| List of Figures | p. xi |
| List of Tables | p. xiii |
| Preface | p. xvii |
| Introduction | p. 1 |
| Challenges of Broadcast Communication | p. 3 |
| Why is Security for Broadcasts Hard? | p. 5 |
| Broadcast Authentication | p. 5 |
| Broadcast Signature | p. 8 |
| Broadcast Data Integrity | p. 9 |
| Confidential Broadcasts and Restricting Access to Legitimate Receivers | p. 9 |
| Security Requirements for Broadcast Applications | p. 10 |
| Novel Contributions | p. 12 |
| Scope of this Book | p. 13 |
| Book Overview | p. 13 |
| Cryptographic Fundamentals | p. 19 |
| Broadcast Network Requirements | p. 19 |
| Cryptographic Primitives | p. 20 |
| Symmetric and Asymmetric Cryptography | p. 20 |
| One-Way Functions and Hash Functions | p. 20 |
| Pseudo-Random Generator (PRG) | p. 22 |
| Message Authentication Code (MAC) | p. 22 |
| Pseudo-Random Function (PRF) | p. 22 |
| Efficiency of Cryptographic Primitives | p. 23 |
| Commitment Protocols | p. 24 |
| One-Way Chain | p. 25 |
| Merkle Hash Tree | p. 25 |
| Self-Authenticating Values | p. 26 |
| Tesla Broadcast Authentication | p. 29 |
| Requirements for Broadcast Authentication | p. 29 |
| The Basic TESLA Protocol | p. 30 |
| Sketch of protocol | p. 30 |
| Sender Setup | p. 31 |
| Bootstrapping Receivers | p. 32 |
| Broadcasting Authenticated Messages | p. 33 |
| Authentication at Receiver | p. 33 |
| TESLA Summary and Security Considerations | p. 34 |
| TIK: TESLA with Instant Key Disclosure | p. 35 |
| TIK Discussion | p. 39 |
| TIK Summary and Security Considerations | p. 40 |
| Time Synchronization | p. 40 |
| Direct Time Synchronization | p. 40 |
| Indirect Time Synchronization | p. 43 |
| Delayed Time Synchronization | p. 44 |
| Determining the Key Disclosure Delay | p. 44 |
| Variations | p. 45 |
| Instant Authentication | p. 45 |
| Concurrent TESLA Instances | p. 46 |
| Switching Key Chains | p. 48 |
| Further Extensions | p. 49 |
| Denial-of-Service Protection | p. 50 |
| DoS Attack on the Sender | p. 51 |
| DoS Attack against the Receiver | p. 52 |
| Biba Broadcast Authentication | p. 55 |
| The BiBa Signature Algorithm | p. 56 |
| The Self-Authenticating Values | p. 57 |
| Intuition for the BiBa Signature | p. 57 |
| Signature Generation | p. 58 |
| Signature Verification | p. 58 |
| Security of BiBa | p. 59 |
| BiBa Extensions | p. 59 |
| The BiBa Signature Scheme | p. 61 |
| Security Considerations | p. 62 |
| The BiBa Broadcast Authentication Protocol | p. 65 |
| One-way Ball Chains | p. 65 |
| Security Condition | p. 67 |
| BiBa Broadcast Protocol Extensions | p. 67 |
| Extension A | p. 68 |
| Extension B | p. 69 |
| Practical Considerations | p. 69 |
| Selection of BiBa Parameters | p. 70 |
| BiBa Overhead | p. 70 |
| Example: Real-time stock quotes | p. 70 |
| Efficient Public-Key Distribution | p. 73 |
| Variations and Extensions | p. 74 |
| Randomized Verification to Prevent DoS | p. 74 |
| Multi-BiBa | p. 74 |
| The Powerball Extension | p. 75 |
| One-Round BiBa is as secure as Multi-Round BiBa | p. 78 |
| Merkle Hash Trees for Ball Authentication | p. 81 |
| EMSS, MESS, & HTSS: Signatures for Broadcast | p. 85 |
| Efficient Multicast Stream Signature (EMSS) | p. 87 |
| EMSS Summary and Security Argument | p. 92 |
| MESS | p. 92 |
| Analysis for Independent Packet Loss | p. 94 |
| Correlated Packet Loss | p. 98 |
| Variations | p. 104 |
| HTSS | p. 106 |
| HTSS Summary and Security Argument | p. 110 |
| Elk Key Distribution | p. 111 |
| Introduction | p. 112 |
| Requirements for Group Key Distribution | p. 113 |
| Review of the LKH Key Distribution Protocol | p. 116 |
| Extension I: Efficient Join (LKH+) | p. 118 |
| Extension II: Efficient Leave (LKH++) | p. 119 |
| Review of the OFT Key Distribution Protocol | p. 119 |
| Reliability for Key Update Messages | p. 121 |
| Four Basic Techniques | p. 123 |
| Evolving Tree (ET) Protocol | p. 123 |
| The Time-Structured Tree (TST) Protocol | p. 125 |
| Entropy Injection Key Update (EIKU) | p. 125 |
| Very-Important Bits (VIB) | p. 128 |
| ELK: Efficient Large-Group Key Distribution | p. 130 |
| Applications and Practical Issues | p. 133 |
| Security Model | p. 133 |
| System Requirements | p. 134 |
| Parameters | p. 134 |
| Advantages | p. 135 |
| Comparison with Related Work | p. 136 |
| Unicast Key Recovery Protocol | p. 137 |
| Appendix | p. 138 |
| Additional Cryptographic Primitives | p. 138 |
| ET Detailed Description | p. 138 |
| EIKU Detailed Description | p. 140 |
| Sensor Network Security | p. 149 |
| Background | p. 151 |
| Sensor Hardware | p. 151 |
| Is Security on Sensors Possible? | p. 152 |
| System Assumptions | p. 153 |
| Communication Architecture | p. 153 |
| Trust Requirements | p. 154 |
| Design Guidelines | p. 155 |
| Requirements for Sensor Network Security | p. 155 |
| Data Confidentiality | p. 155 |
| Data Authentication | p. 155 |
| Data Freshness | p. 156 |
| Additional Notation | p. 156 |
| SNEP and [mu]TESLA | p. 157 |
| SNEP: Data Confidentiality, Authentication, and Freshness | p. 157 |
| [mu]TESLA: Authenticated Broadcast | p. 161 |
| Implementation | p. 165 |
| Evaluation | p. 168 |
| Application of SNEP: Node-to-Node Key Agreement | p. 172 |
| Related Work | p. 175 |
| General Broadcast Security | p. 175 |
| Broadcast Authentication | p. 176 |
| Broadcast Signature | p. 178 |
| Digital Signatures Based on One-way Functions without Trapdoors | p. 179 |
| Small-Group Key Agreement | p. 180 |
| Large-Group Key Distribution | p. 181 |
| Conclusion | p. 185 |
| Open Problems | p. 186 |
| Glossary | p. 189 |
| References | p. 193 |
| Index | p. 213 |
| Table of Contents provided by Syndetics. All Rights Reserved. |
