Journal of Computer Science and Technology

, Volume 29, Issue 1, pp 53–68 | Cite as

TuLP: A Family of Lightweight Message Authentication Codes for Body Sensor Networks

  • Zheng Gong
  • Pieter Hartel
  • Svetla Nikova
  • Shao-Hua Tang
  • Bo Zhu
Original Paper

Abstract

A wireless sensor network (WSN) commonly requires lower level security for public information gathering, whilst a body sensor network (BSN) must be secured with strong authenticity to protect personal health information. In this paper, some practical problems with the message authentication codes (MACs), which were proposed in the popular security architectures for WSNs, are reconsidered. The analysis shows that the recommended MACs for WSNs, e.g., CBCMAC (TinySec), OCB-MAC (MiniSec), and XCBC-MAC (SenSec), might not be exactly suitable for BSNs. Particularly an existential forgery attack is elaborated on XCBC-MAC. Considering the hardware limitations of BSNs, we propose a new family of tunable lightweight MAC based on the PRESENT block cipher. The first scheme, which is named TuLP, is a new lightweight MAC with 64-bit output range. The second scheme, which is named TuLP-128, is a 128-bit variant which provides a higher resistance against internal collisions. Compared with the existing schemes, our lightweight MACs are both time and resource efficient on hardware-constrained devices.

Keywords

message authentication code body sensor network low-resource implementation 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Supplementary material

