 Research
 Open Access
An efficient MACbased scheme against pollution attacks in XOR network codingenabled WBANs for remote patient monitoring systems
 Alireza Esfahani^{1}Email author,
 Georgios Mantas^{1},
 Hélio Silva^{1},
 Jonathan Rodriguez^{1} and
 Jose Carlos Neves^{1}
https://doi.org/10.1186/s1363801606019
© Esfahani et al. 2016
 Received: 1 November 2015
 Accepted: 4 April 2016
 Published: 22 April 2016
Abstract
Wireless Body Area Networks (WBANs) play a pivotal role to remote patient monitoring which is one of the main applications of mHealth. However, WBANs comprise a subset of wireless sensor networks (WSNs), and thus, they inherit the limitations of WSNs in terms of communication bandwidth, reliability, and power consumption that should be addressed so that WBANs can reach their full potential. Towards this direction, XOR network coding (NC) is a promising solution for WBANs. Nevertheless, XOR NC is vulnerable to pollution attacks, where adversaries (i.e., compromised intermediate nodes) inject into the network corrupted packets that prevent the destination nodes from decoding correctly. This has as a result not only network resource waste but also energy waste at the intermediate nodes. In this sense, pollution attacks comprise a serious threat against WBANs (i.e., resourceconstrained wireless networks) that should be addressed so that WBANs can reap the benefits of XOR NC.
Therefore, in this paper, we propose an efficient message authentication code (MAC)based scheme that provides resistance against pollution attacks in XOR NCenabled WBANs for remote patient monitoring systems. Our proposed scheme makes use of a number of MACs which are appended to the end of each native packet. Our results show that the proposed MACbased scheme is more efficient compared to other competitive schemes for securing XOR NC against pollution attacks in resourceconstrained wireless networks, in terms of communication bandwidth and computational complexity.
Keywords
 Secure XOR network coding
 Pollution attacks
 MACbased scheme
 Key management
 mHealth
 WBANs
 Remote patient monitoring
1 Introduction
Over the past decade, advances in Wireless Body Area Networks (WBANs) have contributed significantly to the evolution of remote patient monitoring, which is one of the main applications of mHealth. It is an mHealth application that could enhance the quality of people’s life and also reduce the costs of national healthcare systems [1–3]. For instance, remote patient monitoring could improve the quality of life of individuals with special needs, such as people with chronicle diseases, who wish to lead an independent way of life staying at their own home with minimum intervention from healthcare professionals. Particularly, remote patient monitoring could play a pivotal role towards individual’s treatment, proactive actions, and provision of emergency assistance [4–6]. In this context, WBANs are a key component to remote patient monitoring systems, since they enable continuous monitoring of patient’s physiological parameters and realtime feedback to the patient and the healthcare professional (e.g., doctors) that allow greater mobility and flexibility to the patient. In addition, healthcare professionals can have a clearer view of the patient’s status, thanks to WBANs which are able to obtain data from the patient’s natural environment during a large time interval [3, 7].
WBANs consist of multiple small lowpower wireless devices attached on clothing or on the human body or even implanted in the human body. These devices, which are the nodes of a WBAN, are categorized into two types: sensors and actuators. The sensors measure various vital signs (e.g., blood pressure, heart rate) or external parameters (e.g., motion patterns) and process their readings, if necessary. Then, they transmit this information to a central device, playing the role of the coordinator, directly or through other nodes (i.e., sensors or actuators) that act as relays [7–9]. This device, which is more powerful than a sensor or actuator, is located on or near the patient and is responsible to collect all the information acquired by the sensors or actuators and passes it to another network (e.g., WLAN, 3G/4G), so that the information will reach the remote healthcare professional’s side (e.g., medical server). Furthermore, the central device can provide information to the patient or the healthcare professionals (e.g., nurse, doctor), located close to the patient, via a display/LEDS on it. Moreover, it is worthwhile to mention that the central device, which is also called as body gateway (BG), body control unit (BCU), hub or a sink, in some implementations can be a smartphone or a personal digital assistant (PDA). On the other hand, the actuators take actions according to the information received from the sensors or through interaction with the patient or the healthcare professionals, which is usually handled by the central device as well [7, 8, 10].
