The Performance Analysis And Simulation On Source Authentication Protocol In Multicast

Along with the development of computer networks, the rapid spread of Internet and video/audio technology, many network applications, such as on-line multimedia conference, audio and video on demand, distributed cooperating work and the mass information transmission are based on group communications, multicast technology as a representative of the group communications has become a very important concept in the new network architecture.Unicast, the conventional point-to-point transport style, can't adapt to the transmission characteristics of multimedia business: single point send and more receiving, because the server must provide an identical message copy for each recipient and repeat transmitting the same message in the network, which occupies the vast resources. While broadcast allows the host sending a message to all the host of the same network at the same time, but not all of the host need these messages, thus it wastes network resources and reduces the network processing capability greatly, which makes the "bottleneck" problems of network applications become more and more outstanding. Multicast technique has solved these problems well. Compared with unicast, it not only saves network bandwidth, but also can be implemented in different network structure and different network level; Compared with broadcast, multicast is more manageable and easier to understand the application of multicast group, which makes the processing cost and sending delay of the sender and router down to the minimum degree.As a kind of efficient, fast data transmission, the application of multicast technology is increasingly widespread. However, because of the openness of the network and multicast technology of its own limitations, there's a lot of security risks exist for data transmission. Especially for confidential meetings, military command and other information-sensitive group communication applications, security issues appear to be particularly urgent. Thus multicast security technology to promote the wider use of multicast is of utmost importance.The research of secure multicast has important theoretical and practical significance. In the stock market data distribution, multi-military conference and many other multicast communication applications, the receiver needs to know which source of the entity the data is from. That must need data source authentication, or even need non-repudiation authentication. Therefore, data source authentication, especially the non-repudiation authentication has the real significance for popularization and implementing of the secure multicast. The mainest problem secure multicast currently facing is group key management and source authentication of multicast. Multicast source authentication is one of the most important and difficult problems in secure multicast communications. and it is also the foundation to implement secure multicast communications. Multicast source authentication can ensure that the data received by members of multicast group is from the claimed (authorized) source, if the data is tampered, receiver can identify. But because the data origin authentication must consider the details of all sorts of multicast communication applications, such as computation (time) overhead, communication (space) overhead, data buffer, network delay, loss probability and so on, so at present there is not an efficient way to solve it really. The performance analysis and simulation of source authentication protocol in multicast is very significant to study more efficient protocols.Normally, data source authentication is divided into two levels: The first level use MAC (message authentication code) only guarantee the data source authentication of multicast, in this case, a sender allows receiver to verify multicast message by asymmetric mechanisms, instead of trusted third party to prove the effectiveness, and should not do non-repudiation. The second level besides ensure data source, still need to ensure non-repudiation, requires the use of digital signature technology. But the general digital signature technology will bring enormous computing and communication overhead expenses, Signature and certification at the same time when the larger time delay will also significantly affect the packet data processing speed of the sender and recipient, especially in real-time transmission of occasions (such as live video conferencing, etc). Each multicast packets are ideal for digital signatures but it is not practical. At present, there are two kinds of methods to reduce the impact of overhead signature: (1) the design of more efficient signature scheme; (2) Signature of the overhead allocated to multiple data package. Non-repudiation multicast data source authentication are the highest level of certification requirements, but also focuses on the content of this article. In this thesis, mainly research the hash tree and the hash chain authentication protocol based on non-real-time multicast applications and real-time multicast streaming applications. Carry out a performance analysis and simulation on an improved hashing tree authentication protocol and a hybrid multiple authentication model provided by our group. Through the analysis of existing protocol and the simulation of improved protocol, aims to provide a set of rational, efficient and useful data source authentication scheme.The major content includes:1. Study of network simulation software NS-2. Research the overall structure, implementation rules and the main function of network simulation software NS-2. Analysis of the interrelationship between the various components, by using NS-2 implementation on simulation of multicast communication, the specific description of the object creation process, thereby know NS-2 core procedures for the protocol simulation experiments have laid a foundation. 2. The performance analysis and simulation of IHAP (improved hash-treeing authentication protocol). Introduced hash tree authentication methods applicable to non-real-time multicast data source authentication. Carry out the analysis of an improved hash tree authentication protocol proposed by our group. Compared the computation overhead, communication overhead, resistance to the packet loss, data buffer, time delay, and authentication probability with hash tree by the performance analyses and simulation results by NS-2, the communication overhead of IHAP is less than hash tree, and the authentication probability of IHAP could reach 90% if the packet loss ratio is less than 25%. So IHAP could adapt to authenticate unreal-time multicast data very well.3. The performance analysis and simulation of HMAM (Hybrid Multi-chaining Authentication Model). Introduced hash chain authentication methods applicable to real-time streaming multicast source authentication. Through the analysis of random chain and periodical chain, carry out the analysis of HMAM (Hybrid Multi-chaining Authentication Model) proposed by our group. HMAM contains the merits of both random chaining sequence and periodical chaining sequence, and authenticates the important data first of all. Compared the computation overhead, communication overhead, resistance to the packet loss, data buffer, time delay, and authentication probability with some other similar schemes by the performance analyses and simulation results by NS-2, HMAM could adapt to authenticate real-time multicast data very well, especially for the loss channels and unreliable networks.