References

  1. 1.
    Yang G Z (eds.). Body Sensor Network. Springer London, 2006.Google Scholar
  2. 2.
    Malan D, Fulford-Jones T, Welsh M, Moulton S. CodeBlue: An ad hoc sensor network infrastructure for emergency medical care. In Proc. International Workshop on Wearable and Implantable Body Sensor Networks, April 2004.Google Scholar
  3. 3.
    Wood A, Virone G, Doan T, Cao Q, Selavo L, Wu Y, Fang L, He Z, Lin S, Stankovic J. ALARM-NET: Wireless sensor networks for assisted-living and residential monitoring. Technical Report, Department of Computer Science, University of Virginia, 2006.Google Scholar
  4. 4.
    Kuryloski P, Giani A, Giannantonio R et al. DexterNet: An open platform for heterogeneous body sensor networks and its applications. In Proc. the 6th International Workshop on Wearable and Implantable Body Sensor Networks, June 2009, pp.92-97.Google Scholar
  5. 5.
    Perrig A, Szewczyk R, Wen V, Culler D, Tygar J D. SPINS: Security protocols for sensor networks. In Proc. the 7th Annual International Conference on Mobile Computing and Networking, July 2001, pp.189-199.Google Scholar
  6. 6.
    Karlof C, Sastry N, Wagner D. TinySec: A link layer security architecture for wireless sensor networks. In Proc. the 2nd International Conference on Embedded Networked Sensor Systems, November 2004, pp.162-175.Google Scholar
  7. 7.
    Li T, Wu H, Wang X, Bao F. SenSec design. Technical Report, I2R Sensor Network Flagship Project (SNFP: Security part), Technical Report-TR v1.0, February 2005.Google Scholar
  8. 8.
    Luk M, Mezzour G, Perrig A, Gligor V. MiniSec: A secure sensor network communication architecture. In Proc. the 6th IEEE International Conference on Information Processing in Sensor Networks (IPSN), April 2007, pp.479-488.Google Scholar
  9. 9.
    ISO. Information technology—Security techniques—Message authentication codes (MACs)—Part 1: Mechanisms using a block cipher. ISO9797-1, 1999. http://www.iso.org/iso/isocatalogue/catalogue tc, August 2013.
  10. 10.
    Rogaway P, Bellare M, Black J. OCB: A block-cipher mode of operation for e ± cient authenticated encryption. ACM Transactions on Information and System Security, 2003, 6(3): 365-403.CrossRefGoogle Scholar
  11. 11.
    Information Technology Laboratory, National Institute of Standards and Technology of U.S. The keyed-hash message authentication code (HMAC). Federal Information Processing Standards Publication, FIPS PUB 198. http://csrc.nist.gov/publications/ps/ps198/ps-198a.pdf, Oct. 2013.
  12. 12.
    Bogdanov A, Leander G, Paar C, Poschmann A, Robshaw M J B, Seurin Y. Hash functions and RFID tags: Mind the gap. In Lecture Notes in Computer Science 5154, Oswald E, Rohatgi P (eds.), Springer-Verlag, 2008, pp.283-299.Google Scholar
  13. 13.
    Daemen J, Rijmen V. A new MAC construction ALRED and a speci¯c instance ALPHA-MAC. In Lecture Notes in Computer Science 3557, Gilbert H, Handschuh H (eds.), Springer-Verlag, 2005, pp.1-17.Google Scholar
  14. 14.
    Bogdanov A, Knudsen L R, Leander G et al. PRESENT: An ultra-lightweight block cipher. In Lecture Notes in Computer Science 4727, Paillier P, Verbauwhede I (eds.), Springer Heidelberg, 2007, pp.450-466.Google Scholar
  15. 15.
    Huang J, Seberry J, Susilo W. On the internal structure of ALPHA-MAC. In Lecture Notes in Computer Science 4341, Nguyen P Q (ed.), Springer-Verlag, 2006, pp.271-285.Google Scholar
  16. 16.
    Biryukov A, Bogdanov A, Khovratovich D, Kasper T. Collision attacks on AES-based MAC: ALPHA-MAC. In Lecture Notes in Computer Science 4727, Paillier P, Verbauwhede I (eds.), Springer-Verlag, 2007, pp.166-180.Google Scholar
  17. 17.
    Wang W, Wang X, Xu G. Impossible di®erential cryptanalysis of Pelican, MT-MAC-AES and PC-MAC-AES. Cryptology ePrint Archive, http://eprint.iacr.org/2009/005, August 2013.
  18. 18.
    Dunkelman O, Keller N, Shamir A. ALRED blues: New attacks on AES-based MAC's. Cryptology ePrint Archive, http://eprint.iacr.org/2011/095, August 2013.
  19. 19.
    Gong Z, Hartel P, Nikova S, Zhu B. Towards secure and practical MACs for body sensor networks. In Lecture Notes in Computer Science 5922, Roy B K, Sendrier N (eds.), Springer-Verlag, 2009, pp.182-198.Google Scholar
  20. 20.
    Daemen J, Rijmen V. The Pelican MAC function. Cryptology ePrint Archive, http://eprint.iacr.org/2005/088, August 2013.
  21. 21.
    Bogdanov A, Knežević M, Leander G, Toz D, Varici K, Verbauwhede I. SPONGENT: A lightweight hash function. In Lecture Notes in Computer Science 6917, Preneel B, Takagi T (eds.), Springer-Verlag, 2011, pp.312-325.Google Scholar
  22. 22.
    Wang M. Differential cryptanalysis of reduced-round PRESENT. In Lecture Notes in Computer Science 5023, Vaudenay S (ed.), Springer-Verlag, 2008, pp.40-49.Google Scholar
  23. 23.