However, WBANs comprise a subset of wireless sensor networks (WSNs), and thus, they inherit the limitations of WSNs in terms of communication bandwidth, reliability, and power consumption that should be addressed so that WBANs can reach their full potential [3, 11–14]. In this sense, the application of network coding (NC) technology in WBANs has emerged as a promising solution to address these limitations, since it provides significant benefits including network capacity improvement, robustness to packet losses, and lower energy consumption [15–18]. NC was presented for the first time by Ahlswede et al. in [19] in 2000 and, in contrast to traditional storeandforward networks, its core principle is to allow the incoming packets at the intermediate nodes, in NCenabled networks, not only to be routed or replicated but also recoded. Within the few years after 2000, different approaches of linear NC appeared for wired networks [20, 21]. For instance, the approach of random linear network coding (RLNC) was proposed by Ho et al. in [22] as a fully distributed approach for performing NC. According to RLNC, each node selects randomly a set of coefficients and uses them to make linear combinations of the incoming packets. In these approaches, NC is operated over large finite fields, and thus, they are not efficient for wireless networks. However, a more efficient type of NC, based only on XOR operations, was introduced in [23] and targets applications in wireless networks [24].
Nevertheless, similar to linear NCenabled networks, XOR NCenabled networks are vulnerable to pollution attacks, where adversaries (i.e., compromised intermediate nodes) inject into the network corrupted packets that prevent the destination nodes from decoding correctly. Even a small proportion of corrupted packets can quickly propagate into other packets via rerecoding, occurred at the intermediate nodes, and lead to infection of a larger number of packets. This has as a result not only network resource waste but also energy waste at the nodes. In this sense, pollution attacks comprise a serious threat against WBANs (i.e., resourceconstrained wireless networks) that should be addressed so that WBANs can reap the benefits of XOR NC [24]. Therefore, in this paper, we propose an efficient message authentication code (MAC)based scheme providing resistance against pollution attacks in XOR NCenabled WBANs for remote patient monitoring systems. Our proposed scheme makes use of a number of MACs which are appended to the end of each native packet. Our results show that the proposed MACbased scheme is more efficient compared to the scheme proposed in [24], in terms of communication bandwidth and computational complexity. To the best of our knowledge, the proposed scheme in [24] is the most competitive scheme in the literature for securing XOR NC against pollution attacks in resourceconstrained wireless networks.
The remainder of this paper is organized as follows. In Section 2, we give an overview of the background and related work on XOR NC and secure XOR NC in wireless networks. A WBAN scenario in a remote patient monitoring system is described in Section 3. Section 4 provides the network model of the WBAN scenario, where XOR NC is applied. In addition, in this section, we present the adversary model of this XOR NCenabled WBAN, as well as the key distribution model which is adopted by our proposed scheme. In Section 5, our proposed scheme is provided. Subsequently, the security analysis of our proposed scheme is given in Section 6. In Section 7, the performance evaluation of the proposed scheme is analyzed. Finally, Section 8 concludes the paper.
2 Background and related work
3 WBAN scenario in remote patient monitoring
4 Models and assumptions
In this section, we provide the network model of the above WBAN scenario (Section 3), where XOR NC is applied. Moreover, we provide the adversary model of this XOR NCenabled WBAN, as well as the key distribution model which is adopted by our proposed scheme.
4.1 Network model

Source node S: We have a source S (i.e., a sensor node) which wants to multicast its messages. To achieve that each message is divided into a sequence of packets and these packets are multicasted. Each packet consists of a number of codewords.

Nonsource node set I: This set includes the intermediate nodes (i.e., relay nodes) and the destination node (i.e., smartphone) which recode and decode packets. In Fig. 3, the set of nonsource nodes is represented as: I={I _{1},…,I _{ j },D}.

Link set e: This set consists of all the links in the network. As a link is defined the connection between each pair of two nodes. In Fig. 3, the set of links is represented as: e={e _{1},…,e _{ w }}.
We consider two types of packets: native packets and coded packets. Native packets are packets generated at the source node. On the other hand, coded packets are packets which are encoded and recoded at the source and intermediate nodes. However, for simplicity, we call them as packets when it is not required to distinguish them to native and coded packets. At the setup phase and according to the assumption made by the most existing schemes [28, 29], the source divides each message into a sequence of native packets and partitions them into generations.
where i=1,⋯,n.
Each codeword stands in a finite field \( \mathbb {F}_{p} \), where p is a power of prime number. Our model encodes the codewords over the field of size 2. Typically, each codeword is 256bit long (⌊log2p⌋).
where α _{ i }∈{0,1} for i=1,⋯,n. The intermediate and destination nodes use the received coded packets E to verify the native packets.
