Serious breaches of data security are in the news almost daily. These issues are of several different types, relating essentially to questions such as “Has any unauthorized person accessed any of this data?” and “Has anyone tampered with this data?” Common ways to address these issues include the securing of data with the use of keys, such as in a private/public key pair scheme such as PKI or some other form of key-based encryption, typically backed by digital certificates issued by some certificate authority (CA).
Some of the disadvantages of such arrangements include the need to securely store possibly large numbers of key pairs, the need to rely on the integrity of the certificate authority, the possibility that the keys may expire, etc. In short, a key-based approach requires maintaining at least one “secret” in each system pair that communicates, as well as reliance on (in most cases) a third-party CA.
The complications associated with key-based security are multiplied greatly in the case of large data sets that are created and/or streamed as units such as video frames, blocks, etc. If entire streams are encrypted or secured as a whole with keys, then there may be an unacceptable delay in transmission, a greater storage requirement, and/or a greater risk that the transmitted data itself will be corrupted even absent any malicious action. On the other hand, if streams are encrypted or secured in smaller units, then it will be necessary to generate and maintain at least one, and typically two, keys for each unit; this adds even more to the processing and administrative burden. Note that this burden is usually duplicated, since encryption and key maintenance of the transmission side must usually be matched by decryption and key maintenance on the receiving side as well.