Forward-Secure Sequential Aggregate Message Authentication Revisited
The notion of forward-secure sequential aggregate message authentication was introduced by Ma and Tsudik in 2007. It is suitable for applications such as audit logging systems and wireless sensor networks. Ma and Tsudik also constructed a scheme with a MAC function and a collision resistant hash function. However, the notion has not been fully formalized and the security of the scheme has not been confirmed. In this paper, forward-secure sequential aggregate message authentication schemes and their security are formalized. Then, a generic construction with a MAC function and a pseudorandom generator is presented. It is also shown that the construction is secure if the underlying primitives are secure.
Unable to display preview. Download preview PDF.
- 2.Bellare, M., Canetti, R., Krawczyk, H.: Pseudorandom functions revisited: The cascade construction and its concrete security. In: Proceedings of the 37th IEEE Symposium on Foundations of Computer Science, pp. 514–523 (1996)Google Scholar
- 4.Bellare, M., Yee, B.S.: Forward integrity for secure audit logs. Technical report, University of California, San Diego (1997)Google Scholar
- 8.FIPS PUB 198-1. The keyed-hash message authentication code, HMAC (2008)Google Scholar
- 14.Ma, D., Tsudik, G.: Extended abstract: Forward-secure sequential aggregate authentication. In: IEEE Symposium on Security and Privacy, pp. 86–91. IEEE Computer Society (2007), Also published as IACR Cryptology ePrint Archive: Report 2007/052 at http://eprint.iacr.org/
- 15.Ma, D., Tsudik, G.: A new approach to secure logging. ACM Transactions on Storage 5(1), 2:1–2:21 (2009)Google Scholar
- 17.NIST Special Publication 800-38B. Recommendation for block cipher modes of operation: The CMAC mode for authentication (2005)Google Scholar
- 20.Wang, B., Hong, X.: Sequential message authentication code without random oracles. Cryptology ePrint Archive, Report 2013/444 (2013), http://eprint.iacr.org/
- 21.Wang, X., Feng, D., Lai, X., Yu, H.: Collisions for hash functions MD4, MD5, HAVAL-128 and RIPEMD. In: Cryptology ePrint Archive, Report 2004/199 (2004), http://eprint.iacr.org/