›› 2014, Vol. 29 ›› Issue (1): 53-68.doi: 10.1007/s11390-013-1411-8

Special Issue: Computer Networks and Distributed Computing

• Computer Networks and Distributed Computing • Previous Articles     Next Articles

TuLP:A Family of Lightweight Message Authentication Codes for Body Sensor Networks

Zheng Gong1 (龚征), Pieter Hartel2, Svetla Nikova3, Shao-Hua Tang4 (唐韶华), Member, IEEE and Bo Zhu5 (朱博)   

  1. 1 School of Computer Science, South China Normal University, Guangzhou 510631, China;
    2 Faculty of Electrical Engineering, Mathematics and Computer Science, University of Twente, Enschede 7500AE The Netherlands;
    3 Department of ESAT/SCD-COSIC, Katholieke Universiteit Leuven, Leuven, Belgium;
    4 School of Computer Science and Engineering, South China University of Technology, Guangzhou 510641, China;
    5 Department of Electrical and Computer Engineering, University of Waterloo, Waterloo N2L 3G1, Canada
  • Received:2013-01-25 Revised:2013-08-16 Online:2014-01-05 Published:2014-01-05
  • Supported by:

    This work is supported by the National Foundation of Netherlands with SenterNovem for the ALwEN project under Grant No. PNE07007, the National Natural Science Foundation of China under Grant Nos. 61100201, U1135004, and 61170080, the Universities and Colleges Pearl River Scholar Funded Scheme of Guangdong Province of China (2011), the High-Level Talents Project of Guangdong Institutions of Higher Education of China (2012), the Project on the Integration of Industry, Education and Research of Guangdong Province of China under Grant No. 2012B091000035, and the Project of Science and Technology New Star of Guangzhou Pearl River of China (2014).

A wireless sensor network (WSN) commonly requires lower level security for public information gathering, whilst a body sensor network (BSN) must be secured with strong authenticity to protect personal health information. In this paper, some practical problems with the message authentication codes (MACs), which were proposed in the popular security architectures for WSNs, are reconsidered. The analysis shows that the recommended MACs for WSNs, e.g., CBC-MAC (TinySec), OCB-MAC (MiniSec), and XCBC-MAC (SenSec), might not be exactly suitable for BSNs. Particularly an existential forgery attack is elaborated on XCBC-MAC. Considering the hardware limitations of BSNs, we propose a new family of tunable lightweight MAC based on the PRESENT block cipher. The first scheme, which is named TuLP, is a new lightweight MAC with 64-bit output range. The second scheme, which is named TuLP-128, is a 128-bit variant which provides a higher resistance against internal collisions. Compared with the existing schemes, our lightweight MACs are both time and resource efficient on hardware-constrained devices.

