Abstract
RFC4082 specifies the Timed Efficient Stream Loss-tolerant Authentication (TESLA) scheme as an Internet standard for stream authentication over lossy channels. In this paper, we show that the suggested assumptions about the security of the building blocks of TESLA are not sufficient. This can lead to implementations whose security relies on some obscure assumptions instead of the well-studied security properties of the underlying cryptographic primitives. Even worse, it can potentially lead to insecure implementations. We also provide sufficient security assumptions about the components of TESLA, and present a candidate implementation whose security is based on block ciphers resistant to related-key cryptanalysis.
Chapter PDF
Similar content being viewed by others
Keywords
References
Anderson, R., Bergadano, F., Crispo, B., Lee, J., Manifavas, C., Needham, R.: A New Family of Authentication Protocols. ACM Operating Systems Review 32(4), 9–20 (1998)
Bergadano, F., Cavagnino, D., Crispo, B.: Chained Stream Authentication. In: Proceedings of Selected Areas in Cryptography 2000, pp. 142–155 (2000)
Bellare, M., Kohno, T.: A Theoretical Treatment of Related-Key Attacks: RKA-PRPs, RKA-PRFs, and Applications. In: Biham, E. (ed.) Advances in Cryptology – EUROCRPYT 2003. LNCS, vol. 2656, pp. 491–506. Springer, Heidelberg (2003)
Biham, E.: New Types of Cryptanalytic Attacks Using Related Keys. Journal of Cryptology 7(4), 229–246 (1994)
Black, J., Rogaway, P., Shrimpton, T.: Black-Box Analysis of the Block-Cipher-Based Hash-Function Constructions from PGV. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 225–320. Springer, Heidelberg (2002)
Canneti, R., Garay, J., Itkis, G., Micciancio, D., Naor, M., Pinkas, B.: Multicast security: A taxonomy and some efficient constructions. In: Infocom 1999 (1999)
Carrara, E., Baugher, M.: The Use of TESLA in SRTP. Internet draft, http://ietfreport.isoc.org/ids-wg-msec.html
Cheung, S.: An Efficient Message Authentication Scheme for Link State Routing. In: Proceedings of the 13th Annual Computer Security Application Conference (1997)
FIPS PUB 197, The Advanced Encryption Standard
FIPS PUB 198, The Keyed-Hash Message Authentication Code (HMAC)
Gennaro, R., Rohatgi, P.: How to Sign Digital Streams. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 180–197. Springer, Heidelberg (1997)
Goldreich, O.: Foundations of Cryptography. Cambridge University Press, Cambridge (2001)
Iwata, T., Kurosawa, K.: OMAC: One-Key CBC MAC. In: Johansson, T. (ed.) FSE 2003. LNCS, vol. 2887, pp. 129–153. Springer, Heidelberg (2003)
Jakimoski, G., Desmedt, Y.: Related-key Differential Cryptanalysis of 192-bit Key AES Variants. In: Matsui, M., Zuccherato, R.J. (eds.) SAC 2003. LNCS, vol. 3006, pp. 208–221. Springer, Heidelberg (2004)
Kelsey, J., Schneier, B., Wagner, D.: Related-key Cryptanalysis of 3-WAY, Biham-DES, CAST, DES-X, NewDES, RC2 and TEA. In: Han, Y., Quing, S. (eds.) ICICS 1997. LNCS, vol. 1334, pp. 233–246. Springer, Heidelberg (1997)
Perrig, A., Canneti, R., Tygar, J.D., Song, D.: Efficient Authentication and Signing of Multicast Streams Over Lossy Channels. In: Proceedings of the IEEE Security and Privacy Symposium (2000)
Perrig, A., Canneti, R., Song, D., Tygar, J.D.: Efficient and Secure Source Authentication for Multicast. In: Proceedings of the Network and Distributed System Security Symposium (2001)
Perrig, A., Canneti, R., Tygar, J.D., Song, D.: The TESLA Broadcast Authentication Protocol. RSA CryptoBytes 5(2) (2002)
Perrig, A., Song, D., Canneti, R., Tygar, J.D., Briscoe, B.: Timed Efficient Stream Loss-Tolerant Authentication (TESLA): Multicast Source Authentication Transform Introduction. Internet Request for Comments, RFC 4082 (June, 2005)
Perrig, A., Tygar, J.D.: Secure Broadcast Communication in Wired and Wireless Networks. Kluwer Academic Publishers, Dordrecht (2002)
Preneel, B., Govaerts, R., Vandewalle, J.: Hash functions based on block ciphers: A synthetic approach. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, Springer, Heidelberg (1994)
Rivest, R.L.: The MD5 message digest algorithm. Internet Request for Comments, RFC 1321 (April 1992)
Rohatgi, P.: A compact and fast hybrid signature scheme for multicast packet authentication. In: 6th ACM Conference on Computer and Communications Security (November 1999)
Syverson, P.F., Stubblebine, S.G., Goldschlag, D.M.: Unlinkable serial transactions. In: FC 1997. LNCS, vol. 1318, Springer, Heidelberg (1997)
Wang, X., Lai, X., Feng, D., Chen, H., Yu, X.: Cryptanalysis for Hash Functions MD4 and RIPEMD. In: Cramer, R.J.F. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 1–18. Springer, Heidelberg (2005)
Wang, X., Yu, H.: How to Break MD5 and Other Hash Functions. In: Cramer, R.J.F. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 19–35. Springer, Heidelberg (2005)
Wong, C.K., Lam, S.S.: Digital Signatures for Flows and Multicasts. In: Proceedings of IEEE ICNP 1998 (1998)
Zhang, K.: Efficient Protocols for Signing Routing Messages. In: Proceedings of the Symposium on Network and Distributed System Security (1998)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Jakimoski, G. (2007). Some Notes on the Security of the Timed Efficient Stream Loss-Tolerant Authentication Scheme. In: Biham, E., Youssef, A.M. (eds) Selected Areas in Cryptography. SAC 2006. Lecture Notes in Computer Science, vol 4356. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-74462-7_24
Download citation
DOI: https://doi.org/10.1007/978-3-540-74462-7_24
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-74461-0
Online ISBN: 978-3-540-74462-7
eBook Packages: Computer ScienceComputer Science (R0)