Adrian Perrig Security Protocols for Broadcast Networks Degree Type: Ph.D. in Computer Science Advisor(s): Doug Tygar Graduated: May 2002 Abstract: Broadcast is an important mechanism for large scale information dissemination, in satellite-based communications, wireless networks, and the Internet. Security is central for broadcast applications: (1) data injection or message spoofing is easy in many broadcast networks, so the receivers need to verify the authenticity of messages they receive; (2) anybody can receive broadcast packets, so applications require technologies to restrict access to content to legitimate receivers. The nature of broadcast communication makes it particularly challenging to provide the desired security properties: (1) in many broadcast networks, packets may get lost, and lost packets are often not retransmitted (to achieve scalability); (2) many broadcast applications require to process data as soon as the packets arrive; (3) receivers are heterogenous, with widely varying bandwidth and computation resources; (4) the group of receivers may be dynamic, with members joining and leaving the group at any time. In my thesis, I designed and built a suite of new efficient security protocols to enable broadcast authentication (TESLA & BiBa), broadcast signature (HTSS & MESS), and key distribution for large dynamic groups (ELK). These protocols have high efficiency and scalability, and can tolerate high packet loss. Moreover, I have built efficient, secure communication for sensor networks using these protocols, demonstrating that these protocols are practical even for resource-starved sensors.