I'm working on a project that involves broadcast (uni-directional) streaming and requires non-repudiation. Essentially, a device broadcasts a data stream over the air, and any receiving station needs to be confident that the data was actually transmitted by the claimed device.
My initial thought is that the broadcaster has an X.509 certificate and, every N bytes in the stream, transmits a header with a signed hash of the previous N payload bytes and transmits the certificate itself. All receivers can then verify the certificate using their own trusted cert stores, and can verify the signed hash to be confident that the previous N bytes were transmitted by the valid owner of the valid X.509 cert.
The problem with this is that you would want N to be small so that a receiver could jump in mid-stream and not have to wait long before the next "chunk" of N bytes begins (no way to verify authenticity of a chunk you only received part of), but you also want N to be large so that you minimize the overhead of transmitting the signed hash and the cert itself.
Is there a better approach to this? Perhaps I'm just not think far enough outside of the box, or am unaware of an existing standard approach.
