Design And Implementation On Helix Platform Of Multicast Source Authentication Scheme Based On One-time Signature

Multicast is an effective mean to transport data from one point to multiple points on networks. Multicast reduces network overload and saves bandwidth, so it has been found a lot applications, such as real-time data transportation, multi-media conferences, data backup, games and simulations.Security is a fundamental problem of any network protocols. Multicast security is quite different from Unicast security. Multicast Source Authentication, i.e., authenticating the source of a received packet in multicast environment, is one of the most important problems of multicast security. Solutions used in unicast, i.e., MAC, are not capable for solving this problem.One-time Signature is a type of signature scheme which is very fast based on one way function without trapdoor. Together with Merkle Tree, One-time Signature can be used to construct a solution to Multicast Source Authentication problem. But One-time Signature scheme usually have large public keys which limit their usage. The first attribution of this paper is proposing a new One-time Signature scheme which is improved by Merkle Tree. Unlike former schemes, our scheme not only uses Merkle Tree for key management but also to reduce one-time public keys, thereby reduces the length of authentication information.Considering the characteristics of Helix Platform, the second attributions of this paper is to design and implement a Multicast Source Authentication scheme based on improved One-time Signature scheme and former Multicast Source Authentication schemes as an authentication plug-in of Helix platform. The plug-in has three advantages: First, each packet is authenticated by a One-time Signature, so there is no need for both sender and receiver maintain a buffer and there is no delay for signing and verifying and authentication failure of current packets do not effect the authentication of other packet. Second, we design a mechanism to regenerate Merkle Trees, so just only one normal digital signature signing operation is required to provide unlimited number of One-time Signature for signing unlimited length of...