Showing papers on "Message authentication code published in 1989"
20 Aug 1989
TL;DR: Noninteractive zero knowledge proofs in a network which have the property that anyone in the network can individually check correctness while the proof is zero knowledge to any sufficiently small coalition are shown.
Abstract: Using non-interactive zero knowledge proofs we provide a simple new paradigm for digital signing and message authentication secure against adaptive chosen message attack.For digital signatures we require that the non-interactive zero knowledge proofs be publicly verifiable: they should be checkable by anyone rather than directed at a particular verifier. We accordingly show how to implement noninteractive zero knowledge proofs in a network which have the property that anyone in the network can individually check correctness while the proof is zero knowledge to any sufficiently small coalition. This enables us to implement signatures which are history independent.
148 citations
Patent•
IBM1
TL;DR: In this paper, the authors propose a control vector which provides the authorization for the uses of the data cryptography key intended by the originator of the key, among the uses specified by the control vector are limitations on encryption, decryption, authentication code generation and verification, translation of the user's data.
Abstract: Data cryptography is achieved in an improved manner by associating with the data cryptography key, a control vector which provides the authorization for the uses of the key intended by the originator of the key. Among the uses specified by the control vector are limitations on encryption, decryption, authentication code generation and verification, translation of the user's data. Complex combinations of data manipulation functions are possible using the control vectors, in accordance with the invention. The system administrator can exercise flexibility in changing the implementation of his security policy by selecting appropriate control vectors in accordance with the invention. Complex scenarios such as encrypted mail box, session protection, file protection, ciphertext translation center, peer-to-peer ciphertext translation, message authentication, message authentication with non-repudiation and many others can be easily implemented by a system designer using the control vectors, in accordance with the invention.
86 citations
Patent•
IBM1
TL;DR: In this paper, data cryptography is achieved in an improved manner by associating with the data cryptography key, a control vector which provides the authorisation for the uses of the key intended by the originator.
Abstract: Data cryptography is achieved in an improved manner by associating with the
data cryptography key, a control vector which provides the authorisation for
the uses of the key intended by the originator of the key. Among the uses
specified by the control vector are limitations on encryption, decryption,
authentication code generation and verification, translation of the user's
data. Complex combinations of data manipulation functions are possible
using the control vectors, in accordance with the invention. The system
administrator can exercise flexibility in changing the implementation of his
security policy by selecting appropriate control vectors in accordance with
the invention. Complex scenarios such as encrypted mail box, session
protection, file protection, ciphertext translation centre, peer-to-peer
ciphertext translation, message authentication, message authentication with
non-repudiation and many others can be easily implemented by a system
designer using the control vectors, in accordance with the invention.
54 citations
TL;DR: This paper analyzes the behaviour of a ''generic'' key distribution protocol using a model checker based on temporal logic to bring the automatic verification of finite systems closer to a practical proposition.
Abstract: During recent years there has been considerable interest and growth in computer networks and distributed systems. Computer networks employ encryption for several purposes, including private communication, message authentication and digital signatures. The correctness and security of these applications depend not only on the strength of the cryptographic algorithms but also on the protocols for key management. In this paper, we analyse the behaviour of a ''generic'' key distribution protocol using a model checker based on temporal logic. The protocol typifies several protocols that have been recently proposed to achieve an authenticated communication in a network environment. The protocol is first specified using a state-machine-based language. Then some important properties of the protocol are verified. Such analysis technique is useful in a wide range of applications. In particular, we feel that the model checker helps to bring the automatic verification of finite systems closer to a practical proposition.
28 citations
IBM1
TL;DR: The authors gives an overview of cryptographic methods using symmetric and asymmetric algorithms and demonstrates why future cryptographic applications should use a hybrid approach, i.e., combination of asymmetric and symmetric (public key) methods.
