Paper 2023/1919

When and How to Aggregate Message Authentication Codes on Lossy Channels?

Eric Wagner, Fraunhofer FKIE, RWTH Aachen University
Martin Serror, Fraunhofer FKIE
Klaus Wehrle, RWTH Aachen University
Martin Henze, RWTH Aachen University, Fraunhofer FKIE
Abstract

Aggregation of message authentication codes (MACs) is a proven and efficient method to preserve valuable bandwidth in resource-constrained environments: Instead of appending a long authentication tag to each message, the integrity protection of multiple messages is aggregated into a single tag. However, while such aggregation saves bandwidth, a single lost message typically means that authentication information for multiple messages cannot be verified anymore. With the significant increase of bandwidth-constrained lossy communication, as applications shift towards wireless channels, it thus becomes paramount to study the impact of packet loss on the diverse MAC aggregation schemes proposed over the past 15 years to assess when and how to aggregate message authentication. Therefore, we empirically study all relevant MAC aggregation schemes in the context of lossy channels, investigating achievable goodput improvements, the resulting verification delays, processing overhead, and resilience to denial-of-service attacks. Our analysis shows the importance of carefully choosing and configuring MAC aggregation, as selecting and correctly parameterizing the right scheme can, e.g., improve goodput by 39% to 444%, depending on the scenario. However, since no aggregation scheme performs best in all scenarios, we provide guidelines for network operators to select optimal schemes and parameterizations suiting specific network settings.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published elsewhere. ACNS'24
Keywords
Message Authentication CodeMAC Aggregation
Contact author(s)
eric wagner @ fkie fraunhofer de
martin serror @ fkie fraunhofer de
wehrle @ comsys rwth-aachen de
henze @ spice rwth-aachen de
History
2023-12-15: approved
2023-12-15: received
See all versions
Short URL
https://ia.cr/2023/1919
License
Creative Commons Attribution-NonCommercial-NoDerivs
CC BY-NC-ND

BibTeX

@misc{cryptoeprint:2023/1919,
      author = {Eric Wagner and Martin Serror and Klaus Wehrle and Martin Henze},
      title = {When and How to Aggregate Message Authentication Codes on Lossy Channels?},
      howpublished = {Cryptology {ePrint} Archive, Paper 2023/1919},
      year = {2023},
      url = {https://eprint.iacr.org/2023/1919}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.