Cryptography Reference
In-Depth Information
strength of a potential 'attack' against the integrity of some data. For our purposes,
we will consider four different levels of data integrity that can be provided by
considering four increasing levels of attack:
Accidental errors
. This first level of data integrity provides protection only against
accidental errors. Such errors are most likely to occur through noise in a
communication channel. Data integrity mechanisms that offer this level of
data integrity include error-correcting codes (see Section 1.4.4) and simple
checksums such as
cyclic redundancy checks
(CRCs). These techniques involve
the computation of a digest that is appended to the original data. The digest
is computed using a simple mathematical computation that is based on the
data. Since the digest can be computed by anyone, these mechanisms offer no
protection against an active attacker. We will not further discuss mechanisms
in this category, since their integrity protection is weak.
Simple manipulations
. The second level of data integrity protects against simple
manipulations. Mechanisms providing protection only against accidental
errors often have the property that if the data is changed in a particular way
then the new integrity digest can be predicted without needing to formally
recalculate it. For example, the integrity digest of the XOR of two messages
might be the XOR of the two integrity digests. Hash functions are examples of
mechanisms that can prevent simple manipulations, since they have inherent
security properties that prevent this. However, an active attacker can still
defeat integrity mechanisms in this category since the integrity digest can
still be computed by anyone. This second category is only distinct from the
first category in that an active attacker cannot 'shortcut' the computation of
a new digest by manipulating old ones. We will discuss hash functions in
Section 6.2.
Active attacks
. The third level of data integrity protects against active attacks.
Unlike the previous two categories, mechanisms in this category must be
able to prevent an attacker from creating a 'valid' integrity digest on some
data for which they have not previously seen an integrity digest. This strong
notion of data integrity normally requires data origin authentication, since
the most natural way of preventing active attacks of this type is to provide a
binding between the underlying data and the source that created it. The main
cryptographic mechanisms for providing this level of data integrity are MACs,
which we discuss in Section 6.3.
Repudiation attacks
. The fourth level of data integrity protects against a creator
of an integrity digest who attempts to later deny that they created the digest.
This level is necessary in applications where a 'proof' of data integrity that can
be verified by a third party is required. This corresponds to non-repudiation of
the source of data. We will postpone discussion of mechanisms in this category
until Chapter 7, which focusses on digital signature schemes. Note, however,
that under certain circumstances MACs can provide this level of data integrity
(see Section 7.2).
