortunately, previous solutions that combat pollution attack required time synchronization or were computationally inefficient. To address these problems, we propose a multicast authentication scheme that is both lightweight and resistant to pollution attack. By using one-way hash functions, our scheme can quickly generate and verify packets. Since our proposed scheme can immediately and independently authenticate a received packet, it does not risk exceeding buffer space with unverified packets during a pollution attack. Schemes that rely on fault-tolerant coding to provide packet loss tolerance can employ our approach to defend against pollution attacks.