4.2 Adversary model
In this paper, we assume that the source node and the destination node are always trusted and there is not any possibility to be forged. However, the intermediate nodes can be compromised. A compromised node can play the role of an adversary that is able to wiretap all the data packets that are transmitted over the network. The adversary’s goal is to achieve pollution attack. Moreover, it is considered that the adversaries have limitations in computation power, and thus, they can only perform in polynomial time.
4.3 Key distribution model
We assume that a set of keys are distributed to all participant nodes in a secure and authenticated manner by a key distribution center (KDC) according to our key distribution model. In this section, we provide a brief description of our key distribution model that we have adopted for our proposed MACbased scheme against pollution attacks in XOR NCenabled WBANs. This key distribution model has been presented in detail in our previous work [30].
According to our key distribution model, if the keys are distributed properly, then no coalition of c compromised nodes can deceive another node. It is shown in [31] that in order to resist against c compromised nodes, the number of the keys at the source must be c+1 times larger than the number of the shared keys at the relay/destination nodes. This model allows each verifier to obtain a number of shared keys in order to verify the coded packets. In our proposed scheme, this key distribution model assigns only one key to the intermediate and destination nodes so that they verify the received coded packet. Only one key is assigned to each intermediate and destination node, since in case that more than one key is assigned, then there is the possibility to verify the coded packet more than once. However, this possibility needs more computational complexity.
5 Proposed MACbased scheme

Setup: The KDC distributes the required keys to all nodes, and the source node sets the security parameters and uses the assigned keys to generate the corresponding MACs.

MAC: The source node calculates and appends a number of MACs to the end of each native packet.

Verify: Verification is based on the coded packets, the appended MACs, and the shared keys. If verification succeeds, the received packets will be accepted and used for further recoding or decoding. Otherwise, the received packets are discarded.
Summary of notations
Parameter  Meaning 

n  The number of native packets per generation 
m  The number of codewords of each native packet 
l  The number of MACs 
p  The size of finite field and each codeword 
M _{ i }  Each native packet 
m _{ j }  Each coded packet 
h  The hash function 
K _{ i,j }  The key 
id _{ i,j }  The index of the key 
r _{ j }  The index of u codewords 
u  The number of codewords used for each MAC 
c  The number of compromised nodes 
5.1 The construction of the MACbased scheme

Setup
Initially, the source node defines the number of MACs appended to the end of each native packet. This number of MACs is denoted as l. Then, the source node chooses randomly a value u which is the number of codewords that will be used in the generation process of each MAC. To define the codewords that will be used in the generation of the l MACs, the source node makes use of l random integers r _{1},r _{2},…,r _{ l }, where r _{ j }∈ [ 1,m] for j=1,…,l. These random integers are calculated based on a pseudorandom function. Each r _{ j } represents the indexes of the u codewords that will be used in the generation process of each MAC. Also, a hash function \( h: \mathbb {F}^{u}_{p}\rightarrow \mathbb {F}_{p} \), where \( \mathbb {F}_{p} \) is a finite field of size p, is defined by the source node. This hash function will be used by the source node to create the hash value of the u codewords. Then, based on the number of MACs (i.e., l), the KDC distributes l keys k _{1},k _{2},…,k _{ l } to the source node. Finally, the KDC selects, based on the key distribution model, described in Section 4.3, one key from those l keys and distributes it to each nonsource node.

MAC
The source node calculates l MACs and appends them to the end of each native packet. Each MAC is calculated as follows:$$ MAC_{i,j}=E\left({id_{i,j},r_{j},h_{i,j}}\right)_{k_{i,j}}, $$(3)where i=1,…,n and j=1,…,l.
Moreover, in Eq. 3, E(.) denotes encryption using the key k _{ i,j }, which is one of the l keys, distributed by the KDC. In addition, id _{ i,j } denotes the index of this key, r _{ j } is the index of u codewords, and h _{ i,j } is the output of the hash function h taking as input u codewords. More precisely, for XOR NC, the hash function h is defined as follows:$$ h_{i,j}=m_{i,r_{j,1}}\oplus \ldots \oplus m_{i,r_{j,u}}, $$(4)where i=1,…,n and j=1,…,l.
Then, the source node transmits the following:$$ \left(M_{i},id_{i,1},MAC_{i,1},\ldots,id_{i,l},MAC_{i,l}\right), $$(5)where i=1,…,n.
