The rash of security problems on the Internet and the Web demonstrates that lack of trust is limiting the use of the Internet for business and commerce. For the Internet to realize its potential as a medium for information, trade, and entertainment, the public must have confidence that their transactions will be confidential and protected. Whether accessing personal data in on-line public databases or making a credit card purchase, the public must trust that the Internet is a secure place to do business. The foundation of the public’s trust will be built on a technology that has been used for centuries – encryption.
Until recently, cryptography was a technology used primarily by the military, diplomatic corps, and other government entities. Today, however, cryptography is becoming a commercial commodity and a fundamental building block to achieve security in a networked world. Technology advances are making cryptography both practical and inexpensive to use.
The emergence of networked computing needs little explanation here. Since its conversion from the U.S. Department of Defense network to a commercial enterprise in 1991, the Internet has grown exponentially. Barely a day goes by without references to the Internet in the morning newspaper, during a lunch time conversation, or on the evening news.
What is discussed increasingly, however, is how business on the Internet hasn’t reached its potential due to a lack of security. In order for electronic commerce to grow substantially, consumers and businesses must have the same trust in Internet business transactions as they do in the paper based business transactions today. Cryptography is recognized as having a big role in building that trust.
What follows is a brief explanation of how cryptography is employed. We will focus on four aspects: encryption, key management, digital signatures, and the public key infrastructure(s). All four aspects of cryptography are needed in order for the Internet to be used and trusted widely.
What Is Encryption?
Encryption products use algorithms to mathematically combine key with plain text to form encrypted or cipher text and to return the cipher text to its original plain text form.
For the last half century the principal encryption method was symmetric key, i.e., the use of the same algorithm to encrypt and decrypt by using the same key at the encryptor and decryptor. The cryptographic strength of a symmetric encryption system depends on the secrecy of the key since anyone knowing the key or with the ability to guess the key can decrypt the message. In most cases, the larger the key length, the harder it is to guess the key using brute force attacks that exhaust all possible keys.
There is much more to encryption, however, than just algorithms and keys; several supporting services are needed to enable encryption products to be used widely and securely. Without such services, using strong algorithms and keys are sometimes comparable to putting a bank vault door on a cardboard box.
What is Key Management?
The essential services needed to achieve security in encryption systems are typically called a key management infrastructure. A key management infrastructure can enable keys to be properly generated, securely transported, authenticated, and stored. In its most basic form, a secure key management infrastructure consists of a trusted person who properly generates a unique key, makes a copy of it, and hand-delivers the two copies to the two communicants without letting anyone else ever see the key. That way, the sender can encrypt with her copy of the key and the receiver can decrypt with his identical copy of the key.
For years, the key management infrastructures consisted of people hand-delivering keys to each pair of potential communicators. Such key management infrastructures became impractical when a large number of people needed to communicate. For example, if 10 people want to communicate, 90 keys need to be securely distributed. If 5,000,000 people want to communicate, approximately 25,000,000,000,000 keys (25 trillion) need to be distributed.
Furthermore, security was often degraded when keys were compromised during the delivery stage. In general, the use of encryption was not widespread in the past because of these key management infrastructure complexities and their impact on scalability of secure systems.
In the mid-70s, a new type of cryptographic technology called public key encryption was invented. Public key technology was indeed a breakthrough because it solves the key management scalability problem associated with symmetric key encryption and reduces the possibility of key compromise during delivery. Public key encryption does not eliminate the need for key management infrastructures. Rather, it enables alternative products and services to support the infrastructures.
A public key infrastructure does not require shared confidential keys to be pre-placed in order for people to communicate. Instead, each user has two related keys: a public key and a private key. As the names imply, the public key is published or stored in publicly accessible directories and the value private key is a secret, known only by the user. There is no magic involved; only the use of complex mathematics to effectively hide or make indeterminable the part of the key that must be kept secret, the private key.
To use this concept in real systems, each communicant is given or generates his own public key and private key pair. Using the RSA public key algorithm, the sender encrypts the session key (the key to be used with the symmetric key encryption algorithm) with the public key of the recipient. The recipient uses his own private key to decrypt the session key. (See the following chart for an analogy on how one form of public key cryptography works.) Using Diffie-Hellman public key algorithm, the communicants exchange public keys to generate a session key.
