Methods to Encrypt and Authenticate Digital Files in Distributed Networks and Zero-Trust Environments

Abstract

The methods proposed in this paper are leveraging Challenge–Response–Pair (CRP) mechanisms that are directly using each digital file as a source of randomness. Two use cases are considered: the protection and verification of authenticity of the information distributed in storage nodes and the protection of the files kept in terminal devices operating in contested zero-trust environments comprised of weak signals in the presence of obfuscating electromagnetic noise. With the use of nonces, the message digests of hashed digital files can be unique and unclonable; they can act as Physical Unclonable Functions (PUF)s in challenge–response mechanisms. During enrollment, randomly selected “challenges” result in unique output data known as the “responses” which enable the generation and distribution of cryptographic keys. During verification cycles, the CRP mechanisms are repeated for proof of authenticity and deciphering. One of the main contributions of the paper is the development of mechanisms accommodating the injection of obfuscating noises to mitigate several vectors of attacks, disturbing the side channel analysis of the terminal devices. The method can distribute error-free cryptographic keys in noisy networks with light computing elements without relying on heavy Error Correcting Codes (ECC), fuzzy extractors, or data helpers.