We illustrate an example of the MAC generation in Fig. 4. 
Verify
Each nonsource node (i.e., intermediate and destination nodes) holds a key which was distributed by the KDC as it has been mentioned in the Setup phase. Using this key, the nonsource node decrypts the corresponding MAC of the received coded packet. Thus, the nonsource node obtains the indexes of the u codewords and the value of the hash function h that was calculated in the source node. Afterwards, the nonsource node calculates the hash value h ^{′} of the codewords that correspond to the obtained indexes, according to Eq. 4, and compares it with the obtained hash value h. If they are equal, the received coded packet is considered as uncorrupted and is accepted; otherwise, the received coded packet is discarded.
6 Security analysis
In this section, we analyze the security of our proposed scheme in terms of the probability that a corrupted packet cannot be detected by the next hop and how this probability can be affected by the number of codewords (u) as well as the number of MACs (l).
We have considered that the adversary (i.e., the compromised node) knows the distributed key, and thus, based on Eqs. 3 and 4, he is able to identify which codewords are verified by the corresponding MAC. Hence, he can corrupt these codewords and generate a false MAC for the corrupted packet. However, the corrupted codeword can be detected by the next node with a high probability.
Theorem 1.
The probability that a corrupted codeword in one MAC is not detected by the next node is not greater than \( \left (1\frac {u}{m}\right)^{l1} \).
Proof.
Consequently, if an adversary corrupts a codeword of a MAC, then the probability that the corrupted codeword will not be detected by the next node is given by Eq. 6.
In addition, the probability of a corrupted packet not to be detected by the next node is also affected by the number of MACs.
Theorem 2.
By increasing the number of MACs, the probability that a corrupted packet not to be detected by the next hop decreases.
Proof.
where c≪l.
As a result, the probability that a corrupted packet not to be detected by the next hop is given by Eq. 8 as well. According to this equation, it is clear that by increasing the number of MACs, the probability that the corrupted packet not to be detected by the next hop decreases.
7 Performance evaluation
In this section, we analyze the performance of our MACbased scheme in terms of communication bandwidth and computational complexity.
7.1 Communication bandwidth
To calculate the communication overhead of our proposed scheme, we take into consideration (a) the number of codewords of the native packet, (b) the l MACs appended to the end of each native packet, and (c) the l key indexes appended to the end of each native packet as well.
Each native packet has m codewords and each codeword requires log_{2} p bits. Thus, the bit length of each native packet is m∗log_{2} p bits.
On the other hand, according to Eq. 3, each MAC consists of a hash value, a random number, and the key index. Based on Eq. 4, the hash value is the XOR result of u codewords and thus, it requires log_{2} p bits.
Moreover, the random number, used to identify the indexes of the codewords, requires log_{2} m bits. Finally, the index of the key requires log_{2} l bits. Consequently, the bit length of l MACs is l∗(log2 p+ log2 m+ log2 l) bits.
In addition, each key index appended to the end of each native packet requires log_{2} l bits. Therefore, the bitlength of l key indexes is l∗(log_{2} l) bits. However, similar to [24], in order to reduce the length of the coded packets in our scheme, only one key index can be appended to the end of each native packet.
Assuming that the number of MACs (i.e., l) is constant, m is equal to 256, and p is 256bit long, the value of log_{2} l and the value of log_{2} m are negligible compared to the value of log_{2} p. Hence, from Eq. 9, the communication overhead is calculated as \( \frac {l}{m} \), which means that our scheme has the same communication overhead as the proposed scheme in [24]. However, our proposed scheme can detect the corrupted packets earlier (i.e., next node), and thus, communication bandwidth is saved.
7.2 Computational complexity
According to Eqs. 3 and 4, (u−1) XOR operations are needed to generate each MAC in our scheme. Thus, the generation of l MACs requires l∗(u−1) XOR operations. Nevertheless, the proposed scheme in [24] requires l∗u XOR operations to generate l MACs.
Number of XOR operations
Proposed scheme  [24]  

MAC  l∗(u−1)  l∗u 
Verify  u−1  l∗u 
8 Conclusions
In this paper, we have been proposed an efficient MACbased scheme providing resistance against pollution attacks in XOR NCenabled WBANs for remote patient monitoring systems. Our proposed scheme makes use of a number of MACs which are appended to the end of each native packet. Our results show that the proposed MACbased scheme is more efficient compared to the scheme proposed in [24], in terms of communication bandwidth and computational complexity. The proposed scheme in [24] is the most competitive scheme in the literature for securing XOR NC against pollution attacks in resourceconstrained wireless networks. Particularly, our scheme saves communication bandwidth, since it detects corrupted packets in the next hop with high probability, and its computational complexity is lower because it requires less XOR operations than the scheme proposed in [24].