    Albrecht M, Cid C. Algebraic techniques in di®erential crypt-analysis. In Lecture Notes in Computer Science 5665, Dunkelman O (ed.), Springer-Verlag, 2009, pp.193-208.Google Scholar
  24. 24.
    Collard B, Standaert F X. A statistical saturation attack against the block cipher PRESENT. In Lecture Notes in Computer Science 5473, Fischlin M (ed.), Springer-Verlag, 2009, pp.195-210.Google Scholar
  25. 25.
    Ä Ozen O, Varici K, Tezcan C, Kocair Ç. Lightweight block ciphers revisited: Cryptanalysis of reduced round PRESENT and HIGHT. In Lecture Notes in Computer Science 5594, Boyd C, Nieto J G (eds.), Springer-Verlag, 2009, pp.90-107.Google Scholar
  26. 26.
    Katz J, Lindell Y. Introduction to Modern Cryptography (Chapman & Hall/CRC Cryptography and Network Security Series). Chapman & Hall/CRC, 2007.Google Scholar
  27. 27.
    Rogaway P. Authenticated-encryption with associated-data. In Proc. the 9th ACM Conference on Computer and Communications Security, November 2002, pp.98-107.Google Scholar
  28. 28.
    Barr K C, Asanović K. Energy-aware lossless data compression. ACM Transactions on Computer Systems, 2006, 24(3): 250-291.CrossRefGoogle Scholar
  29. 29.
    Bellare M, Kilian J, Rogaway P. The security of the cipher block chaining message authentication code. Journal of Computer and System Sciences, 2000, 61(3): 362-399.CrossRefMATHMathSciNetGoogle Scholar
  30. 30.
    Black J, Rogaway P. CBC MACs for arbitrary-length messages: The three-key constructions. Journal of Cryptology, 2005, 18(2): 111-131.CrossRefMATHMathSciNetGoogle Scholar
  31. 31.
    Ferguson N. Collision attacks on OCB. http://csrc.nist.gov, August 2013.
  32. 32.
    Black J, Halevi S, Krawczyk H, Krovetz T, Rogaway P. UMAC: Fast and secure massage authentication. In Lecture Notes in Computer Science 1666, Wiener M (ed.), Springer-Verlag, 1999, pp.216-233.Google Scholar
  33. 33.
    Bellare M, Canetti R, Krawczyk H. Keying hash functions for message authentication. In Lecture Notes in Computer Science 1109, Koblitz N (ed.), Springer-Verlag, 1996, pp.1-15.Google Scholar
  34. 34.
    Preneel B, van Rompay B, Ä Ors S B et al. Performance of optimized implementations of the NESSIE primitives (v2.0 edition). In The NESSIE Consortium, http://www.cosic.esat.kuleuven.be/nessie/deliverables/D21-v2.pdf, August 2013.
  35. 35.
    Paar C, Poschmann A, Robshaw M J B. New designs in lightweight symmetric encryption. In RFID Security: Techniques, Protocols and System-on-Chip Design, Kitsos P, Zhang Y (eds.), Springer, 2008, pp.349-371.Google Scholar
  36. 36.
    Feldhofer M, Rechberger C. A case against currently used hash functions in RFID protocols. In Lecture Notes in Computer Science 4277, Meersman R, Tari Z, Herrero P (eds.), Springer-Verlag, 2006, pp.372-381.Google Scholar
  37. 37.
    ISO. Information technology—Security techniques—Hash-functions—Part 2: Hash-functions using an n-bit block cipher algorithm. ISO/IEC10118-2, 2010. http://www.iso.org/iso/home/store/cataloguetc , August 2013.
  38. 38.
    Black J, Rogaway P, Shrimpton T. Black-box analysis of the block-cipher-based hash-function constructions from PGV. In Lecture Notes in Computer Science 2442, Yung M (ed.), Springer, 2002, pp. 320-335.Google Scholar
  39. 39.
    Knudsen L, Mendel F, Rechberger C, Thomsen S. Cryptanalysis of MDC-2. In Lecture Notes in Computer Science 5479, Joux A (ed.), Springer, 2009, pp.106-120.Google Scholar
  40. 40.
    Lai X, Massey J. Hash functions based on block ciphers. In Lecture Notes in Computer Science 658, Rueppel R A (ed.), Springer, 1993, pp.55-70.Google Scholar
  41. 41.
    Healy M, Newe T, Lewis E. Analysis of hardware encryption versus software encryption on wireless sensor network motes. In Lecture Notes in Electrical Engineering 20, Mukhopadhyay S C, Gupta G S (eds.), Springer, 2008, pp.3-14.Google Scholar
  42. 42.
    Moradi A, Poschmann A, Ling S, Paar C, Wang H. Pushing the limits: A very compact and a threshold implementation of AES. In Lecture Notes in Computer Science 6632, Paterson K G (ed.), Springer-Verlag, 2011, pp.69-88.Google Scholar

Copyright information

© Springer Science+Business Media New York & Science Press, China 2014

Authors and Affiliations

  • Zheng Gong
    • 1
  • Pieter Hartel
    • 2
  • Svetla Nikova
    • 3
  • Shao-Hua Tang
    • 4
  • Bo Zhu
    • 5
  1. 1.School of Computer ScienceSouth China Normal UniversityGuangzhouChina
  2. 2.Faculty of Electrical Engineering, Mathematics and Computer ScienceUniversity of TwenteEnschedeThe Netherlands
  3. 3.Department of ESAT/SCD-COSICKatholieke Universiteit LeuvenLeuvenBelgium
  4. 4.School of Computer Science and EngineeringSouth China University of TechnologyGuangzhouChina
  5. 5.Department of Electrical and Computer EngineeringUniversity of WaterlooWaterlooCanada

Personalised recommendations