Data integrity
One key effort involves data integrity and digital signatures. Digital signatures are often used to sign data so that changes can be easily detected, but sometimes changes are acceptable -- even unavoidable.
Over decades or longer, applications may change and data may need to be reformatted. Yet any format change would render a digital signature useless. We have addressed this with new cryptographic protocols that establish the integrity of the data in the face of format changes.
A similar problem arises with data containing confidential or privacy-sensitive information that cannot be disclosed. HP researchers have developed improved digital-signature algorithms that allow data to be signed, but also allow confidential portions to be deleted or replaced with pseudonyms to protect privacy.
These techniques are being applied to establishing the integrity of enterprise event and audit logs, where a voluminous amount of information needs to be protected, and where disclosure of that information needs to be carefully controlled.
Identity-based encryption
Another area of focus is in the area of identity-based encryption (IBE), an emerging set of cryptographic techniques which provide mechanisms for flexible encryption of digital information.
Past encryption techniques relied on long, randomly generated keys that were associated with identities using digital certificates. But generating and managing those keys required a costly and complex infrastructure.
IBE avoids this complication by allowing the sender of an encrypted message to choose any arbitrary string – even an e-mail address -- as a public key. The decrypting key comes from a trusted server, which generates keys and manages policy enforcement.
W e are developing algorithms and reasoning techniques to secure IBE use in complex systems. In addition, we are contributing to industry standards for this type of encryption. |
Printable version
