Aggregating Symmetric Authentication: From Motes to Clouds
Date Issued
2013
Date
2013
Author(s)
Chen, Yu-Shian
Abstract
This thesis discusses the aggregation of authentication created purely from symmetric cryptography. It also means that the authentication tags are aggregated in a symmetric way, or simply via hash functions. The contents of this work can be can be roughly classified
as the applications and theory parts.
From the aspect of applications, it consists of four computational applications regarding data and communication authenticity, spreading from micro-scaled sensor networks to macro-scaled cloud. These topics include (1) dynamic authenticated dictionary, (2) broadcast
authentication in sensor networks, (3) en-route false injection filtering, and (4) verifiable encrypted cloud storage. Two canonical hash-based data structures are employed, the Merkle Tree (MT) and the Bloom Filter (BF).
1. Dynamic authenticated dictionary: As a generic computation paradigm, the authenticated dictionary is to verify that the delegated remote correctly store the outsourced data. Prior solutions, mostly adopting the Merkle Tree (MT), are either only suitable for static dictionary or lack of efficient structures. We propose several novel approaches to extend the MT''s ability of data update and negative query. Unlike the
other hash-based schemes for authenticating dynamic data, these proposals retains the structural simplicity of MT.
2. Broadcast authentication: Broadcast authentication (BA) is a crucial foundation of wireless sensor networks (WSN). Limited by computation and energy resources, the sensor motes should not directly adopt asymmetric cryptography. Hence, the μTESLA protocol has been acting as the major role for doing BA in WSN. The chain structure of TESLA, however, brings inconvenience to update of authentication source. To prolong durability and support self-healing property, the Curtain applies compressed Bloom filters (CBF) to multiple μTESLA. It greatly reduces the network communication overhead at the cost of a moderate memory usage in receiving motes. The mCurtain, an extended version of Curtain, works for scenario of multiple senders. It allows the system to dynamically add and revoke senders.
3. False injection filtering: Lightweight en-route authentication is a challenging task in wireless multi-hop networks. An adversary can inject false data into the system, incurring redundant message forwarding, consuming node resources, and degrading network performance. Although the injection might be identified, en-routers have paid price for them. We utilize Bloom filter techniques, again, to build an authentication
manifest called en-route authentication bitmap (EAB). EAB helps nodes on the routing path to filter out false data in high success rate, thus confine the injection attacks within the one or two hops from the adversary. The evaluation shows that EAB effectively protect the forwarding path of tens of hops with only a few bytes cost.
4. Verifiable encrypted cloud storage: A cloud storage service is never sufficient if it only guarantees one of data confidentiality and integrity. Remote storage without encryption could expose private information to outsiders; while storage without integrity could be appended with garbled and useless cipher. This paper presents the Stratus, an integrated encrypted storage atop of heterogeneous cloud storage.
Standing on user''s perspective, Stratus focuses on offering transparent and convenient access and integrity verification of the data outsourced. Also, Stratus preserves implicitly the folder hierarchy of the original storage and allows painless data migration and sharing without backward decryption. By the technique of dummy list, Stratus is able to perform lazy deletion, reducing access overhead. Other salient features of Stratus include assured deletion and space query in O(log n).
Finally, from the aspect of theory, the work derives a rigorous proof of the security extreme of aggregated authentication. First, we give a precise definition of Aggregate message authentication codes (AMACs) with the property of one-the-fly (OTF) verification.
The AMACs encompass portions of each previous mentioned application. Combing information theory, authentication theory, and Bloom computation, the theoretical security extreme of such authentication is derived and proved. The results correspond to prior
research adopting other methodologies in literature.
The Merkle trees and Bloom filters, both ancient and simple hash-based structures, are the two foundations of this thesis. Readers will find that the old tools might be more efficient in tackling emerging problems, even in the modern computational world dominated
by asymmetric cryptography.
Subjects
彙集
認證
Merkle 雜湊樹
Bloom 過濾器
認證字典
感測網路
雲儲存
Type
thesis
File(s)![Thumbnail Image]()
Loading...
Name
ntu-102-D94921021-1.pdf
Size
23.32 KB
Format
Adobe PDF
Checksum
(MD5):65a56a09b38e2402ba160b1e38c234ec