Authenticating encrypted data

Abstract

Traditionally message authentication codes (MACs) and the process of encryption are treated as orthogonal security mechanisms, where MACs are used to prove data authenticity while encryption is used to preserve confidentiality. In this paper we propose to integrate the two in a framework where the parameterized hash value of an encrypted image is designed to be the same as the hash value of the parent unencrypted original image. This form of privacy preserving authentication has applications in database searches containing sensitive files such as sets of patient's X-ray records. The main challenge here is to develop a parametric hashing algorithm that is invariant to encryption by allowing a small part of the statistical signature of the original image to emerge despite the encryption process. Since the hash value is computed without decrypting the original data, one can prove authenticity without actually revealing the information. Our contribution is twofold: (1) Formulation of this new problem of authenticating encrypted data and (2) Development of a simple hashing algorithm applicable to encrypted images.