Cryptography Reference
In-Depth Information
tationally hard to break; the procedures for using the algorithm must also
withstand attack.”
13
Indeed, the breaking of the World War II Enigma
machine by the Allies had already powerfully demonstrated the wisdom
of such an insight.
Security Services
By the mid-1990s, the expected properties of cryptographic signatures had
crystallized in the scientific literature.
14
Remarkably, these had remained
largely unchanged from Diffie and Hellman's initial proposal:
certifying the
origin of the message
(authentication),
certifying its integrity
(data integrity),
and the more vaguely defined
provision of evidence that can be used by an
unbiased third party to settle a dispute
(non-repudiation).
Authentication
To authenticate something means, according to the Oxford Dictionary, “to
verify its claimed origin or authorship.” Digital signatures involve two
distinct types of authentication:
message
and
entity authentication
. The
former is defined as “a type of authentication whereby a party is corrobo-
rated as the (original) source of specified data created at some (typically
unspecified) time in the past.”
15
The latter is equivalent to identification;
that is, one party (the verifier) gains assurance that the identity of another
(the claimant) is as declared, thereby preventing impersonation (the term
“entity” is used to signify that both claimants and verifiers may be indi-
viduals or computational devices). Techniques for identification are typi-
cally divided into three classes, depending on the kind of evidence the
claimant provides:
16
1. Something the claimant
knows
: passwords, PINs, or cryptographic keys,
the knowledge of which is demonstrated in
challenge-response
protocols.
2. Something the claimant
possesses
: passports, smart cards, magnetic strip
cards, or similar. In this case, identity is demonstrated by control of an
object, usually (but not necessarily) functioning as a container for other
identifying information, such as a smartcard containing cryptographic
keys.
3. Something the claimant
is
: physical characteristics, such as fingerprints
and retinal patterns, or behavioral characteristics, such as handwritten
