Broadcast is an important mechanism for communication over the Internet and wireless networks. What are security challenges for broadcasts? We need to verify the authenticity of messages, to prevent spoofing or data injection. And, if broadcasts contain private or secret material, we need to make sure that only authorized parties can access the information.

It is difficult to make broadcast secure because (1) packets may get lost, but many broadcast applications do not retransmit them; (2) receivers often need to process data as packets arrive, rather than buffering data; (3) receivers are heterogeneous, with widely varying bandwidth and computation resources; (4) the group of receivers may be dynamic, with members joining and leaving the group at any time. Previous security protocols cannot efficiently handle all of these conditions.

I will describe how I designed and built a suite of new efficient security protocol families to enable broadcast authentication (TESLA & BiBa), broadcast signature (HTSS & MESS), and key distribution for large dynamic groups (ELK). My protocols are efficient, scalable, and tolerate high packet loss. I will also discuss an implementation on a secure sensor network using nodes with sharply limited resources (8-bit microprocessor, 8-K ROM, 512 bytes RAM, limited battery life).