Cryptography Reference
In-Depth Information
Data Integrity
6
Thus far we have concentrated on using cryptography to provide confidentiality.
In this chapter we begin our investigation of cryptographic mechanisms that are
designed to provide other security services. It is important to appreciate that
much of our previous discussion, which was framed around encryption, also
applies to the wider use of cryptography. In particular the discussions on security
assumptions in Section 1.5 and the breaking of cryptosystems in Section 1.6 are
directly applicable.
The focus of this chapter is on the provision of data integrity. We will look at
mechanisms that provide only a 'light' notion of data integrity, as well as those
that provide the stronger notion of data origin authentication. This chapter will
only discuss data integrity mechanisms that are either symmetric or have no key.
In Chapter 7 we will consider mechanisms based on asymmetric cryptography
that also provide data integrity.
At the end of this chapter you should be able to:
• Appreciate that there are different levels of data integrity.
• Identify the different properties of a hash function.
• Comment on different applications of a hash function and which properties
they require.
• Recognise the significance of the length of the output of a hash function.
• Explain how to use a MAC to provide data origin authentication.
• Describe two different approaches to constructing a MAC.
• Compare different ways of combining MACs with encryption to provide
confidentiality and data origin authentication.
Data integrity is a slightly confusing security service because it is often referred
to in different contexts. The best way of identifying the context is to consider the
