 |
Introduction to Cryptography
Limitations of Conventional Secret-Key
Cryptography
The
solution to problems of identification, authentication, and privacy in computer-based
systems lies in the field of cryptography. Because of the non-physical nature
of the medium, traditional methods of physically marking the media with
a seal or signature (for various business and legal purposes) are useless.
Rather, some mark must be coded into the information itself in order to
identify the source, authenticate the contents, and provide privacy against
eavesdroppers.
Privacy protection using a symmetric algorithm, such as that within DES
(the government-sponsored Data Encryption Standard) is relatively easy in
small networks, requiring the exchange of secret encryption keys among each
party. As a network proliferates, the secure exchange of secret keys becomes
increasingly expensive and unwieldy. Consequently, this solution alone is
impractical for even moderately large networks.
DES has an additional drawback, it requires sharing of a secret key. Each
person must trust the other to guard the pair's secret key, and reveal it
to no one. Since the user must have a different key for every person they
communicate with, they must trust each and every person with one of their
secret keys. This means that in practical implementations, secure communication
can only take place between people with some kind of prior relationship,
be it personal or professional.
Fundamental issues that are not addressed by DES are authentication and
nonrepudiation. Shared secret keys prevent either party from proving what
the other may have done. Either can surreptitiously modify data and be assured
that a third party would be unable to identify the culprit. The same key
that makes it possible to communicate securely could be used to create forgeries
in the other user's name.
A Better Way: Public Key Cryptography
The problems of authentication and large network privacy protection were
addressed theoretically in 1976 by Whitfield Diffie and Martin Hellman when
they published their concepts for a method of exchanging secret messages
without exchanging secret keys. The idea came to fruition in 1977 with the
invention of the RSA Public Key Cryptosystem by Ronald Rivest, Adi Shamir,
and Len Adleman, then professors at the Massachusetts Institute of Technology.
Rather than using the same key to both encrypt and decrypt the data, the
RSA system uses a matched pair of encryption and decryption keys. Each key
performs a one-way transformation upon the data. Each key is the inverse
function of the other; what one does, only the other can undo.
The RSA Public Key is made publicly available by its owner, while the RSA
Private Key is kept secret. To send a private message, an author scrambles
the message with the intended recipient's Public Key. Once so encrypted,
the message can only be decoded with the recipient's Private Key.
Inversely, the user can also scramble data using their Private Key; in other
words, RSA keys work in either direction. This provides the basis for the
"digital signature," for if the user can unscramble a message
with someone's Public Key, the other user must have used their Private Key
to scramble it in the first place. Since only the owner can utilize their
own private key, the scrambled message becomes a kind of electronic signature
-- a document that nobody else can produce.
Authentication & Nonrepudiation: The VeriSign Digital
ID
A digital signature is created by running message text through
a hashing algorithm. This yields a message digest. The message digest is
then encrypted using the private key of the individual who is sending the
message, turning it into a digital signature. The digital signature can
only be decrypted by the public key of the same individual. The recipient
of the message decrypts the digital signature and then recalculates the
message digest. The value of this newly calculated message digest is compared
to the value of the message digest found from the signature. If the two
match, the message has not been tampered with. Since the public key of the
sender was used to verify the signature, the text must have been signed
with the private key known only by the sender. This entire authentication
process will be incorporated into any security-aware application.
What is a Digital ID?
Users of RSA technology typically attach their unique Public
Key to an outgoing document, so the recipient need not look up that Public
Key in a public key repository. But how can the recipient be assured that
this Public Key, or even one in a public directory, really belongs to the
person which it indicates? Could not an intruder masquerade in the computer
network as a legitimate user, literally sitting back and watching as others
unwittingly send sensitive and secret documents to a false account created
by the intruder?
The solution is the Digital ID -- a kind of digital "passport"
or "credential." The Digital ID is the user's Public Key that
has itself been "digitally signed" by someone trusted to do so,
such as a network security director, MIS help desk, or VeriSign, Inc. The
following figure presents a pictorial description of a Digital ID.
Every time someone sends a message, they attach their Digital ID. The
recipient of the message first uses the Digital ID to verify that the author's
Public Key is authentic, then uses that Public Key to verify the message
itself. This way, only one Public Key, that of the certifying authority,
has to be centrally stored or widely publicized, since then everyone else
can simply transmit their Public Key and valid Digital ID with their messages.
Using Digital IDs, an authentication chain can be established that corresponds
to an organizational hierarchy, allowing for convenient Public Key registration
and certification in a distributed environment.
Certification Hierarchies
Once a user has a Digital ID, what do they do with it? Digital
IDs have a wide variety of uses ranging from interoffice electronic mail
to global Electronic Funds Transfer (EFT). In order to use Digital IDs there
must be a high degree of trust associated with the binding of a Digital
ID to the user or organization linked with the Digital ID. This trust is
achieved by building hierarchies of Digital IDs, with all members of this
hierarchy adhering to the same set of policies. Digital IDs will only be
issued to people or entities, as potential members of a hierarchy, once
proof of identity has been established. Different hierarchies may have different
policies as to how identity is established and Digital IDs are issued.
VeriSign operates numerous Digital ID hierarchies. The Commercial CA
has a high degree of assurance as to the binding between the end-user's
Digital ID and the actual end-user. Members of RSA's Commercial CA will
have a high level of assurance, via adherence to the Policies, as to who
they are communicating with. This will not generally be the case when two
end-users, who are members of lower-assurance hierarchies, are communicating
with Digital IDs. Without the assurance associated with a properly managed
Digital ID hierarchy, the use of Digital IDs has limited value.
 |
