Understanding Public-Key Infrastructure

Understanding Public-Key Infrastructure

5.0 1
by Steve Lloyd
     
 

This book is a tutorial on, and a guide to the deployment of, Public-Key Infrastructures. It covers a broad range of material related to PKIs, including certification, operational considerations and standardization efforts, as well as deployment issues and considerations. Emphasis is placed on explaining the interrelated fields within the topic area, to assist those… See more details below

Overview

This book is a tutorial on, and a guide to the deployment of, Public-Key Infrastructures. It covers a broad range of material related to PKIs, including certification, operational considerations and standardization efforts, as well as deployment issues and considerations. Emphasis is placed on explaining the interrelated fields within the topic area, to assist those who will be responsible for making deployment decisions and architecting a PKI within an organization.

Product Details

ISBN-13:
9781578701667
Publisher:
Sams
Publication date:
11/09/1999
Series:
Technology Series
Pages:
296
Product dimensions:
7.53(w) x 9.40(h) x 1.05(d)

Related Subjects

Read an Excerpt


Chapter 1:

Public-Ke Cryptograpby

This chapter introduces the main concepts of public-key cryptography. The treatment is intentionally high level and brief, touching on only aspects directly relevant to an understanding of the remainder of this book. For a broader and more thorough discussion, please read the Handbook of Applied cryptography by A. Menezes, P. van Oorschot, and S. Vanstone [MvOV97], Applied Cryptography.- Protocols, Alyoritbms, and Source Code in C by B. Schneier [Sch96], Cryptograpby and Network Security: Principles and Practice by W. Stallings [ Sta99 ], or Cryptograpby: Theory and Practice by D. Stinson [ Sti9 5

Symmetric Versus Asymmetric Cipbcrs

For as long as humans have communicated, there has been a desire to keep some communications confidential (that is, "hidden") from unintended recipients. Over thousands of years, countless methods for hiding data have been devised. One class of methods attempts to transform the words, letters, or bits to be communicated into something that looks like gibberish rather than a meaningful message. The intended recipient must be able to transform the gibberish back to its original form (in order to read the sender's message), but any other recipient-such as an eavesdropper-should be able to recover nothing more meaningful than the transmitted gibberish.

Two categories of mechanisms exist for performing the transformation of text to gibberish and back. The following section defines and discusses symmetric (secret key) ciphers; asymmetric (public key) ciphers are the focus of the "New Directions: Public Key" section.

secret Key

Until the middles, the only mechanism known in the open literature for this transformation to gibberish and back was for the sender and the intended recipient to share some secret information that specified how the transformation was to be performed.

As one simple, well-known example of this, the shared secret information might specify that each letter in the original message is to be replaced with the letter 13 places ahead in the English alphabet. For example, A is replaced with N, B is replaced with 0, Z is replaced with M (13 places ahead after wrapping around to A again), and so on. In this case, the secret information to transform the transmitted gibberish back into a readable message is identical: The letter 13 places ahead of N is A; 13 places ahead of 0 is B; 13 places ahead of M is Z; and so on.

To use the terminology commonly adopted in the field, the shared secret information specifying exactly how the transformation to and from gibberish is to be accomplished (for example, the value 13 in the preceding example) is called a key. The transformation to gibberish is called encryption; the transformation back to the original text is called decryption. The original message, called plaintext, is encrypted to gibberish, called cipbertext, which can then be decrypted by the intended recipient back to the corresponding plaintext. The entire confidentiality mechanism (that is, the encryption and clecryption algorithms) is called a cipher. More precisely, the confidentiality mechanism is called a symmetric cipher when one of the following is true:

  • When the encryption key and the decryption key are identical (as earlier, where both have the value 13)
  • When one key is very easily derived from the other (as in a slight variation of the earlier example, where encryption is accomplished by rotating ahead five letters, and decryption is accomplished by rotating back five letters)
As noted earlier, symmetric ciphers, ranging from the very simple to the highly sophisticated, have existed for thousands of years, and new ones continue to be invented all the time. The earlier example is commonly known as ROT-13 (or, more generally, as a simple substitution cipher). More modern examples include DES [FIPS46], IDEA [Lai92], RC5 [Rivest95], CAST-128 [Adams97, RFC2144], and the candidates for the Advanced Encryption Standard sponsored by the U.S. National Institute of Standards and Technology (for example, see "Advanced Encryption Standard Development Effort" [AES]).

Note

The Advanced Encryption Standard effort is NIST's process to select a symmetric cipher to officially replace the Data Encryption Standard (DES), primarily for U.S. government use but likely for much broader application as well. Scheduled to be chosen in the summer of 2000 from an initial field of 15 candidates, the AES cipher is expected to provide high cryptographic security for the next 20-30 years. Because of this long-term view, NIST requirements dictate that the AES will have a variable-length key size up to 256 bits (whereas many current ciphers have a key size up to 128 bits).

Although symmetric ciphers can possess some very desirable characteristics (such as a small implementation size, and encryption/clecryption speeds that can reach tens of megabytes per second or more), they also suffer from some significant drawbacks in some environments. These include

  • The need for secret key exchange
  • Difficulties of scale
  • Difficulties in initiating secure communication between previously unknown parties
The following sections briefly discuss these drawbacks.

The Need for Secret Key Excbange

For their security, symmetric ciphers rely completely on the fact that the sender and the intended recipient alone share some secret information (a key) prior to the transmission of the message. Therefore, the conveyance of this key requires that a separate, out-of-band, secure communication must occur prior to the intended communication. This additional step, although feasible in some environments, can be extremely difficult or highly inconvenient in some circumstances.

Difficulties of Scale

The secret key shared between Alice and Bob must be different from the secret key shared between Alice and Catherine; otherwise, the confidentiality of messages intended for Bob is compromised. In a community of 1,000 users, then, Alice could potentially have to maintain 999 secret keys (actually, 1,000 if she also wants to encrypt data just for herself). Because the same is true for each of the other users, this community could collectively hold something close to half a million unique secret keys! As the community grows, the storage and maintenance of such a large number of keys can quickly become unmanageable (a community of n users may require up to W/2 unique secret keys, including the key each user holds for him/herself). Manageability problems become even more pronounced when you consider that keys do not last forever but typically are replaced periodically with new ones to limit the amount of data encrypted under a single key.

Communications Difficulties between Unknown Entities

The need for a separate, out-of-band secret key exchange step can lead to tremendous difficulties when entities are unknown to each other (that is, when the entities have had no previous contact or relationship). Alice knows that there is a lawyer named Bob with whom she needs to have a confidential conversation....

Read More

Customer Reviews

Average Review:

Write a Review

and post it to your social network

     

Most Helpful Customer Reviews

See all customer reviews >