Image Processing Reference
In-Depth Information
P
n
P
2
P
1
+
+
C
n
-1
RC5
Encrypt
RC5
Encrypt
RC5
Encrypt
IK
IK
IK
...
C
n
C
1
C
2
MAC (64 bits)
FIGURE .
Computing an MAC in cipher block chaining mode.
Depending on whether encryption of message data is required or not, SNEP offers two message
formats:
. First format appends an RC-CBC-MAC computed with the integrity key
IK
A
,
B
over the
message data:
A
→
B
∶
Ms g
∣
RC
−
CBC
(
IK
A
,
B
,
Ms g
)
. Second format encrypts the message and appends an MAC in whose computation the
counter value is also included:
A
→
B
∶{
Ms g
}
<
>
∣
CK
A
,
B
,Counter
>
)
Please note that the counter value itself is not transmitted in the message, so that common
state between sender and receiver is exploited to save transmission energy and bandwidth.
RC
−
CBC
(
IK
A
,
B
,Counter,
{
Ms g
}
<
CK
A
,
B
,Counter
Furthermore, random numbers are generated by encrypting a (different) counter, and the RC-
CBC construction is also used for key derivation, as the key deriving function mentioned above is
realized as
F
X
A
,
B
(
n
)∶=
RC
−
CBC
(
X
A
,
B
,
n
)
To be able to successfully decrypt a message, the receiver's decryption counter needs to be synchro-
nized with the sender's encryption counter. An initial counter synchronization can be achieved by
the following protocol, in which both entities
A
and
B
communicate their individual counter value
for encryption
C
A
and
C
B
to the other party, and authenticate both values by exchanging two MACs
computed with their integrity keys
IK
A
,
B
and
IK
A
,
B
,respectively:
A
→
B
∶
C
A
B
→
A
∶
C
B
∣
RC
−
CBC
(
IK
B
,
A
,
C
A
,
C
B
)
A
→
B
∶
RC
−
CBC
(
IK
A
,
B
,
C
A
,
C
B
)
In case of a message loss, counters get out of synch. By trying out a couple of different counter values,
a few message losses can be tolerated. However, as this consumes energy, after trying out a couple
of succeeding values, an explicit resynchronization dialog is initiated by the receiver
A
of a message.
The dialog consists of sending a freshly generated random number
N
A
to
B
,whoanswerswithhis
current counter
C
B
and an MAC computed with his integrity key over both the random number and
the counter value:
A
→
B
∶
N
A
B
→
A
∶
C
B
∣
RC
−
CBC
(
IK
B
,
A
,
N
A
,
C
B
)