[1] Yang G Z (eds.). Body Sensor Network. Springer London, 2006.
[2] Malan D, Fulford-Jones T, Welsh M, Moulton S. CodeBlue: An ad hoc sensor network infrastructure for emergency medical care. In Proc. International Workshop on Wearable and Implantable Body Sensor Networks, April 2004.
[3] Wood A, Virone G, Doan T, Cao Q, Selavo L, Wu Y, Fang L, He Z, Lin S, Stankovic J. ALARM-NET: Wireless sensor networks for assisted-living and residential monitoring. Technical Report, Department of Computer Science, University of Virginia, 2006.
[4] Kuryloski P, Giani A, Giannantonio R et al. DexterNet: An open platform for heterogeneous body sensor networks and its applications. In Proc. the 6th International Workshop on Wearable and Implantable Body Sensor Networks, June 2009, pp.92-97.
[5] Perrig A, Szewczyk R, Wen V, Culler D, Tygar J D. SPINS: Security protocols for sensor networks. In Proc. the 7th Annual International Conference on Mobile Computing and Networking, July 2001, pp.189-199.
[6] Karlof C, Sastry N, Wagner D. TinySec: A link layer security architecture for wireless sensor networks. In Proc. the 2nd International Conference on Embedded Networked Sensor Systems, November 2004, pp.162-175.
[7] Li T, Wu H, Wang X, Bao F. SenSec design. Technical Report, I2R Sensor Network Flagship Project (SNFP: Security part), Technical Report-TR v1.0, February 2005.
[8] Luk M, Mezzour G, Perrig A, Gligor V. MiniSec: A secure sensor network communication architecture. In Proc. the 6th IEEE International Conference on Information Processing in Sensor Networks (IPSN), April 2007, pp.479-488.
[9] ISO. Information technology | Security techniques | Message authentication codes (MACs) | Part 1: Mechanisms using a block cipher. ISO9797-1, 1999. http://www.iso.org/iso/iso catalogue/catalogue tc, August 2013.
[10] Rogaway P, Bellare M, Black J. OCB: A block-cipher mode of operation for efficient authenticated encryption. ACM Transactions on Information and System Security, 2003, 6(3): 365403.
[11] Information Technology Laboratory, National Institute of Standards and Technology of U.S. The keyed-hash message authentication code (HMAC). Federal Information Processing Standards Publication, FIPS PUB 198. http:// csrc.nist.gov/publications/fips/fips198/fips-198a.pdf, Oct. 2013.
[12] Bogdanov A, Leander G, Paar C, Poschmann A, Robshaw M J B, Seurin Y. Hash functions and RFID tags: Mind the gap. In Lecture Notes in Computer Science 5154, Oswald E, Rohatgi P (eds.), Springer-Verlag, 2008, pp.283-299.
[13] Daemen J, Rijmen V. A new MAC construction ALRED and a specific instance ALPHA-MAC. In Lecture Notes in Computer Science 3557, Gilbert H, Handschuh H (eds.), SpringerVerlag, 2005, pp.1-17.
[14] Bogdanov A, Knudsen L R, Leander G et al. PRESENT: An ultra-lightweight block cipher. In Lecture Notes in Computer Science 4727, Paillier P, Verbauwhede I (eds.), Springer Heidelberg, 2007, pp.450-466.
[15] Huang J, Seberry J, Susilo W. On the internal structure of ALPHA-MAC. In Lecture Notes in Computer Science 4341, Nguyen P Q (ed.), Springer-Verlag, 2006, pp.271-285.
[16] Biryukov A, Bogdanov A, Khovratovich D, Kasper T. Collision attacks on AES-based MAC: ALPHA-MAC. In Lecture Notes in Computer Science 4727, Paillier P, Verbauwhede I (eds.), Springer-Verlag, 2007, pp.166-180.
[17] Wang W, Wang X, Xu G. Impossible differential cryptanalysis of Pelican, MT-MAC-AES and PC-MAC-AES. Cryptology ePrint Archive, http://eprint.iacr.org/2009/005, August 2013.
[18] Dunkelman O, Keller N, Shamir A. ALRED blues: New attacks on AES-based MAC's. Cryptology ePrint Archive, http://eprint.iacr.org/2011/095, August 2013.
[19] Gong Z, Hartel P, Nikova S, Zhu B. Towards secure and practical MACs for body sensor networks. In Lecture Notes in Computer Science 5922, Roy B K, Sendrier N (eds.), SpringerVerlag, 2009, pp.182-198.
[20] Daemen J, Rijmen V. The Pelican MAC function. Cryptology ePrint Archive, http://eprint.iacr.org/2005/088, August 2013.
[21] Bogdanov A, Kne穤evi禼 M, Leander G, Toz D, Varici K, Verbauwhede I. SPONGENT: A lightweight hash function. In Lecture Notes in Computer Science 6917, Preneel B, Takagi T (eds.), Springer-Verlag, 2011, pp.312-325.
[22] Wang M. Differential cryptanalysis of reduced-round PRESENT. In Lecture Notes in Computer Science 5023, Vaudenay S (ed.), Springer-Verlag, 2008, pp.40-49.
[23] Albrecht M, Cid C. Algebraic techniques in differential cryptanalysis. In Lecture Notes in Computer Science 5665, Dunkelman O (ed.), Springer-Verlag, 2009, pp.193-208.
[24] Collard B, Standaert F X. A statistical saturation attack against the block cipher PRESENT. In Lecture Notes in Computer Science 5473, Fischlin M (ed.), Springer-Verlag, 2009, pp.195-210.
[25] Özen O, Varici K, Tezcan C, Kocair Ç . Lightweight block ciphers revisited: Cryptanalysis of reduced round PRESENT and HIGHT. In Lecture Notes in Computer Science 5594, Boyd C, Nieto J G (eds.), Springer-Verlag, 2009, pp.90-107.
[26] Katz J, Lindell Y. Introduction to Modern Cryptography (Chapman & Hall/CRC Cryptography and Network Security Series). Chapman & Hall/CRC, 2007.
[27] Rogaway P. Authenticated-encryption with associated-data. In Proc. the 9th ACM Conference on Computer and Communications Security, November 2002, pp.98-107.
[28] Barr K C, Asanovi禼 K. Energy-aware lossless data compression. ACM Transactions on Computer Systems, 2006, 24(3): 250-291.
[29] Bellare M, Kilian J, Rogaway P. The security of the cipher block chaining message authentication code. Journal of Computer and System Sciences, 2000, 61(3): 362-399.
[30] Black J, Rogaway P. CBC MACs for arbitrary-length messages: The three-key constructions. Journal of Cryptology, 2005, 18(2): 111-131.
[31] Ferguson N. Collision attacks on OCB. http://csrc.nist.gov, August 2013.
[32] Black J, Halevi S, Krawczyk H, Krovetz T, Rogaway P. UMAC: Fast and secure massage authentication. In Lecture Notes in Computer Science 1666, Wiener M (ed.), SpringerVerlag, 1999, pp.216-233.
[33] Bellare M, Canetti R, Krawczyk H. Keying hash functions for message authentication. In Lecture Notes in Computer Science 1109, Koblitz N (ed.), Springer-Verlag, 1996, pp.1-15.
[34] Preneel B, van Rompay B, Örs S B et al. Performance of optimized implementations of the NESSIE primitives (v2.0 edition). In The NESSIE Consortium, http://www.cosic.esat.kuleuven.be/nessie/deliverables/D21v2.pdf, August 2013.
[35] Paar C, Poschmann A, Robshaw M J B. New designs in lightweight symmetric encryption. In RFID Security: Techniques, Protocols and System-on-Chip Design, Kitsos P, Zhang Y (eds.), Springer, 2008, pp.349-371.
[36] Feldhofer M, Rechberger C. A case against currently used hash functions in RFID protocols. In Lecture Notes in Computer Science 4277, Meersman R, Tari Z, Herrero P (eds.), Springer-Verlag, 2006, pp.372-381.
[37] ISO. Information technology { Security techniques { Hashfunctions { Part 2: Hash-functions using an n-bit block cipher algorithm. ISO/IEC10118-2, 2010. http://www.iso. org/iso/home/store/catalogue tc, August 2013.
[38] Black J, Rogaway P, Shrimpton T. Black-box analysis of the block-cipher-based hash-function constructions from PGV. In Lecture Notes in Computer Science 2442, Yung M (ed.), Springer, 2002, pp. 320-335.
[39] Knudsen L, Mendel F, Rechberger C, Thomsen S. Cryptanalysis of MDC-2. In Lecture Notes in Computer Science 5479, Joux A (ed.), Springer, 2009, pp.106-120.
[40] Lai X, Massey J. Hash functions based on block ciphers. In Lecture Notes in Computer Science 658, Rueppel R A (ed.), Springer, 1993, pp.55-70.
[41] Healy M, Newe T, Lewis E. Analysis of hardware encryption versus software encryption on wireless sensor network motes. In Lecture Notes in Electrical Engineering 20, Mukhopadhyay S C, Gupta G S (eds.), Springer, 2008, pp.3-14.
[42] Moradi A, Poschmann A, Ling S, Paar C, Wang H. Pushing the limits: A very compact and a threshold implementation of AES. In Lecture Notes in Computer Science 6632, Paterson K G (ed.), Springer-Verlag, 2011, pp.69-88.
No related articles found!
Full text



