2. Integrity
Integrity becomes
an issue when Alice wants to send a message to Bob but is concerned
that Eve will tamper with the message and change the contents. In
this case, Alice does not care if Eve can read the message—she
only wants to make sure that Bob can detect any changes made by Eve.
Alice takes the message that she has written and creates a
cryptographic hash
code, which is a numeric code based on the contents of the message
that acts as a "fingerprint" to
identify the message. Changing even the smallest portion of the
message results in a different hash code. Alice sends the message and
the hash code to Bob.
Bob takes the message that he has received and creates his own hash
code using the same technique that Alice used. If his code matches
the one that Alice sent, Bob can assume that Eve has not modified the
message—if the hash codes do not match, then Bob can assume
that Eve has altered the message en route. Figure 4 illustrates the use of hash codes.
Eve will be able to change the message without detection if she
changes the hash code as well. Eve creates a new message and a new
hash code, both of which she sends to Bob. When Bob creates a hash
code for the message, it will match the hash code he has received,
leading him to think that the message has not been tampered with.
The solution to this problem is to use a
"keyed" hash code, which uses the contents of
the message and a secret key to create the hash code, as illustrated
in Figure 5. Eve can still modify the message,
but she can no longer create a valid hash code, because she lacks the
key used to create the original code.
Unless Eve is able to discover the key, she will be unable to create
hash codes that will fool Bob; if Eve acquires the key, she will be
able to generate valid hash codes for her own messages, rendering
Alice and Bob's efforts to ensure message integrity
useless. As with confidentiality, the issue of integrity becomes one
of protecting secret keys from Eve.
3. Authentication
The goal
of
authentication is to allow Bob to establish that Alice is the author
of a message. For our purposes, this means that Alice should be able
to create a "digital signature"
for the message and that Bob should be able to check the signature to
ensure that it is valid. In addition, Eve should not be able to
create and sign messages as though she were Alice.
Digital signatures rely on asymmetric encryption techniques,
although they are applied differently than we discussed earlier.
Alice creates a pair of keys, one of which she makes public and one
of which she keeps private. To sign the message, Alice creates a
cryptographic hash code of the message that she wants to send to Bob,
as discussed earlier. Alice then signs the hash code using her
private key, as shown in Figure 6. This creates a
digital signature that is unique to the combination of the document
and Alice's private key.
When Bob receives the message, he verifies the signature using
Alice's public key. If the signature is valid, then
Alice has "signed" the message, and
Bob can assume that Eve has not forged the message.
Because digitally signing a document requires the creation of a
hash code, it also addresses the
issue of integrity that we discussed earlier. If Eve modifies the
message that Alice has sent, then Alice's signature
will not be valid. Bob will generate his own hash code for the
message, and it will not be the same as the one Alice signed. Figure 7 shows the protocol for message signatures.
Eve is unable to forge messages from Alice, because she does not know
Alice's secret key and is unable to create digital
signatures that will fool Bob. However, as with the areas of
confidentiality and integrity, if Eve is able to acquire the secret
key, she will be able to sign messages as though she were Alice.
