Efficient multicast packet authentication

Providing authentication mechanisms for IP-Multicast streams is paramount for the development of large scale commercial multicast content delivery applications. This need is particularly strong for the delivery of real time content, such as live video/audio news events or financial stock quote distribution. However, this turns out to be a quite challenging problem for many reasons. First, the authentication of the multicast data must be verifiable by a potentially very large number of untrusted recipients. Second, since multicast communication protocols are almost always best effort, the authentication mechanisms needs to authenticate received content despite the potential loss of some packets. Finally, the authentication mechanism needs to be efficient enough to cope with real time data and should have a small communication overhead. We propose a new multicast authentication scheme designed to authenticate real time multicast packet streams with a potentially unlimited number of recipients. This scheme provides both integrity and non repudiation of origin, and in a majority of situations, it performs with less overhead in bytes per packet than previously proposed practical real time stream authentication schemes. source must add authentication information to the distributed content. This authentication information is used by recipients to ascertain the origin of the transmitted content. In the context of multicast authentication, we distinguish two types of distributed contents: pre-recorded and real time. Pre-recorded content describes content that is known in advance to the source, such as a film or music. For such content, the authentication information can be computed and inserted in the stream in advance. On the other hand, real time content describes content that is produced in real time such as live sports event broadcasting, news events or financial stock quotes. Real time content requires some of the authentication information to be computed in real time, which adds further constrains on the efficiency of the authentication algorithm. Thus, an efficient real time authentication algorithm can be used for pre-recorded data while the converse is not necessarily true. Moreover, it seems that real time application naturally have a stronger need for authentication. Consider as an example, the disastrous consequence that source impersonation could have for an application such as stock quote distribution, where a malicious entity could generate