Hi Eric, Yes, AES could be used for security and integrity. However, security and integrity are separate goals from authentication.
If I emit a digital voice stream and append a digital signature, the recipients can have reasonable trust that my stream was created by someone in possession of my private key. Ideally, that's only me. To answer your question about why AES should not be used for authentication... is a little detailed. AES could be used to encipher a hash of the data to create a signature. But since AES is a symmetric algorithm, you'd have to give away your key to whomever wishes to authenticate the signature. And once your key is given away, anyone could imitate you. So that's no good. Asymmetric algorithms (and keys) must be used so that you can create a signature using your private key and others my authenticate the signature with your public key. !!Dean KC4KSU On Aug 27, 2016, at 6:51 PM, [email protected] wrote: > Dean, > My apologies if I have come in late to this discussion but I too have been > looking at data payloads and cryptographic techniques and I am wondering why > the AES engine in the STM32 device is not applied , the only limitation is > that it works on 128 or 256 bit packets. > However form there standard cryptographic techniques can be applied for > enhancing the security and integrity of the data stream. > > Regards > Eric > > On 2016-08-27 22:52, Dean Hall wrote: > >> I read an academic paper in the past 5 years (can't cite it off the top of >> my head, though) that performed cryptographic authentication of streaming >> data in the following manner. >> >> Streaming Data : >> [ >> [Payload 0][SigByte 0] >> [Payload 1][SigByte 1] >> [Payload 2][SigByte 2] >> ... >> [Payload N][SigByte N] >> ] >> >> Where >> 256 < Sizeof(Payload) < 1024 >> and >> SigByte N := LeastSignificantByte( CryptographicSignature( Payload N )) >> >> Each transmission frame (or maybe a superframe) has one byte of signature. >> By itself, one byte of authentication is not very trustworthy. But as N >> becomes large, the trust of the streaming signature becomes strong. In >> other words, if you do this over 64 payloads or more, it's good enough for >> amateur purposes. >> >> !!Dean >> KC4KSU >> >> On Aug 27, 2016, at 11:18 AM, Steve wrote: >> >>> That provides a second problem. What to do with an extra 63 bits? Not quite >>> enough for 6 bit amateur callsign routing, but I'm sure there is a lot of >>> ideas out there. 73/steve >>> ------------------------------------------------------------------------------ >>> _______________________________________________ Freetel-codec2 mailing >>> list [email protected] >>> https://lists.sourceforge.net/lists/listinfo/freetel-codec2 >> ------------------------------------------------------------------------------ >> _______________________________________________ >> Freetel-codec2 mailing list >> >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/freetel-codec2 > > > ------------------------------------------------------------------------------ > _______________________________________________ > Freetel-codec2 mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/freetel-codec2 ------------------------------------------------------------------------------ _______________________________________________ Freetel-codec2 mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/freetel-codec2
