2nd International ICST Conference on Security and Privacy in Comunication Networks

Research Article

DaTA -- Data-Transparent Authentication Without Communication Overhead

  • @INPROCEEDINGS{10.1109/SECCOMW.2006.359567,
        author={Songqing Chen and Shiping  Chen and Xinyuan  Wang and Sushil  Jajodia},
        title={DaTA -- Data-Transparent Authentication Without Communication Overhead},
        proceedings={2nd International ICST Conference on Security and Privacy in Comunication Networks},
  • Songqing Chen
    Shiping Chen
    Xinyuan Wang
    Sushil Jajodia
    Year: 2007
    DaTA -- Data-Transparent Authentication Without Communication Overhead
    DOI: 10.1109/SECCOMW.2006.359567
Songqing Chen1,*, Shiping Chen2,*, Xinyuan Wang3,*, Sushil Jajodia2,*
  • 1: Dept. of Computer Science, George Mason University
  • 2: Center for Secure Information Systems, George Mason University
  • 3: Dept. of Information and Software Engineering, George Mason University
*Contact email: sqchen@cs.gmu.edu, schen3@gmu.edu, xwangc@gmu.edu, jajodia@gmu.edu


With the development of Internet computing techniques, continuous data streams from remote sites are commonly used in scientific and commercial applications. Correspondingly, there is increasing demand of assuring the integrity and authenticity of received data streams. Existing strategies of assuring data integrity and authenticity mainly use message authentication codes (MAC) generated on data blocks and transfer the MAC to the receiver for authentication through either out of band communication or in band communication. Transferring the MAC via out of band communication inevitably introduces communication overhead and additional complexity to synchronize the out of band communication with the data communication. Transferring the MAC via in band channel can be achieved by either appending the MAC to the original data or embedding the MAC into the original data, which would either incur communication overhead or change the original data. It would be desirable to be able to authenticate the stream data without any communication overhead and changing the original data at the same time. To deal with data packet or block loss, many of existing stream data authentication schemes rely on hash chaining, the current usage of which results in uncertainty in authenticating the subsequent data blocks once the first data packet or block loss is detected. In this paper, we propose a novel application layer authentication strategy called DaTA. This authentication scheme requires no change to the original data and causes no additional communication overhead. In addition, it can continue authenticating the rest of data stream even if some data loss has been detected. Our analysis shows that our authentication scheme is robust against packet loss and network jitter. We have implemented a prototype system to evaluate its performance. Our empirical results show that our proposed scheme is efficient and practical under various network conditions