Information Technology Reference
In-Depth Information
the non-repudiation of the scheme. However, the traditional way to sign every packet
would make the computation and communication overhead very high. So the erasure
code is included in to increase the authentication rate and decrease the overhead. Cur-
rently, most of the secure data origin authentication model is simply built on the hybr-
id model of the digital signature and the erasure code such as the SAIDA [1]. In the
SAIDA scheme, the lost packets can be recovered in the range of
m
/
n
(
m
<
n
).
What's more, the time delay is proportional to the parameter
n
and the overhead also
increases with 1 /
m
. It is obvious that do not adjust the parameters with the change of
network will decrease the efficiency and may increase the pressure of low storage
capacity nodes. So the service provider could adjust itself to the network environment
dynamically to achieve the best effect becomes necessary.
However, most of the authentication schemes have no idea about adapting them-
selves to the variable network environment. The parameters in the schemes are always
set at the beginning and never changed.
In this paper, we proposed an effective scheme to solve this problem. The Markov
model is included in to make the system adaptive. The Markov chain can estimate the
next state based on the states came before according to the state transition matrix, but
it needs a lot of prior experience data to determine the matrix. According to a mass of
time delay values and packet error rates before from the receiving nodes, the esti-
mated ones can be given. So we combined the IDA, the Merkle HASH tree, as well as
the Markov algorithm to achieve the adaptive and secure data origin authentication
model. It can achieve the followed abilities:
•
Resist the packet loss and injection. The IDA and Merkle HASH tree are combined
to achieve the perfect non-reputation and can resist all kinds of packet attack from
the network.
•
Be adaptive to reduce the time delay. According to the feedback values, the para-
meter
n
will be adjusted to adapt the network environment and make the delay
lower.
•
Be adaptive to balance the overhead. The key parameter
m
/
n
can be estimated
using Markov model to adapt the following network condition so that the commu-
nication and computation overhead is balanced.
2
Related Works
The TESLA scheme [2] proposed by Perrig realized the group data origin authentica-
tion by postponing sending the key of the MAC. This scheme has advantages of fast
computation speed, less overhead and so on. However, TESLA needs the synchron-
ous clock between the sender and the receivers, and it's difficult to be guaranteed
under the open network environment.
Park proposed the SAIDA protocol [1] which can disperse the hash values and the
digital signatures of all packets of one block according to the Information Disperse
Algorithm (IDA). The receivers could recover the hash value and the digital signature
