{"title":"时间触发嵌入式控制网络中基于有效性投票的低成本组播认证","authors":"Christopher Szilagyi, P. Koopman","doi":"10.1145/1873548.1873558","DOIUrl":null,"url":null,"abstract":"Wired embedded networks must include multicast authentication to prevent masquerade attacks within the network. However, unique constraints for these networks make most existing multicast authentication techniques impractical. Our previous work provides multicast authentication for time-triggered applications on embedded networks by validating truncated message authentication codes across multiple packets. In this work, we improve overall bandwidth efficiency and reduce authentication latency by using unanimous voting on message value and validity amongst a group of nodes. This technique decreases the probability of successful per-packet forgery by using one extra bit per additional voter, regardless of the number of total receivers. This can permit using fewer authentication bits per receiver. We derive an upper bound on the probability of successful forgery and experimentally verify it using simulated attacks. For example, we show that with two authentication bits per receiver, adding four additional bits per message to vote amongst four nodes reduces the probability of per-packet forgery by a factor of more than 100. When integrated with our prior work on time-triggered authentication, this technique reduces the number of authentication message rounds required for this example by a factor of three. Model-checking with AVISPA confirms data integrity and data origin authenticity for this approach.","PeriodicalId":114446,"journal":{"name":"WESS '10","volume":"53 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2010-10-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"48","resultStr":"{\"title\":\"Low cost multicast authentication via validity voting in time-triggered embedded control networks\",\"authors\":\"Christopher Szilagyi, P. Koopman\",\"doi\":\"10.1145/1873548.1873558\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Wired embedded networks must include multicast authentication to prevent masquerade attacks within the network. However, unique constraints for these networks make most existing multicast authentication techniques impractical. Our previous work provides multicast authentication for time-triggered applications on embedded networks by validating truncated message authentication codes across multiple packets. In this work, we improve overall bandwidth efficiency and reduce authentication latency by using unanimous voting on message value and validity amongst a group of nodes. This technique decreases the probability of successful per-packet forgery by using one extra bit per additional voter, regardless of the number of total receivers. This can permit using fewer authentication bits per receiver. We derive an upper bound on the probability of successful forgery and experimentally verify it using simulated attacks. For example, we show that with two authentication bits per receiver, adding four additional bits per message to vote amongst four nodes reduces the probability of per-packet forgery by a factor of more than 100. When integrated with our prior work on time-triggered authentication, this technique reduces the number of authentication message rounds required for this example by a factor of three. Model-checking with AVISPA confirms data integrity and data origin authenticity for this approach.\",\"PeriodicalId\":114446,\"journal\":{\"name\":\"WESS '10\",\"volume\":\"53 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2010-10-24\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"48\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"WESS '10\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/1873548.1873558\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"WESS '10","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/1873548.1873558","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Low cost multicast authentication via validity voting in time-triggered embedded control networks
Wired embedded networks must include multicast authentication to prevent masquerade attacks within the network. However, unique constraints for these networks make most existing multicast authentication techniques impractical. Our previous work provides multicast authentication for time-triggered applications on embedded networks by validating truncated message authentication codes across multiple packets. In this work, we improve overall bandwidth efficiency and reduce authentication latency by using unanimous voting on message value and validity amongst a group of nodes. This technique decreases the probability of successful per-packet forgery by using one extra bit per additional voter, regardless of the number of total receivers. This can permit using fewer authentication bits per receiver. We derive an upper bound on the probability of successful forgery and experimentally verify it using simulated attacks. For example, we show that with two authentication bits per receiver, adding four additional bits per message to vote amongst four nodes reduces the probability of per-packet forgery by a factor of more than 100. When integrated with our prior work on time-triggered authentication, this technique reduces the number of authentication message rounds required for this example by a factor of three. Model-checking with AVISPA confirms data integrity and data origin authenticity for this approach.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