Abstract: Cryptography is the only known practical method for protecting information transmitted through potentially hostile environments, where it is either impossible or impractical to protect the information by conventional physical means. Also, damage resulting from message alteration, message insertion, and message deletion can be avoided. Administrative and physical security procedures often can provide adequate protection for offline data transport and storage. However, where file security methods are either nonexistent or weak, encryption may provide the most effective and economical protection. The authors gives an overview of cryptographic methods using symmetric and asymmetric algorithms and demonstrates why future cryptographic applications should use a hybrid approach, i.e., combination of symmetric and asymmetric (public key) methods. >
15 citations
TL;DR: It is shown that a proposed method for using hash functions does not provide a secure non-repudiation service.
Abstract: This paper considers the use of hash functions for message authentication. It is shown that a proposed method for using hash functions does not provide a secure non-repudiation service.
6 citations
03 Apr 1989
TL;DR: The paper illustrates the way that the key distribution scheme, the confidentiality algorithm, and the integrity algorithm drive the protocol construction of a simple local area network encapsulation security protocol.
Abstract: Construction of a simple local area network encapsulation security protocol is discussed. The paper illustrates the way that the key distribution scheme, the confidentiality algorithm, and the integrity algorithm drive the protocol construction. A Needham/Schroeder based key distribution scheme, DES Cipher Block Chaining, and the Message Authentication Code are used as building blocks for a sample protocol. The sample protocol provides data origin authentication, confidentiality, and integrity.
5 citations
TL;DR: Considering various data integrity services and mechanisms and presenting some factors for the selection of suitable layers for the placement of data integrity security services in the emerging open systems interconnection (OSI) seven-layer reference model architecture is presented.
Abstract: Data integrity is a property that implies that data have not been altered or destroyed in an unauthorized manner. The placement of such data security services in the emerging open systems interconnection (OSI) seven-layer reference model architecture is presented in this paper. The actual placement of various security services in the OSI architecture is itself a controversial issue. In this paper, we have considered various data integrity services and mechanisms and presented some factors for the selection of suitable layers for the placement of data integrity security services. Also, we have presented considerations for selecting those layers to provide data integrity of all user data on a connection-oriented transmission with and without error recovery; data integrity of selected fields within the user data on a connection without error recovery; data integrity of all user data, and data integrity of selected fields within the user data on a connectionless transmission.
5 citations
TL;DR: The cryptographic controls that GE Information Services uses over its worldwide network to ensure the validity of EFT transactions are described to show how keys can be securely administered and distributed in practice.
Abstract: In recent years the requirement for enhanced security to protect financial transactions has become an issue of growing urgency. The major concern is that of ensuring the integrity of data between parties and the authenticity of the originator. This paper describes the cryptographic controls that GE Information Services uses over its worldwide network to ensure the validity of EFT transactions. The object is to show how keys can be securely administered and distributed in practice.
4 citations
01 Jul 1989
TL;DR: It is becoming increasingly common for large, distributed systems to utilise personal computers for the purpose of user access, and hence the security arrangements for such an access point have become a focus of attention in systems security design.
Abstract: It is becoming increasingly common for large, distributed systems to utilise personal computers (PC’s) for the purpose of user access, and hence the security arrangements for such an access point have become a focus of attention in systems security design. Generally speaking the functional requirements of a PC security sub-system are as follows:-
(i)
Identity verification of the user, for controlling access both to resources within the local PC workstation and to remote teleprocessing services on other machines.
(ii)
File encryption at the PC for secure storage.
(iii)
Message encryption and message authentication for secure communications.
(iv)
Digital signatures for proof of origin of communications and for data and software certification.
4 citations
TL;DR: The letter describes a method to implement an access control policy for multinetwork environments based on the public-key cryptosystem proposed by Rivest, Shamir and Adleman and on the message authentication algorithm based on Data Encryption Standard (DES).
Abstract: The letter describes a method to implement an access control policy for multinetwork environments. The access control method is based on the public-key cryptosystem proposed by Rivest, Shamir and Adleman (RSA) and on the message authentication algorithm based on Data Encryption Standard (DES)