摘要： 提出了一种有效的多播报文认证机制，该机制结合了Hash 树和Hash 链两种方法的特点。在发送一组多播报文时，首先将其划分为大小相等的多个子组，子组的大小由预计抵御的突发丢包发生次数确定。然后为每个子组内的报文建立一棵Hash 树，并将每棵Hash 树的树根附加于之前的若干个报文中，从而构成了Hash 链。该文使用了两种丢包模型对这种机制的性能进行了分析和模拟，其结果表明该机制在达到相同校验率的情况下，可以降低通信开销。

关键词: 多播源认证；Hash 链；突发丢包；校验率

Abstract: This paper presents an efficient scheme for multicast packet authentication, which combines ideas both in the Hash tree scheme and in the Hash chain schemes. In this scheme, a group of packets is partitioned into equal-sized subgroups, and the size is determined by the number of burst losses to be resisted. Then a Merkle Hash tree is built for each subgroup of packets, and the Hash value of every root is appended to preceding packets to form Hash chains. Its performance is analyzed and simulated by using two loss models. Compared with the original Hash chain schemes, the results show that this scheme is more efficient in term of communication overhead.

Key words: Multicast source authentication; Hash chains; Burst loss; Verification rate