DoS Protection for Reliably Authenticated Broadcast

Authenticating broadcast packet communications poses a challenge that cannot be addressed efficiently with public key signatures on each packet, or securely with the use of a pre-distributed shared secret key, or practically with unicast tunnels. Unreliability is an intrinsic problem: many broadcast protocols assume that some information will be lost, making it problematic to amortize the cost of a single public key signature across multiple packets. Forward Error Correction (FEC) can compensate for loss of packets, but denial of service risks prevent the naive use of both public keys and FEC in authentication. In this paper we introduce a protocol, Broadcast Authentication Streams (BAS), that overcomes these barriers and provides a simple and efficient scheme for authenticating broadcast packet communications based on a new technique called selective verification. We analyze BAS theoretically, experimentally, and architecturally. Our prototype implementation realizes processing throughput of 200Mbps with a bandwidth overhead of less than 3% on channels with losses of up to 40% and handles signature flood attacks of more than 100Mbps on stock PCs. It achieves this based on public key signatures with a confidence of authentication of more than 99%.