For as long as information has been communicated between two individuals, it has always been susceptible to third-party interception, eavesdropping, compromise and/or corruption. Traditionally, this problem has been handled through the development, over the years, of increasingly sophisticated cryptographic techniques.
One class of these techniques involves the use of key-based ciphers. In particular, through a key-based cipher, sequences of intelligible data (i.e., “plaintext”) that collectively form a message are each mathematically transformed, through an enciphering algorithm, into seemingly unintelligible data (i.e., so-called “ciphertext”).
Such transformations are typically completely reversible. This means that the enciphering algorithm is invertible: each ciphertext can be transformed back to its corresponding original plaintext, and each element of plaintext can be transformed into one and only one element of ciphertext.
In addition, it is desirable for a particular cipher that generated any given ciphertext to be sufficiently secure from cryptanalysis. To provide a requisite level of security, typically a unique key is selected which defines a unique corresponding cipher. This precludes, to the extent possible, a situation where multiple differing keys each yields reversible transformations between the same plaintext-ciphertext correspondence.
The strength of any cryptographic technique (and hence the degree of protection it affords from third-party intrusion) is directly proportional to the time required, by a third party, to perform cryptanalysis. While no encryption technique is completely impervious from cryptanalysis with unlimited resources, ensuring that without the secret key an immense number of calculations and an extremely long time interval are required with today's computing technology effectively rendering many techniques, for all practical intents and purposes, sufficiently secure to warrant their widespread adoption and use.
However, computing technology and cryptanalytic techniques continue to rapidly evolve. Processors, unheard of just a few years ago in terms of their high levels of sophistication and speed, are becoming commercially available at ever decreasing prices. What might have taken years of continual computing a decade ago can now be accomplished in a very small fraction of that time. Hence, as technology evolves, the art of cryptography advances in lockstep in a continual effort to develop increasingly sophisticated cryptographic techniques that withstand correspondingly intensifying cryptanalysis.
However, encryption, by itself, provides no guarantee that an enciphered message can not be or has not been compromised during transmission or storage by a third party. Encryption does not assure integrity. An encrypted message could be intercepted and changed, even though it may be, in any instance, practically impossible, to cryptanalyze.
In that regard, the third party could intercept, or otherwise improperly access, a ciphertext message, then substitute a predefined illicit ciphertext block(s) which that party, or someone else acting in concert with that party, has specifically devised for a corresponding block(s) in the message; and thereafter, transmit that resulting message with the substituted ciphertext block(s) onward to a destination. All of this may be done without the knowledge of the eventual recipient of the message and to the eventual detriment of the original message sender and/or its recipient.
For example, if the message involved a financial transaction between a purchaser and a seller, the substituted block could be an enciphered account number of a third party rather than that of the intended seller; hence, with an eventual effect of possibly illicitly diverting money originally destined to the seller to the third party instead. For a variety of reasons, messages carried over the Internet are vulnerable in this regard.
Detecting altered communication is not confined to Internet messages. With the burgeoning use of stand-alone personal computers, very often, an individual or business will store confidential or other information within the computer, such as on a hard-disk therein, with a desire to safeguard that information from illicit access and alteration by third-parties.
Password controlled access—which is commonly used to restrict access to a given computer and/or a specific file stored thereon—provides a certain, but rather rudimentary, form of file protection. Often users are cavalier about their passwords, either in terms of safeguarding their password from others or simply picking passwords that others can easily discern; thereby creating a security risk. Once password protection is circumvented, a third party can access a stored file and then change it, with the owner of the file then being completely oblivious to any such change.