Security definitions, entropy measures and constructions for implicitly detecting data corruption

Abstract We discuss security definitions, entropy measures and cryptographic constructions associated with the recently proposed implicit data integrity methodology. Such methodology is applied in order to detect data corruption without producing, storing or verifying mathematical summaries of the content such as Message Authentication Codes (MACs) or checksums. The main idea is that, whereas typical user data demonstrate patterns such as repeated bytes or words, decrypted data resulting from corrupted ciphertexts no longer demonstrate such patterns. Thus, by checking the entropy of decrypted ciphertexts, corruption can be possibly detected. The paper expands on earlier contributions, arguing for the need of a new notion of security based on the assumption that it is computationally difficult for an adversary to corrupt some ciphertext so that the resulting plaintext demonstrates specific patterns. A second contribution of the paper is a proposal for a new entropy measure that is applicable to short messages. The entropy measure we propose is called “pattern entropy index” and can be efficiently computed for messages that can be as small as 64 bytes. Third, we extend the security analysis of the known cryptographic construction called IVP (Integrity Via Preprocessing). We show that IVP supports implicit data integrity and is secure in input perturbing and oracle replacing adversary models. The cryptographic strength of IVP is 32.169 bits, which is sufficient for defending against online data corruption and content replay attacks. Computationally, IVP is much lighter than other authenticated encryption approaches requiring only two additional encryption rounds in the critical path of a 128-bit block cipher such as AES.