TuLP: A Family of Lightweight Message Authentication Codes for Body Sensor Networks

A wireless sensor network (WSN) commonly requires lower level security for public information gathering, whilst a body sensor network (BSN) must be secured with strong authenticity to protect personal health information. In this paper, some practical problems with the message authentication codes (MACs), which were proposed in the popular security architectures for WSNs, are reconsidered. The analysis shows that the recommended MACs for WSNs, e.g., CBCMAC (TinySec), OCB-MAC (MiniSec), and XCBC-MAC (SenSec), might not be exactly suitable for BSNs. Particularly an existential forgery attack is elaborated on XCBC-MAC. Considering the hardware limitations of BSNs, we propose a new family of tunable lightweight MAC based on the PRESENT block cipher. The first scheme, which is named TuLP, is a new lightweight MAC with 64-bit output range. The second scheme, which is named TuLP-128, is a 128-bit variant which provides a higher resistance against internal collisions. Compared with the existing schemes, our lightweight MACs are both time and resource efficient on hardware-constrained devices.

[1]  Andrey Bogdanov,et al.  spongent: A Lightweight Hash Function , 2011, CHES.

[2]  Sasikanth Avancha,et al.  Security for Sensor Networks , 2004 .

[3]  John Black,et al.  Black-Box Analysis of the Block-Cipher-Based Hash-Function Constructions from PGV , 2002, CRYPTO.

[4]  Adi Shamir,et al.  ALRED Blues: New Attacks on AES-Based MAC's , 2011, IACR Cryptol. ePrint Arch..

[5]  Matt Welsh,et al.  CodeBlue: An Ad Hoc Sensor Network Infrastructure for Emergency Medical Care , 2004 .

[6]  Vincent Rijmen,et al.  The Pelican MAC Function , 2005, IACR Cryptol. ePrint Arch..

[7]  Christof Paar,et al.  Pushing the Limits: A Very Compact and a Threshold Implementation of AES , 2011, EUROCRYPT.

[8]  Wei Wang,et al.  Impossible Differential Cryptanalysis of Pelican, MT-MAC-AES and PC-MAC-AES , 2009, IACR Cryptol. ePrint Arch..

[9]  David A. Wagner,et al.  TinySec: a link layer security architecture for wireless sensor networks , 2004, SenSys '04.

[10]  Pieter H. Hartel,et al.  Towards Secure and Practical MACs for Body Sensor Networks , 2009, INDOCRYPT.

[11]  Elaine B. Barker,et al.  The Keyed-Hash Message Authentication Code (HMAC) | NIST , 2002 .

[12]  Vincent Rijmen,et al.  A New MAC Construction ALRED and a Specific Instance ALPHA-MAC , 2005, FSE.

[13]  François-Xavier Standaert,et al.  A Statistical Saturation Attack against the Block Cipher PRESENT , 2009, CT-RSA.

[14]  Mihir Bellare,et al.  The Security of the Cipher Block Chaining Message Authentication Code , 2000, J. Comput. Syst. Sci..

[15]  N. Ferguson Collision attacks on OCB , 2002 .

[16]  Hugo Krawczyk,et al.  UMAC: Fast and Secure Message Authentication , 1999, CRYPTO.

[17]  M. Luk,et al.  MiniSec: A Secure Sensor Network Communication Architecture , 2007, 2007 6th International Symposium on Information Processing in Sensor Networks.

[18]  Yehuda Lindell,et al.  Introduction to Modern Cryptography (Chapman & Hall/Crc Cryptography and Network Security Series) , 2007 .

[19]  Jennifer Seberry,et al.  On the Internal Structure of Alpha-MAC , 2006, VIETCRYPT.

[20]  Florian Mendel,et al.  Cryptanalysis of MDC-2 , 2009, EUROCRYPT.

[21]  John A. Stankovic,et al.  ALARM-NET: Wireless Sensor Networks for Assisted-Living and Residential Monitoring , 2006 .

[22]  Wu Wen Hash Functions Based on Block Ciphers , 2009 .

[23]  Andrey Bogdanov,et al.  Hash Functions and RFID Tags: Mind the Gap , 2008, CHES.

[24]  Cihangir Tezcan,et al.  Lightweight Block Ciphers Revisited: Cryptanalysis of Reduced Round PRESENT and HIGHT , 2009, ACISP.

[25]  Meiqin Wang,et al.  Differential Cryptanalysis of Reduced-Round PRESENT , 2008, AFRICACRYPT.

[26]  Phillip Rogaway,et al.  Authenticated-encryption with associated-data , 2002, CCS '02.

[27]  Martin R. Albrecht,et al.  Algebraic Techniques in Differential Cryptanalysis , 2009, IACR Cryptol. ePrint Arch..

[28]  Christof Paar,et al.  New Designs in Lightweight Symmetric Encryption , 2008 .

[29]  Andrey Bogdanov,et al.  PRESENT: An Ultra-Lightweight Block Cipher , 2007, CHES.

[30]  Krste Asanovic,et al.  Energy-aware lossless data compression , 2006, TOCS.

[31]  Hugo Krawczyk,et al.  Keying Hash Functions for Message Authentication , 1996, CRYPTO.

[32]  Allen Y. Yang,et al.  DexterNet: An Open Platform for Heterogeneous Body Sensor Networks and its Applications , 2009, 2009 Sixth International Workshop on Wearable and Implantable Body Sensor Networks.

[33]  Martin Feldhofer,et al.  A Case Against Currently Used Hash Functions in RFID Protocols , 2006, OTM Workshops.

[34]  Elfed Lewis,et al.  Analysis of Hardware Encryption Versus Software Encryption on Wireless Sensor Network Motes , 2008 .

[35]  Mihir Bellare,et al.  OCB: a block-cipher mode of operation for efficient authenticated encryption , 2001, CCS '01.

[36]  Andrey Bogdanov,et al.  Collision Attacks on AES-Based MAC: Alpha-MAC , 2007, CHES.

[37]  Guang-Zhong Yang,et al.  Body sensor networks , 2006 .

[38]  John Black,et al.  CBC MACs for Arbitrary-Length Messages: The Three-Key Constructions , 2000, Journal of Cryptology.