In the above figure, Alice uses Bob’s public key (shown as EBob) to encrypt the session key. When Bob receives Alice’s message, he decrypts it using his private key (DBob). Only Bob can read the encrypted session key since only he has the private key. Another way to consider this transaction is with the locked box analogy, illustrated below. Scenario: Alice wants to send a session key to Bob by protecting it with either a locked box or public key technology.
|Locked Box||Public Key Technology|
|Alice needs to enclose the session key in a box that only Bob can open.||Alice needs to encrypt the session key with a ket that only Bob can determine.|
|Bob gives Alice an opened combination lock; only he knows that lock's combination.||Bob gives Alice a "public" key; only he knows the key's corresponding "private" key.|
|Alice locks the session key in a box, using Bob's combination lock.||Alice encrypts the session key, using Bob's public key.|
|Alice's session key is delivered to Bob in the locked box.||Alice's encrypted session key is delivered to Bob.|
|Bob receives the box and opens the combination lock using the combination that only he knows.||Bob receives the encrypted session key and decrypts it using the private key that only he knows.|
|Bob reads the session key.||Bob reads the session key.|
In this system, the authenticity of the public key is essential since only the person with the matching private key can decrypt the message. For example, in the above analogy, you do not want to lock your key in a box with the wrong lock. To ensure that you do not get duped into using an adversary’s combination lock when you think you’re using Bob’s combination lock, you need a trusted authority to certify Bob’s combination lock.
Public Key infrastructure services help ensure public key authenticity and integrity since, without this certification service, users of computer networks have no way of verifying who they are talking to. Without a certified public key the user may have very strong encryption, but not know who is receiving the message at the other end.
What is Key Recovery?
In almost all areas of life and business we balance risks against costs or potential consequences. In the use of encryption we will have to make similar choices. If one uses strong cryptography with 128 bit session keys, the consequence of losing the private key that unlocks the session key is very large indeed. Using the fastest supercomputers made today it would take on average more than 8.6 trillion times the estimated age of the universe (11 billion years) to determine a 128 bit key by brute force attack. If the underlying data is valuable (e.g. your deceased father’s will or the original digital master of Titanic) then most people would want a way of recovering the information.
Key recovery involves storing sufficient information with trusted parties so that the keys can be recovered; therefore, the original information is recoverable. This is simply good business practice.
There are many different technical ways to provide this service. The safer approaches use various ways of splitting knowledge among several parties to minimize risk of misuse. The business (and private) users of encryption technology are becoming increasingly aware of the risks incurred in using strong encryption without planning for the orderly recovery of information and are pushing the encryption industry to develop safer, more elegant ways of providing this service as part of the system.
Key recovery can be built into the key management infrastructure or it can be a separate service. Whatever technical approach is used, it is essential that trust be built into the system so that security is preserved.
What is Digital Signature?
A robust and trusted means of authenticating electronic information is needed if the promise of electronic commerce is to be totally realized. Authentication generally has two components: one to prove that the information came from a specific user and the second to prove that the information has not been altered. Authentication is possible through the use of digital signatures, a technique that uses public key encryption to "sign" electronic documents.
In the era of symmetric key encryption, authentication was implicit in the distribution of the keys. Coded tables or codebooks were sometimes used to verify the identities of the communicants at either end of the link. Trust in the system came from the fact that all parties received their keys and authentication tables from the same trusted authority via a trusted distribution path.
Public key encryption provides a very robust and elegant way of digitally signing electronic information. The
technology is essentially the same as that used to provide confidentiality services (i.e., encryption), but uses
the inverse process. The digital signature schemes involve a two step process:
1. Generating a message digest or hash of the message.
2. Generating the signature by combining the message digest with the user's secret key.
By adding the signature to the message, everyone possessing your verified public key can go through a verification process and know that you originated it. Moreover, the signature attests to the integrity of the message -- the message had not been changed since you signed it, because any changes to the message after you signed it results in an invalid signature.
With digital signature, all of the trust in the signature is tied to whether or not you can trust the signer's public key. If you cannot verify that the public key value belongs to a specific person, corporation, or authorized agent, then digital signatures can be forged.
Even without encryption or confidentiality services, the use of digital signatures for authentication and data integrity would vastly improve the trustworthiness of electronic transactions on the Internet. The ability to verify the integrity of a transaction (the check is for $100.00 not $10,000.00) and to verify the originator (debit the account of Joe Smith not John Smith) is absolutely essential to successful implementation of electronic commerce.
