caa a22 4500 475827082 CHVBK 20180406123831.0 cr unu---uuuuu 170329e20000601xx s 000 0 eng 10.1007/s001450010009 doi (NATIONALLICENCE)springer-10.1007/s001450010009 CBC MAC for Real-Time Data Sources [Elektronische Daten] [Erez Petrank, Charles Rackoff] Abstract. : The Cipher Block Chaining (CBC) Message Authentication Code (MAC) is an authentication method which is widely used in practice. It is well known that the use of the CBC MAC for variable length messages is not secure, and a few rules of thumb for the correct use of the CBC MAC are known by folklore. The first rigorous proof of the security of CBC MAC, when used on fixed length messages, was given only recently by Bellare et al.[3]. They also suggested variants of CBC MAC that handle variable-length messages but in these variants the length of the message has to be known in advance (i.e., before the message is processed). We study CBC authentication of real-time applications in which the length of the message is not known until the message ends, and furthermore, since the application is real-time, it is not possible to start processing the authentication until after the message ends. We first consider a variant of CBC MAC, that we call the encrypted CBC MAC (EMAC), which handles messages of variable unknown lengths. Computing EMAC on a message is virtually as simple and as efficient as computing the standard CBC MAC on the message. We provide a rigorous proof that its security is implied by the security of the underlying block cipher. Next, we argue that the basic CBC MAC is secure when applied to a prefix-free message space. A message space can be made prefix-free by also authenticating the (usually hidden) last character which marks the end of the message. International Association for Criptologic Rese, 2000 Key words. Message authentication, Real time, Cipher block chaining, Block ciphers nationallicence Petrank Erez Computer Science Department, Technion, Haifa 32000, Israel erez@cs.technion.ac.il, IL aut Rackoff Charles Department of Computer Science, University of Toronto, Toronto, Ontario, Canada M5S 3G4 rackoff@cs.toronto.edu, CA aut Journal of Cryptology Springer Berlin Heidelberg 13/3(2000-06-01), 315-338 0933-2790 13:3<315 2000 13 145 https://doi.org/10.1007/s001450010009 text/html Onlinezugriff via DOI 1 research-article jats NATIONALLICENCE 856 40 https://doi.org/10.1007/s001450010009 text/html Onlinezugriff via DOI NATIONALLICENCE 700 1- Petrank Erez Computer Science Department, Technion, Haifa 32000, Israel erez@cs.technion.ac.il, IL aut NATIONALLICENCE 700 1- Rackoff Charles Department of Computer Science, University of Toronto, Toronto, Ontario, Canada M5S 3G4 rackoff@cs.toronto.edu, CA aut NATIONALLICENCE 773 0- Journal of Cryptology Springer Berlin Heidelberg 13/3(2000-06-01), 315-338 0933-2790 13:3<315 2000 13 145 Metadata rights reserved Springer special CC-BY-NC licence nationallicence BK010053 XK010053 XK010000 NATIONALLICENCE NATIONALLICENCE NL-springer