[1] Zhu Mingyuan;. Two Congruent Semantics for Prolog with CUT[J]. , 1990, 5(1): 82 -91 .
[2] Cao Cungen;. Expansion Nets and Expansion Processes of Elementary Net Systems[J]. , 1995, 10(4): 325 -333 .
[3] Zhi-Wei Xu, Hao-Jie Zhou, and Guo-Jie Li. Usability Issues of Grid System Software[J]. , 2006, 21(5): 641 -647 .
[4] Shu-Tao Xia. A Note on the Stopping Redundancy of Linear Codes[J]. , 2006, 21(6): 950 -951 .
[5] Yi-Wei Jiang and Yong He. Semi-Online Algorithms for Scheduling with Machine Cost[J]. , 2006, 21(6): 984 -988 .
[6] Juan J. Cuadrado Gallego, Daniel Rodri guez, Miguel Angel Sicilia, Miguel Garre Rubio and Angel Garci a Crespo. Software Project Effort Estimation Based on Multiple Parametric Models Generated Through Data Clustering[J]. , 2007, 22(3): 371 -378 .
[7] Markus Hinkelmann, Andreas Jakoby, and Peer Stechert. t-Private and t-Secure Auctions[J]. , 2008, 23(5 ): 694 -710 .
[8] Hua Huang, Senior Member, CCF, Member, IEEE, Yu Zang, Senior Member, CCF, Member, IEEE, Paul L. Rosin, and Chun Qi, Senior Member, CCF. Edge-Aware Level Set Diffusion and Bilateral Filtering Reconstruction for Image Magnification[J]. , 2009, 24(4): 734 -744 .
[9] Mauricio Hanzich, Porfidio Hernández, Francesc Giné, Francesc Solsona, and Josep L. Lérida. On/Off-Line Prediction Applied to Job Scheduling on Non-Dedicated NOWs[J]. , 2011, 26(1): 99 -116 .
[10] Zi-Chu Qi (齐子初), Hui Liu (刘慧), Xiang-Ku Li (李向库), and Wei-Wu Hu (胡伟武). Design for Testability Features of Godson-3 Multicore Microprocessor[J]. , 2011, 26(2): 302 -313 .

ISSN 1000-9000(Print)

CN 11-2296/TP

Editorial Board
Author Guidelines
Journal of Computer Science and Technology
Institute of Computing Technology, Chinese Academy of Sciences
P.O. Box 2704, Beijing 100190 P.R. China
E-mail: jcst@ict.ac.cn
  Copyright ©2015 JCST, All Rights Reserved