[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [MSEC] The use HMAC

To: brakta <Saber.Brakta@loria.fr>
Subject: Re: [MSEC] The use HMAC
From: Adrian Perrig <perrig@acm.org>
Date: Wed, 13 Jun 2001 12:14:37 -0700
CC: msec@securemulticast.org, ipsec@lists.tislabs.com
References: <3B27777F.B50C8FB3@loria.fr>
Sender: owner-ipsec@lists.tislabs.com


>  Mechanisms that provide such integrity check based on a secret key are
> usually called "message authentication codes" (MAC). Typically, message
> authentication codes are used between (two parties) that share a secret
> key in order to validate information transmitted between these parties.
> Can i use "message authentification codes" between more than two
> parties, i mean in multicast application, specially 1- N mode ?

Using a simple MAC for authenticating the sender in a broadcast is
unfortunately insecure if the receivers do not trust each other. Since
any one of the receivers knows the MAC key, it could impersonate the
sender and send forged messages to other receivers.

This is why we designed the TESLA protocol. TESLA provides efficient
authentication, at the cost of about one MAC computation per packet,
perfect robustness to packet loss, and requires loose time
synchronization between the sender and the receivers. The
authentication in TESLA is delayed, but we proposed an extension that
allows the receivers to immediately authenticate data (which works
well in environments with low packet loss).

The IETF draft is available at:
http://www.ietf.org/internet-drafts/draft-irtf-smug-tesla-00.txt
Papers on TESLA are available at:
http://paris.cs.berkeley.edu/%7Eperrig/projects.html#TESLA

Let me know if you have further questions on this,
  Adrian

References:

The use HMAC

From: brakta <Saber.Brakta@loria.fr>

Prev by Date: Re: IPSEC Security Gateways & NAT
Next by Date: RE: IPSEC Security Gateways & NAT
Prev by thread: The use HMAC
Next by thread: Re: [MSEC] The use HMAC
Index(es):
- Main
- Thread