1. Field
The present invention relates to the field of data processing systems. In particular, to improving security in data processing systems.
2. Background
In a number of diverse fields, such as, e.g., electronic commerce, communications, and broadcasting, security is a major concern. Security measures contribute to accountability, fairness, accuracy, confidentiality, operability, and other criteria that are desired of data processing systems and information systems utilized in these fields. Cryptographic methods that provide such security are usually categorized according to two purposes: encryption and authentication. Encryption is the art of rendering data unreadable by unauthorized parties. Authentication is used to verify the integrity of the data. Verifying the integrity of the data involves verifying the author identity of the data and/or verifying whether the data has been altered.
Encryption systems are often referred to as cryptosystems, and have the property of being either symmetric or asymmetric. A symmetric encryption system uses a secret key to encrypt information and the same secret key to decrypt the encrypted information. An asymmetric encryption system, such as a public key cryptosystem, uses a first key to encrypt information and uses a different key to decrypt the encrypted information.
In many symmetric cryptosystems, one key is used for the encryption and a separate key is used for the authentication. Hence, in data processing systems using a symmetric cryptosystem, encryption and authentication are performed as two separate entities. Since authentication requires approximately as much processing power as encryption, the total amount of processing is equivalent to encrypting the data twice. In data processing systems that operate in a power-limited or hardware-limited environment, such as, e.g., a cellular telephone, personal digital assistant, or other portable communication device, it would be desirable to have a cryptosystem that can perform encryption and authentication as a single entity in order to reduce the computational load upon the device or to increase the speed at which the device performs the encryption and authentication.
In the papers “Parallelizable Encryption Mode with Almost Free Message Integrity” by Charanjit Jutla and “OCB: A Block-Cipher Mode of Operation for Efficient Authenticated Encryption” by P. Rogaway, cryptosystems were presented that can encrypt messages and authenticate the encrypted messages in a manner that requires little more processing than encryption alone. In other words, encryption and authentication can be performed efficiently as a single functional entity. Hence, the amount of processing resources required to provide security is reduced.
Both cryptosystems require the encryption of all the data that is to be transmitted. However, the requirement that all data of a message must be encrypted is undesirable in certain applications. For example, in communication protocols such as IPSec, encryption of all data is not efficient. A header portion of the data must be sent unencrypted for addressing purposes. The foundations of IPSec are specified in RFC 1825 entitled “Security Architecture for the Internet Protocol,” RFC 1826 entitled “IP Authentication Header,” and RFC 1827 entitled “IP Encapsulating Security Payload (ESP),” all of which were submitted by R. Atkinson in August, 1995.
Hence, there is a present need for a secure and efficient system for encryption and authentication of data wherein all data bits of a message need not be encrypted.