TuLP: A Family of Secure and Practical Message Authentication Codes for Body Sensor Networks

A wireless sensor network (WSN) commonly requires lower level security for public information gathering, whilst a body sensor network (BSN) must be secured with strong authenticity to protect personal health information. In this paper, some practical problems with the Message Authentication Codes (MACs), which were proposed in the popular security architectures for WSNs, are reconsidered. The analysis exploits the fact that the recommended MACs for WSNs, e.g., CBC-MAC (TinySec), OCB-MAC (MiniSec), and XCBC-MAC (SenSec), are not exactly suitable for BSNs. Particularly an existential forgery attack is elaborated on XCBC-MAC. Considering the hardware limitations of BSNs, we propose a new family of Tunable Lightweight MAC based on the PRESENT block cipher. The first scheme, which is named TuLP, is a new lightweight MAC with 64-bit output range. The second scheme, which is named TuLP-128, is a 128-bit variant which provides a higher resistance against internal collisions. Compared to the existing schemes, our lightweight MACs are both time and resource efficient on hardware-constrained devices.

[1]  Hugo Krawczyk,et al.  Keying Hash Functions for Message Authentication , 1996, CRYPTO.

[2]  Allen Y. Yang,et al.  DexterNet: An Open Platform for Heterogeneous Body Sensor Networks and its Applications , 2009, 2009 Sixth International Workshop on Wearable and Implantable Body Sensor Networks.

[3]  Matt Welsh,et al.  CodeBlue: An Ad Hoc Sensor Network Infrastructure for Emergency Medical Care , 2004 .

[4]  Sasikanth Avancha,et al.  Security for Sensor Networks , 2004 .

[5]  Andrey Bogdanov,et al.  Collision Attacks on AES-Based MAC: Alpha-MAC , 2007, CHES.

[6]  Pieter H. Hartel,et al.  Towards Secure and Practical MACs for Body Sensor Networks , 2009, INDOCRYPT.

[7]  Wei Wang,et al.  Impossible Differential Cryptanalysis of Pelican, MT-MAC-AES and PC-MAC-AES , 2009, IACR Cryptol. ePrint Arch..

[8]  Jennifer Seberry,et al.  On the Internal Structure of Alpha-MAC , 2006, VIETCRYPT.

[9]  Vincent Rijmen,et al.  A New MAC Construction ALRED and a Specific Instance ALPHA-MAC , 2005, FSE.

[10]  François-Xavier Standaert,et al.  A Statistical Saturation Attack against the Block Cipher PRESENT , 2009, CT-RSA.

[11]  Vienna Lecture,et al.  ON THE EUROPEAN UNION , 2010 .

[12]  Mihir Bellare,et al.  The Security of the Cipher Block Chaining Message Authentication Code , 2000, J. Comput. Syst. Sci..

[13]  David A. Wagner,et al.  TinySec: a link layer security architecture for wireless sensor networks , 2004, SenSys '04.

[14]  Meiqin Wang,et al.  Differential Cryptanalysis of Reduced-Round PRESENT , 2008, AFRICACRYPT.

[15]  Wu Wen Hash Functions Based on Block Ciphers , 2009 .

[16]  Morris J. Dworkin,et al.  SP 800-38B. Recommendation for Block Cipher Modes of Operation: the CMAC Mode for Authentication , 2005 .

[17]  Martin Feldhofer,et al.  A Case Against Currently Used Hash Functions in RFID Protocols , 2006, OTM Workshops.

[18]  John Black,et al.  CBC MACs for Arbitrary-Length Messages: The Three-Key Constructions , 2000, Journal of Cryptology.

[19]  Elfed Lewis,et al.  Analysis of Hardware Encryption Versus Software Encryption on Wireless Sensor Network Motes , 2008 .

[20]  Mihir Bellare,et al.  OCB: a block-cipher mode of operation for efficient authenticated encryption , 2001, CCS '01.

[21]  Florian Mendel,et al.  Cryptanalysis of MDC-2 , 2009, EUROCRYPT.

[22]  John A. Stankovic,et al.  ALARM-NET: Wireless Sensor Networks for Assisted-Living and Residential Monitoring , 2006 .

[23]  John Black,et al.  Black-Box Analysis of the Block-Cipher-Based Hash-Function Constructions from PGV , 2002, CRYPTO.

[24]  Vincent Rijmen,et al.  The Pelican MAC Function , 2005, IACR Cryptol. ePrint Arch..

[25]  Christof Paar,et al.  New Designs in Lightweight Symmetric Encryption , 2008 .

[26]  Andrey Bogdanov,et al.  PRESENT: An Ultra-Lightweight Block Cipher , 2007, CHES.

[27]  N. Ferguson Collision attacks on OCB , 2002 .

[28]  M. Luk,et al.  MiniSec: A Secure Sensor Network Communication Architecture , 2007, 2007 6th International Symposium on Information Processing in Sensor Networks.

[29]  Andrey Bogdanov,et al.  Hash Functions and RFID Tags: Mind the Gap , 2008, CHES.

[30]  Cihangir Tezcan,et al.  Lightweight Block Ciphers Revisited: Cryptanalysis of Reduced Round PRESENT and HIGHT , 2009, ACISP.

[31]  Hugo Krawczyk,et al.  UMAC: Fast and Secure Message Authentication , 1999, CRYPTO.

[32]  Martin R. Albrecht,et al.  Algebraic Techniques in Differential Cryptanalysis , 2009, IACR Cryptol. ePrint Arch..