11.1 Ensuring Integrity of Transmitted Information

Submitted by admin on Thu, 2007-11-15 09:10

11.1  Ensuring Integrity of Transmitted Information

    

Here is the problem. A source socket sends information to a destination socket on the Internet. The information is broken into packets at various levels. The packets at the lowest level are the ones transmitted across the Internet. There can be thousands or even millions of packets involved. The packets travel through many computers where they are forwarded toward the destination. At the destination, the packets are captured and reconstituted into higher levels and finally given to the destination socket at the application level. How do we ensure that the information arrived at the destination without being modified?  In other words, how can the destination process be sure of the integrity of the information?  For the time being, we do not care if someone views the information along the way. At this time, we just want to make sure that the information arrived without being modified by an interceptor.

One of the techniques used for ensuring information integrity in transmission is by using cryptographic hash functions. A hash function H is a transformation that takes an input m and returns a fixed-size string called the hash value h. That is, h=H(m). Hash functions have many computational uses. A hash function, when used in cryptography is required to have the following properties.

    The input can be of any length,

    the output has a fixed length,

    the value H(m) is easy to compute for any value of m.

    H(m) is an one-way function, and

    H(m) is a collision-free function.

A hash function H is called one-way if it is hard to invert, i.e., given a hash value h, it is computationally infeasible to find the input message m that produced it such that H(m)=h.

The main use of cryptographic hash functions are in ensuring data integrity checks and in digital signatures. This is how a hash function is used for ensuring communication integrity. At the source, the program uses a hash function to compute what is called a message digest of the original message m. Let the digest be called d. The digest is small in size and is fixed in length no matter how long the original information is. The hash value represents concisely the larger message from which it was computed. One can think of the message digest as a digital fingerprint of the original message. There are various digest producing hash algorithms and the size of the digest depends on the hash algorithm used. In the simplest use for ensuring integrity, the message digest d is attached to the message m at the source. The sender sends the message along with the digest to the receiver.

At the destination, the receiving program looks at the message m that it receives. It recomputes the digest on the message using the same hashing algorithm that the sender used. Let the new digest be called d'. The receiver compares the new digest d' with the original digest d that came from the sender. If the two are exactly the same, the receiver can be assured that the information was not changed during transmission, and that the integrity of the information can be guaranteed.

Since hash functions are generally faster than encryption or digital signature algorithms, typically the digital signature is not computed on the whole message, but on the message’s hash value which is small compared to the original message itself. Additionally, a digest can be made public without revealing the contents of the document it came from. This fact can be used to get a message timestamped digitally without revealing the message to a timestamping service.