Declarations
Acknowledgements
The research leading to these results has received funding from the European Community’s Seventh Framework Program [FP7/20072013] under grant agreement number 285969 [CODELANCE]. The first author would like to acknowledge support from the Fundacão para a Ciência e a Tecnologia (FCT  Portugal), through grant number: SFRH/BD/102029/2014.
Open Access This article is distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, distribution, and reproduction in any medium, provided you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license, and indicate if changes were made.
Authors’ Affiliations
References
 A Solanas, C Patsakis, M Conti, I Vlachos, V Ramos, F Falcone, O Postolache, P Perezmartinez, R Pietro, D Perrea, et al., Smart health: a contextaware health paradigm within smart cities. Commun. Mag. IEEE. 52(8), 74–81 (2014).View ArticleGoogle Scholar
 RS Istepanaian, YT Zhang, Guest editorial introduction to the special section: 4g health—the longterm evolution of mhealth. Inf. Technol. Biomed. IEEE Trans.16(1), 1–5 (2012).View ArticleGoogle Scholar
 S Movassaghi, M Abolhasan, J Lipman, D Smith, A Jamalipour, Wireless body area networks: a survey. Commun. Surv. Tutorials IEEE. 16(3), 1658–1686 (2014).View ArticleGoogle Scholar
 M Fengou, G Mantas, D Lymberopoulos, N Komninos, S Fengos, N Lazarou, A new framework architecture for next generation ehealth services. Biomed. Health Inf. IEEE J.17(1), 9–18 (2013).View ArticleGoogle Scholar
 U Varshney, Pervasive healthcare: applications, challenges and wireless solutions. Commun. Assoc. Inf. Syst.16(1), 3 (2005).Google Scholar
 G Mantas, D Lymberopoulos, N Komninos, in Engineering in Medicine and Biology Society, 2009. EMBC 2009. Annual International Conference of the IEEE, Minneapolis, Minnesota, USA. Integrity mechanism for ehealth telemonitoring system in smart home environment (2009), pp. 3509–3512.Google Scholar
 B Latré, B Braem, I Moerman, C Blondia, P Demeester, A survey on wireless body area networks. Wireless Netw.17(1), 1–18 (2011).View ArticleGoogle Scholar
 E Kartsakli, A Antonopoulos, L Alonso, C Verikoukis, A cloudassisted random linear network coding medium access control protocol for healthcare applications. Sensors. 14(3), 4806–4830 (2014).View ArticleGoogle Scholar
 E Kartsakli, AS Lalos, A Antonopoulos, S Tennina, MD Renzo, L Alonso, C Verikoukis, A survey on M2M systems for mHealth: a wireless communications perspective. Sensors. 14(10), 18009–18052 (2014).View ArticleGoogle Scholar
 M Chen, S Gonzalez, A Vasilakos, H Cao, VC Leung, Body area networks: a survey. Mobile Netw. Appl.16(2), 171–193 (2011).View ArticleGoogle Scholar
 J Sen, A survey on wireless sensor network security. Int. J. Commun. Netw. Inf. Secur. 1:, 55–78 (2009).Google Scholar
 A Boulis, D Smith, D Miniutti, L Libman, Y Tselishchev, Challenges in body area networks for healthcare: The mac. Commun. Mag. IEEE. 50(5), 100–106 (2012).View ArticleGoogle Scholar
 E Kartsakli, A Antonopoulos, A Lalos, S Tennina, M Renzo, L Alonso, C Verikoukis, Reliable mac design for ambient assisted living: Moving the coordination to the cloud. Commun. Mag. IEEE. 53(1), 78–86 (2015).View ArticleGoogle Scholar
 S Tennina, M Di Renzo, E Kartsakli, F Graziosi, A Lalos, A Antonopoulos, PV Mekikis, L Alonso, WSN4QoL: a WSNoriented healthcare system architecture. Int. J. Distributed Sensor Netw.2014:, 1–16 (2014).View ArticleGoogle Scholar
 S Movassaghi, M Shirvanimoghaddam, M Abolhasan, D Smith, in Local Computer Networks (LCN), 2013 IEEE 38th Conference On, Sydney, NSW. An energy efficient network coding approach for wireless body area networks (2013), pp. 468–475.Google Scholar
