Content
Integrity
Content integrity comes as a bonus
with cryptography. No one can change encrypted data in a meaningful way without
breaking the encryption. This does not say, however, that encrypted data cannot
be modified. Changing even one bit of an encrypted data stream will affect the
result after decryption, often in a way that seriously alters the resulting
plaintext. We need to consider three potential threats:
·
malicious modification that changes content in a meaningful way
·
malicious or nonmalicious modification that changes content in a
way that is not necessarily meaningful
·
nonmalicious modification that changes content in a way that will
not be detected
Encryption addresses the first of
these threats very effectively. To address the others, we can use other
controls.
Error
Correcting Codes
We can use error detection and error
correction codes to guard
against modification in a transmission. The codes work as their names imply:
Error detection codes detect when an error has occurred, and error correction
codes can actually correct errors without requiring retransmission of the
original message. The error code is transmitted along with the original data,
so the recipient can recompute the error code and check whether the received
result matches the expected value.
The simplest error detection code
is a parity check. An
extra bit is added to an existing group of data bits depending on their sum or
an exclusive OR. The two kinds of parity are called even and odd. Witheven parity the extra bit is 0 if the sum of the
data bits is even and 1 if the sum is odd; that is, the parity bit is set so
that the sum of all data bits plus the parity bit is even. Odd parity is the same except the sum is odd. For
example, the data stream 01101101 would have an even parity bit of 1 (and an
odd parity bit of 0) because 0+1+1+0+1+1+0+1 = 5 + 1 = 6 (or 5 + 0 = 5 for odd
parity). A parity bit can reveal the modification of a single bit. However,
parity does not detect two-bit errors—cases in which two bits in a group are
changed. That is, the use of a parity bit relies on the assumption that
single-bit errors will occur infrequently, so it is very unlikely that two bits
would be changed. Parity signals only that a bit has been changed; it does not identify
which bit has been changed.
There are other kinds of error
detection codes, such as hash
codes and Huffman codes. Some of
the more complex codes can detect multiple-bit errors (two or more bits changed
in a data group) and may be able to pinpoint which bits have been changed.
Parity and simple error detection
and correction codes are used to detect nonmalicious changes in situations in
which there may be faulty transmission equipment, communications noise and
interference, or other sources of spurious changes to data.
Cryptographic
Checksum
Malicious modification must be
handled in a way that prevents the attacker from modifying the error detection
mechanism as well as the data bits themselves. One way to do this is to use a
technique that shrinks and transforms the data, according to the value of the
data bits.
To see how such an approach might
work, consider an error detection code as a many-to-one transformation. That
is, any error detection code reduces a block of data to a smaller digest whose
value depends on each bit in the block. The proportion of reduction (that is,
the ratio of original size of the block to transformed size) relates to the
code's effectiveness in detecting errors. If a code reduces an eight-bit data
block to a one-bit result, then half of the 28 input values map to 0 and half
to 1, assuming a uniform distribution of outputs. In other words, there are
28/2 = 27 = 128 different bit patterns that all produce the same one-bit
result. The fewer inputs that map to a particular output, the fewer ways the
attacker can change an input value without affecting its output. Thus, a
one-bit result is too weak for many applications. If the output is three bits
instead of one, then each output result comes from 28/23 or 25 = 32 inputs. The
smaller number of inputs to a given output is important for blocking malicious
modification.
A cryptographic
checksum (sometimes called a message digest) is a cryptographic function
that produces a checksum. The cryptography prevents the attacker from changing
the data block (the plaintext) and also changing the checksum value (the
ciphertext) to match.