Annessi, R. (2019). Securing group communication in critical Infrastructures [Dissertation, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2019.43914
Communication networks have become an essential part of increasingly interconnected modern societies. Group communication is a ubiquitous concept in todays communication networks, and comprises broadcast, multicast, and anycast communication. Since group communication facilitates efficient data transmission to numerous receivers, it is more and more needed generally and specifically in critical infrastructures such as sensor data collection in Smart Grids, clock synchronization, and 5G networks. Surprisingly, no generally applicable method exists as yet to secure group communication from adversarial attacks. For this reason, group communication is often times either not secured at all or application-specific security measures are deployed that are not generally applicable and whose security is hard to assess. In this thesis, we tackle a fundamental challenge in securing group communication: data origin authentication. We evaluate various data origin authentication schemes that were proposed during the last twenty-five years for their suitability to secure group communication for critical infrastructures in general and suggest a new classification for data origin authentication schemes that covers developments in recent years. With the advent of novel high-speed signature schemes, we furthermore suggest a new class of data origin authentication schemes: unrestricted-time highspeed signing. In this way, we revise the common assumption that signing every packet individually is computationally unfeasible. To validate the unrestricted-time high-speed signing class suggested in this thesis, we evaluate it for a set of applications in critical infrastructures: sensor data collection in Smart Grids, group communication in 5G networks, and clock synchronization. For clock synchronization we additionally propose a novel set of security measures against a wealth of attacks including delay attacks and discover a fundamental limitation in clock synchronization protocols: they can either be precise or secure. An additional challenge may become prevalent when data origin authentication schemes are used on a large scale or in high-speed environments: subliminal channels in signatures. We analyze several high-speed signature schemes for their susceptibility to subliminal channels and find all of them to be susceptible. As a proof of concept, we introduce a method that exploits such subliminal channel for private botnet command and control communication over public blockchains. Given the results on data origin authentication, subliminal channels, and clock synchronization, we are" "confident that this thesis contributes to the foundation of secure group communication in critical infrastructures."