CBC MAC for Real - Time Data

The Cipher Block Chaining (CBC) Message Authentication Code (MAC) is an authentication method which is widely used in practice. It is well known that the naive use of CBC MAC for variable length messages is not secure, and a few thumb rules for the correct use of CBC MAC are known by \folklore". The rst rigorous proof of the security of CBC MAC, when used on xed length messages, was given only recently by Bellare, Kilian and Rogaway [3]. They also suggested variants of CBC MAC that handle variable length messages but in these variants the length of the message has to be known in advance (i.e., before the message is processed). We study CBC authentication of real time applications in which the length of the message is not known until the message ends, and furthermore, since the application is real-time, it is not possible to start processing the authentication only after the message ends. Providing authentication for real time communication is an important task, which involves authenticating real time speech transmissions, real time camera source of video transmission, and other human-driven multi media interaction. This also involves fax transmissions, in which the number of pages is not known in advance, and we would like to send the authentication as soon as the last page has been fed into the machine. We rst present a variant of CBC MAC, called double MAC (DMAC) which handles messages of variable unknown lengths. Computing DMAC on a message is virtually as simple and as e cient as computing the standard CBC MAC on the message. We provide a rigorous proof that its security is implied by the security of the underlying block cipher. Next, we argue that the basic CBC MAC is secure when applied to pre x free message space. A message space can be made pre x free by authenticating also the (usually hidden) last character which marks the end of the message.