Authentication Techniques

An important objective of security is to provide secrecy i e to hide the contents of a publicly exposed message from unauthorized recipients In contemporary private commercial and diplomatic applications however it is frequently of equal or even greater concern that the legitimate receiver be able to verify that the message in formation has not been modi ed during its transmission or storage or that it is not a counterfeit from an unauthorized transmitter In some applications this require ment on the authenticity of information is of vital concern to all parties involved For instance in nancial transactions the party who accepts a cheque usually insists on corroborating identi cation of the party who issues the cheque authentication of the originator or the transmitter while the issuer not only lls in the face amount in numerals but also writes out the amount in script and may even go so far as to emboss that part of the cheque to make it more di cult for anyone to subsequently alter the face amount appearing on an instrument bearing his valid signature Al though this example illustrates the two main concerns of the participants in the authentication of information namely the veri cation that the communication was originated by the purported transmitter and that it hasn t subsequently been sub stituted for or altered it fails to illustrate perhaps the most important feature in the current use of authentication The information conveyed on the cheque is inextrica bly linked to a physical instrument the cheque itself for which there exist legally accepted protocols to establish the authenticity of the signature and the integrity of what the issuer wrote in the event of a later dispute as to whether the cheque is valid or the signature is genuine independent of the information content data amount etc recorded there The contemporary concern in authentication is with situations in which the exchange involves only information that is in which there is no physical instrument that can later be used to corroborate the authenticity of either the transmitter s identity or of the communication The information to be authenticated may indeed be a message in a commu nication channel but it can equally well be data in a computer le or resident software in a computer it can be quite literally a ngerprint in the application of the authentication channel to the veri cation of the identity of an individual or g uratively a ngerprint in the veri cation of the identity of a physical object such as a document or a tamper sensing container In the broader sense authentication is concerned with establishing the integrity of information purely on the basis of