1. Field
The present invention relates to the field of data processing systems. In particular, to improving security in data processing systems.
2. Background
In a number of diverse fields, such as, e.g., electronic commerce, communications, and broadcasting, security is a major concern. Security measures contribute to accountability, fairness, accuracy, confidentiality, operability, and other criteria that are desired of data processing systems and information systems utilized in these fields. Cryptographic methods that provide such security are usually categorized according to two purposes: encryption and authentication. Encryption is the art of rendering data unreadable by unauthorized parties. Authentication is the art of verifying the integrity of the data. Verifying the integrity of the data involves verifying the author identity of the data and/or verifying whether the data has been altered.
Encryption systems are often referred to as cryptosystems, and have the property of being either symmetric or asymmetric. A symmetric encryption system uses a secret key to encrypt information and the same secret key to decrypt the encrypted information. An asymmetric encryption system, such as a public key cryptosystem, uses a first key to encrypt information and uses a different key to decrypt the encrypted information.
In many symmetric cryptosystems, one key is used for the encryption function and a separate key is used for the authentication function. Hence, in data processing systems using a symmetric cryptosystem, encryption and authentication are performed as two separate entities. Since authentication requires approximately as much processing power as encryption, the total amount of processing is equivalent to the amount of processing required to encrypt the data twice. In data processing systems that operate in a power-limited or hardware-limited environment, such as, e.g., a cellular telephone, personal digital assistant, or other portable communication device, it would be desirable to have a cryptosystem that can perform encryption and authentication as a single entity in order to reduce the computational load upon the device.
In the paper, “Encryption Modes with Almost Free Message Integrity,” written by Charanjit Jutla, Advances in Cryptology, EUROCRYPT 2001, Lecture notes in Computer Science, vol. 2045, Springer-Verlag, 2001, cryptosystems were presented that can encrypt messages and authenticate the encrypted messages in a manner that requires little more processing than encryption alone. In other words, encryption and authentication can be performed using a single entity. Hence, the amount of processing resources required to provide security is reduced.
The Jutla cryptosystems are designed to encrypt all of the data that is to be transmitted. However, the requirement that all data of a message must be encrypted is undesirable in certain applications. For example, in communication protocols such as IPSec, encryption of all data is not efficient. A header portion of the data must be sent unencrypted for addressing purposes. The foundations of IPSec are specified in RFC 1825 entitled “Security Architecture for the Internet Protocol,” RFC 1826 entitled “IP Authentication Header,” and RFC 1827 entitled “IP Encapsulating Security Payload (ESP),” all of which were submitted by R. Atkinson in August 1995.
Hence, there is a present need for a secure and efficient system for encryption and authentication of data wherein all data bits of a message need not be encrypted.