karn@faline.UUCP (Phil R. Karn) (11/21/86)
I am interested in "systematic" authentication schemes, i.e., methods for verifying the authenticity of a message without hiding the meaning of the message itself. This is useful for certain special situations such as amateur radio, where encryption per se is illegal but methods to prevent unauthorized use of a remote radio control link are OK. I seem to remember hearing that the banking industry has some ANSI standards for this purpose, but I haven't been able to find copies. I have one idea for this that I'd like comment on. Basically, you encrypt the message with DES in the cipher feedback mode. Then you transmit the final 64 bits of the ciphertext after the original plaintext message. This adds a a 64-bit "crypto checksum" which guards against attempts at spoofing or modification by someone who doesn't know the DES key. I don't see any way that the message could be modified (e.g., by swapping words or bytes of an intercepted message) without perturbing the crypto checksum in some totally unpredictable way. About the only thing the attacker could do is to play back old messages. If your network is based on datagrams, though, this isn't a problem. All end-to-end protocols on datagram networks are already designed to filter out duplicate packets, since datagram networks occasionally duplicate packets for reasons other than malicious spoofing. Comments? Phil