Paper 2023/1919
When and How to Aggregate Message Authentication Codes on Lossy Channels?
Abstract
Aggregation of message authentication codes (MACs) is a proven and efficient method to preserve valuable bandwidth in resource-constrained environments: Instead of appending a long authentication tag to each message, the integrity protection of multiple messages is aggregated into a single tag. However, while such aggregation saves bandwidth, a single lost message typically means that authentication information for multiple messages cannot be verified anymore. With the significant increase of bandwidth-constrained lossy communication, as applications shift towards wireless channels, it thus becomes paramount to study the impact of packet loss on the diverse MAC aggregation schemes proposed over the past 15 years to assess when and how to aggregate message authentication. Therefore, we empirically study all relevant MAC aggregation schemes in the context of lossy channels, investigating achievable goodput improvements, the resulting verification delays, processing overhead, and resilience to denial-of-service attacks. Our analysis shows the importance of carefully choosing and configuring MAC aggregation, as selecting and correctly parameterizing the right scheme can, e.g., improve goodput by 39% to 444%, depending on the scenario. However, since no aggregation scheme performs best in all scenarios, we provide guidelines for network operators to select optimal schemes and parameterizations suiting specific network settings.
Metadata
- Available format(s)
- Category
- Secret-key cryptography
- Publication info
- Published elsewhere. ACNS'24
- Keywords
- Message Authentication CodeMAC Aggregation
- Contact author(s)
-
eric wagner @ fkie fraunhofer de
martin serror @ fkie fraunhofer de
wehrle @ comsys rwth-aachen de
henze @ spice rwth-aachen de - History
- 2023-12-15: approved
- 2023-12-15: received
- See all versions
- Short URL
- https://ia.cr/2023/1919
- License
-
CC BY-NC-ND
BibTeX
@misc{cryptoeprint:2023/1919, author = {Eric Wagner and Martin Serror and Klaus Wehrle and Martin Henze}, title = {When and How to Aggregate Message Authentication Codes on Lossy Channels?}, howpublished = {Cryptology {ePrint} Archive, Paper 2023/1919}, year = {2023}, url = {https://eprint.iacr.org/2023/1919} }