The Practice of Authentication

Abstract

One of the most pervasive problems in military and in commercial communications-like systems is the need to authenticate digital messages; where authentication is interpreted broadly to mean verification both that a message was originated by the purported transmitter and that it has not been altered subsequently, which includes verifying that it is not a repetition of an earlier legitimate but already accepted message. The terminology ttmessagetl is a carryover from the origins of the problem in communications systems, but as used here includes resident computer software, data bank information, access requests and passes or passwords, hand-shaking exchanges between terminals and central facilities or between card readers and teller machines, etc.; i.e., digital information exchange over a suspect channel or interface in general. The need to authenticate information presupposes an opponent(s) — who may in some circumstances be either the transmitter or receiver — that desires to have unauthentic messages be accepted by the receiver, or by arbiters, as authentic or else to fraudulently attribute to the transmitter messages that he did not send.