Cumulative message authentication codes for resource-constrained networks


In emerging applications, such as intelligent automotive systems, Internet-of-Things (IoT) and industrial control systems, the use of conventional message authentication codes (MACs) to provide message authentication and integrity is not possible due to the large size of the MAC output. A straightforward yet naive solution to this problem is to employ a truncated MAC which undesirably sacrifices cryptographic strength in exchange for reduced communication overhead. In this paper, we address this problem by proposing a novel approach for message authentication called Cumulative Message Authentication Code (CuMAC), which consists of two distinctive procedures: aggregation and accumulation. In aggregation, a sender generates compact authentication tags from segments of multiple MACs by using a systematic encoding procedure. In accumulation, a receiver accumulates the cryptographic strength of the underlying MAC by collecting and verifying the authentication tags. Embodied with these two procedures, CuMAC enables the receiver to achieve an advantageous trade-off between the cryptographic strength and the latency in processing of the authentication tags. We have carried out comprehensive evaluations of CuMAC in two real-world applications: low-power wide-area network and in-vehicle controller area network. Our evaluation methodology included simulations as well as a prototype implementation of CuMAC on a real car.

IEEE Conference on Communications and Network Security