 AS Lalos, E Kartsakli, A Antonopoulos, S Termina, M Di Renzo, L Alonso, C Verikoukis, in Global Communications Conference (GLOBECOM), 2014 IEEE. Cooperative compressed sensing schemes for telemonitoring of vital signals in wbans (IEEE, 2014), pp. 2387–2392.Google Scholar
 IH Hou, YE Tsai, TF Abdelzaher, I Gupta, in INFOCOM 2008. The 27th Conference on Computer Communications. IEEE. Adapcode: Adaptive network coding for code updates in wireless sensor networks (IEEE, 2008).Google Scholar
 A Antonopoulos, C Verikoukis, Networkcodingbased cooperative ARQ medium access control protocol for wireless sensor networks. Int. J. Distributed Sensor Netw.2012: (2011). Article ID 601321, 9 pages.Google Scholar
 R Ahlswede, N Cai, SY Li, RW Yeung, Network information flow. Inf. Theory IEEE Trans.46(4), 1204–1216 (2000).MathSciNetView ArticleMATHGoogle Scholar
 SYR Li, RW Yeung, N Cai, Linear network coding. Inf. Theory IEEE Trans.49(2), 371–381 (2003).MathSciNetView ArticleMATHGoogle Scholar
 T Ho, R Koetter, M Medard, DR Karger, M Effros, in Proc. IEEE Int. Symp. Information Theory, Yokohama, Japan, Jun./Jul. 2003. The benefits of coding over routing in a randomized setting (2003), p. 442.Google Scholar
 T Ho, M Médard, R Koetter, DR Karger, M Effros, J Shi, B Leong, A random linear network coding approach to multicast. Inf. Theory IEEE Trans.52(10), 4413–4430 (2006).MathSciNetView ArticleMATHGoogle Scholar
 S Katti, H Rahul, W Hu, D Katabi, M Médard, J Crowcroft, XORs in the air: practical wireless network coding. IEEE/ACM Trans. Netw. (ToN). 16(3), 497–510 (2008).View ArticleGoogle Scholar
 Z Yu, Y Wei, B Ramkumar, Y Guan, in INFOCOM 2009, IEEE. An efficient scheme for securing XOR network coding against pollution attacks (IEEERio de Janeiro, 2009), pp. 406–414.Google Scholar
 W Cheng, L Yu, F Xiong, W Wang, in Global Telecommunications Conference (GLOBECOM 2010), 2010 IEEE. Trusted network coding in wireless ad hoc networks (IEEEMiami, FL, 2010), pp. 1–5.View ArticleGoogle Scholar
 J Dong, R Curtmola, C NitaRotaru, DK Yau, Pollution attacks and defenses in wireless interflow network coding systems. Dependable Secure Comput. IEEE Trans.9(5), 741–755 (2012).View ArticleGoogle Scholar
 A Esfahani, A Nascimento, J Rodriguez, JC Neves, in Computers and Communication (ISCC), 2014 IEEE Symposium On. An efficient MACsignature scheme for authentication in XOR network coding (IEEEFunchal, Madeira, 2014), pp. 1–5.View ArticleGoogle Scholar
 MN Krohn, MJ Freedman, D Mazieres, in Security and Privacy, 2004. Proceedings. 2004 IEEE Symposium On. Onthefly verification of rateless erasure codes for efficient content distribution (IEEE, 2004), pp. 226–240.Google Scholar
 C Cheng, T Jiang, Q Zhang, TESLAbased homomorphic MAC for authentication in p2p system for live streaming with network coding. Selected Areas Commun. IEEE J.31(9), 291–298 (2013).View ArticleGoogle Scholar
 A Esfahani, D Yang, G Mantas, A Nascimento, J Rodriguez, Dualhomomorphic message authentication code scheme for network codingenabled wireless sensor networks. Int. J. Distributed Sensor Netw.2015:, 510251 (2015). doi:10.1155/2015/510251. Accessed 20150206.Google Scholar
 R Canetti, J Garay, G Itkis, D Micciancio, M Naor, B Pinkas, in INFOCOM’99. Eighteenth Annual Joint Conference of the IEEE Computer and Communications Societies. Proceedings. IEEE, 2. Multicast security: a taxonomy and some efficient constructions (IEEENew York, NY, USA, 1999), pp. 708–716.Google Scholar