Introduction to Public Key Cryptography
Limitations of Conventional
Secret-Key Cryptography
The solution to problems of identification,
authentication, and privacy in computer-based
systems lies in the field of cryptography. Because
of the non-physical nature of the medium,
traditional methods of physically marking the
media with a seal or signature (for various
business and legal purposes) are useless. Rather,
some mark must be coded into the information
itself in order to identify the source,
authenticate the contents, and provide privacy
against eavesdroppers.
Privacy protection using a symmetric algorithm,
such as that within DES (the government-sponsored
Data Encryption Standard) is relatively easy in
small networks, requiring the exchange of secret
encryption keys among each party. As a network
proliferates, the secure exchange of secret keys
becomes increasingly expensive and unwieldy.
Consequently, this solution alone is impractical
for even moderately large networks.
DES has an additional drawback, it requires
sharing of a secret key. Each person must trust
the other to guard the pair's secret key, and
reveal it to no one. Since the user must have a
different key for every person they communicate
with, they must trust each and every person with
one of their secret keys. This means that in
practical implementations, secure communication
can only take place between people with some kind
of prior relationship, be it personal or
professional.
Fundamental issues that are not addressed by
DES are authentication and nonrepudiation. Shared
secret keys prevent either party from proving what
the other may have done. Either can
surreptitiously modify data and be assured that a
third party would be unable to identify the
culprit. The same key that makes it possible to
communicate securely could be used to create
forgeries in the other user's name.
Return
to top of page.
|
A Better Way: Public Key
Cryptography
The problems of authentication and large
network privacy protection were addressed
theoretically in 1976 by Whitfield Diffie and
Martin Hellman when they published their concepts
for a method of exchanging secret messages without
exchanging secret keys. The idea came to fruition
in 1977 with the invention of the RSA Public Key
Cryptosystem by Ronald Rivest, Adi Shamir, and Len
Adleman, then professors at the Massachusetts
Institute of Technology.
Rather than using the same key to both encrypt
and decrypt the data, the RSA system uses a
matched pair of encryption and decryption keys.
Each key performs a one-way transformation upon
the data. Each key is the inverse function of the
other; what one does, only the other can undo.
The RSA Public Key is made publicly available
by its owner, while the RSA Private Key is kept
secret. To send a private message, an author
scrambles the message with the intended
recipient's Public Key. Once so encrypted, the
message can only be decoded with the recipient's
Private Key.
Inversely, the user can also scramble data
using their Private Key; in other words, RSA keys
work in either direction. This provides the basis
for the "digital signature," for if the user can
unscramble a message with someone's Public Key,
the other user must have used their Private Key to
scramble it in the first place. Since only the
owner can utilize their own private key, the
scrambled message becomes a kind of electronic
signature -- a document that nobody else can
produce.
Return
to top of page.
|
Authentication &
Nonrepudiation: The VeriSign Digital
IDSM
A digital signature is created by running
message text through a hashing algorithm. This
yields a message digest. The message digest is
then encrypted using the private key of the
individual who is sending the message, turning it
into a digital signature. The digital signature
can only be decrypted by the public key of the
same individual. The recipient of the message
decrypts the digital signature and then
recalculates the message digest. The value of this
newly calculated message digest is compared to the
value of the message digest found from the
signature. If the two match, the message has not
been tampered with. Since the public key of the
sender was used to verify the signature, the text
must have been signed with the private key known
only by the sender. This entire authentication
process will be incorporated into any
security-aware application.
Return
to top of page.
|
What is a Digital
IDSM?
Users of RSA technology typically attach their
unique Public Key to an outgoing document, so the
recipient need not look up that Public Key in a
public key repository. But how can the recipient
be assured that this Public Key, or even one in a
public directory, really belongs to the person
which it indicates? Could not an intruder
masquerade in the computer network as a legitimate
user, literally sitting back and watching as
others unwittingly send sensitive and secret
documents to a false account created by the
intruder?
 The solution is the Digital ID -- a kind
of digital "passport" or "credential." The Digital
ID is the user's Public Key that has itself been
"digitally signed" by someone trusted to do so,
such as a network security director, MIS help
desk, or VeriSign, Inc. The following figure
presents a pictorial description of a Digital ID.
Every time someone sends a message, they attach
their Digital ID. The recipient of the message
first uses the Digital ID to verify that the
author's Public Key is authentic, then uses that
Public Key to verify the message itself. This way,
only one Public Key, that of the certifying
authority, has to be centrally stored or widely
publicized, since then everyone else can simply
transmit their Public Key and valid Digital ID
with their messages.
Using Digital IDs, an authentication chain can
be established that corresponds to an
organizational hierarchy, allowing for convenient
Public Key registration and certification in a
distributed environment.
Return
to top of page.
|
Certification Hierarchies
Once a user has a Digital IDSM, what
do they do with it? Digital IDs have a wide
variety of uses ranging from interoffice
electronic mail to global Electronic Funds
Transfer (EFT). In order to use Digital IDs there
must be a high degree of trust associated with the
binding of a Digital ID to the user or
organization linked with the Digital ID. This
trust is achieved by building hierarchies of
Digital IDs, with all members of this hierarchy
adhering to the same set of policies. Digital IDs
will only be issued to people or entities, as
potential members of a hierarchy, once proof of
identity has been established. Different
hierarchies may have different policies as to how
identity is established and Digital IDs are
issued.
VeriSign operates numerous Digital ID
hierarchies. The Commercial CA has a high degree
of assurance as to the binding between the
end-user's Digital ID and the actual end-user.
Members of RSA's Commercial CA will have a high
level of assurance, via adherence to the Policies,
as to who they are communicating with. This will
not generally be the case when two end-users, who
are members of lower-assurance hierarchies, are
communicating with Digital IDs. Without the
assurance associated with a properly managed
Digital ID hierarchy, the use of Digital IDs has
limited value.
Return
to top of page.
| |
