data authenticity
   HOME

TheInfoList



Click Here for Items Related To - data authenticity
OR:
data authenticity on:   [Wikipedia]   [Google]   [Amazon]

In
information security Information security, sometimes shortened to InfoSec, is the practice of protecting information by mitigating information risks. It is part of information risk management. It typically involves preventing or reducing the probability of unauthorize ...
, message authentication or data origin authentication is a property that a message has not been modified while in transit (
data integrity Data integrity is the maintenance of, and the assurance of, data accuracy and consistency over its entire life-cycle and is a critical aspect to the design, implementation, and usage of any system that stores, processes, or retrieves data. The ter ...
) and that the receiving party can verify the source of the message. Message
authentication Authentication (from ''authentikos'', "real, genuine", from αὐθέντης ''authentes'', "author") is the act of proving an assertion, such as the identity of a computer system user. In contrast with identification, the act of indicatin ...
does not necessarily include the property of
non-repudiation Non-repudiation refers to a situation where a statement's author cannot successfully dispute its authorship or the validity of an associated contract. The term is often seen in a legal setting when the authenticity of a signature is being challenged ...
. Message authentication is typically achieved by using message authentication codes (MACs),
authenticated encryption Authenticated Encryption (AE) and Authenticated Encryption with Associated Data (AEAD) are forms of encryption which simultaneously assure the confidentiality and authenticity of data. Programming interface A typical programming interface for ...
(AE) or digital signatures. The message authentication code, also known as digital authenticator, is used as an integrity check based on a secret key shared by two parties to authenticate information transmitted between them. It is based on using a
cryptographic hash A cryptographic hash function (CHF) is a hash algorithm (a map of an arbitrary binary string to a binary string with fixed size of n bits) that has special properties desirable for cryptography: * the probability of a particular n-bit output ...
or symmetric encryption algorithm. The authentication key is only shared by exactly two parties (e.g. communicating devices), and the authentication will fail in the existence of a third party possessing the key since the
algorithm In mathematics and computer science, an algorithm () is a finite sequence of rigorous instructions, typically used to solve a class of specific problems or to perform a computation. Algorithms are used as specifications for performing ...
will no longer be able to detect
forgeries Forgery is a white-collar crime that generally refers to the false making or material alteration of a legal instrument with the specific intent to defraud anyone (other than themself). Tampering with a certain legal instrument may be forbid ...
(i.e. to be able to validate the unique source of the message). In addition, the key must also be randomly generated to avoid its recovery through brute-force searches and related-key attacks designed to identify it from the messages transiting the medium. Some cryptographers distinguish between "message authentication without secrecy" systems – which allow the intended receiver to verify the source of the message, but they don't bother hiding the plaintext contents of the message – from
authenticated encryption Authenticated Encryption (AE) and Authenticated Encryption with Associated Data (AEAD) are forms of encryption which simultaneously assure the confidentiality and authenticity of data. Programming interface A typical programming interface for ...
systems. Some cryptographers have researched
subliminal channel In cryptography, subliminal channels are covert channels that can be used to communicate secretly in normal looking communication over an insecure channel.Gustavus J. Simmons. The Prisoners Problem and the Subliminal Channel'. In Advances in Crypt ...
systems that send messages that appear to use a "message authentication without secrecy" system, but in fact also transmit a secret message. Data origin authentication and non-repudiation have been also studied in the framework of quantum cryptography.


See also

*
Data integrity Data integrity is the maintenance of, and the assurance of, data accuracy and consistency over its entire life-cycle and is a critical aspect to the design, implementation, and usage of any system that stores, processes, or retrieves data. The ter ...
*
Authentication Authentication (from ''authentikos'', "real, genuine", from αὐθέντης ''authentes'', "author") is the act of proving an assertion, such as the identity of a computer system user. In contrast with identification, the act of indicatin ...
* Deniable authentication


References

Error detection and correction Theory of cryptography {{crypto-stub