The one-pass AEAD scheme OCB. Note that PMAC1 is used for processing the associated data H when it is available.
[...] Security is an important concern in any modern network. This also applies to Wireless Sensor Networks (WSNs), especially those used in applications that monitor sensitive information (e.g., health care applications). However, the highly constrained nature of sensors imposes a difficult challenge: their reduced availability of memory, processing pow...
[...] each process are XORed together for yielding the authentication tag T . The initial counter value of the CTR mode is computed from the IV, also using the CMAC t algorithm; this allows EAX to process IVs of arbitrary length, but also implicates the need of non-repeating IVs. Upon reception of a packet authenticated with EAX, the receiver can verify its authenticity prior to its decryption, since T can be computed directly from C . Furthermore, the algorithm does not require the implementation of the cipher's decryption algorithm, since only the encryption process is used by CMAC t and by the CTR mode. Finally, this scheme is flexible enough to allow the header and the message to be processed in any desired order. The motivation for including EAX in this survey is that this AEAD scheme is a NIST recommendation that displays a fairly simple design, in- troducing little memory overhead when a regular CMAC implementation is available.
Ref.: https://www.researchgate.net/figure/The-one-pass-AEAD-scheme-OCB-Note-that-PMAC1-is-used-for-processing-the-associated-data_fig6_236295555