This reinforces the point made earlier that electronic commerce demands a trusted method of binding users and their associated public key values. ). Digital signatures can also be used to support non-repudiation services analogous to the use of receipts in registered letters.
What is a Public Key Infrastructure?
The technology to bring good information security to diverse networked systems is fairly well developed and understood. It is based on the use of encryption, key management, key recovery, and digital signatures. Since key management and digital signatures are based on public key technologies, good information security requires a Public Key Infrastructure, PKI. The PKI provides a means for obtaining certified public numbers.
There are two distinct approaches and hybrids thereof, for creating a PKI:
1. Public key certificates
2. Trusted directories
Public key certificates are documents in electronic form that bind or confirm that a public key value belongs to a specific user of that public key. The certificates are digitally signed by the certificate authority, which becomes the principal source of trust for digital transactions involving public keys that it has signed. Because the validity of the certificate authority’s signature requires unquestionable validity of its public key, the certificate authority must be well known and its public key independently verifiable by the users.
A trusted directory is a database that contains the binding between a public key value and a specific user of the public key. Any user requiring a certified public key must trust the particular directory (analogous to trusting a certificate authority) and must have secured access to the directory. As with public key certificates, many times this requires the trusted directory to digitally sign the binding between the public key and the user before the directory entry is sent to user.
Implementing public key encryption, digital signature, and other security services on a broad scale –nationally or internationally – will require the establishment of many certificate authorities and/or trusted directories.
For example, in establishing a home banking service that uses Internet communications, the bank will likely establish its own PKI. It will generate public and private key pairs and issue them to “validated” banking customers in the form of public key certificates or as records in a trusted directory. To enhance security the bank will “embed” and sign (with a master public key) its own public key value in the software so as to minimize the risk of forged public keys or software tampering.
What else makes public key technology amenable to the Information Age? One of its biggest plusses is that it is scaleable; millions of users can use encryption with modest key management costs (as compared to symmetric key technology.
In summary, a public key infrastructure will:
1. verify the integrity of user identities & keys;
2. generate user public and private key pairs;
3. link user identities with their keys;
4. access the database of user identities & keys;
5. delete invalid user identities & keys;
6. delete compromised keys or recover lost keys.
All of the above services are prerequisites to the widespread deployment of products based on public key encryption. The authenticity and integrity of the public key value for each individual are the absolute foundation of trustworthy public key encryption.
The inexorable consumer demand for products and services that provide convenience to our lives and businesses -- cordless telephones, electronic mail, Internet shopping, etc. -- has helped transform cryptography from a camouflage-green soldier’s tool to a desktop, family-room Information Age enabler.
As consumers have become more aware of the need for services enabled by cryptography, we can expect an increased demand for more and better cryptographic technologies in products and services. However, cryptography in and of itself will not secure the Information Age. The availability, scalability and security of Key Management and Public Key Infrastructures will determine how widely and securely cryptography can be used.
Effective electronic commerce will not happen until the infrastructure(s) are in place. The reasons are twofold. First, products without a supporting infrastructure are usually not interoperable or scaleable. Second, the security of new network services is suspect. The use of cryptography without the appropriate Key Management and Public Key Infrastructures provide inadequate trust for widespread use.
We do not foresee the emergence of an all-encompassing, grand infrastructure. Rather, we expect that the infrastructures will evolve out of islands of infrastructures; each island conceived for a specific purpose and refined with experience.
As networks proliferate, all countries that are, or will be, major users of encryption are considering how to maximize its positive aspects and minimize its negative aspects. Questions that dominate the discussions are if, how, and under what circumstances, encryption keys should be available to law enforcement.
As it appears today, there will not likely be a single acceptable worldwide policy solution to key recovery in the near future. Technical solutions like CyKey provide the foundations on which government's can build their policies. Because of CyKey, key recovery policies, or the lack of it, can be driven by consumer demand and domestic laws, not technical capability. Diverse cultures and political climates will cause governing policies to be different.
Cryptography combined with a trustworthy Key Management Infrastructure and a secure Public Key Infrastructure, makes encryption a promising tool for the information age. Without these Infrastructures, public key encryption is a formula for an “electronic Tower of Babel.”
This paper is submitted courtesy of Cylink Corporation.