Encryption is esentially the transformation of meaningful data
into non-meaningful data for the purposes of transportation so that anyone without a secret decryption key can not read the original meaningful data unless they are the intended recipient of the data. Privacy is ensured by keeping the information hidden from anyone for whom it is not intended, even those who can see the encrypted (meaningless) data. As a simple example it is possible to encrypt files on a hard disk to prevent intruders from reading them. However, when the environment, where data is exchanged, has many people transferring data within it, the risks of intruders, be they passive (attempting to read the data) or active (attempting to corrupt the data), increases to the point of justifying that all data packets leaving a particular node need to be encrypted.
Encryption allows secure communication over an insecure data comunications channel. It works as follows:
1. The sender intends to send a message to the recipient. The data is not to be seen by any other person that may also be using the same environment.
2. The sender completes writing the message which when read is meaningful. This is the plaintext.
3. He/She then encrypts the message with an encryption key. There are different types of encryption discussed below.
4. The encrypted message is sent off down the insecure communications channel to the intended recipient. The message in this meaningless form is called the ciphertext.
5. On arrival of the encrypted message, the receiver decrypts the ciphertext with the decryption key and reads the message.
6. While the ciphertext is in transit, an intruder, in order to read the message, may try the following: - obtain the secret key (eg by theft) or - recover the plaintext without using the secret key.
A secure Cryptosystem is one where the plaintext cannot be recovered from the cipherte Secret-key cryptography is a very straightforward agreement between sender and receiver a message. Each party knows and uses the same secret key. It works very simply: 1. The sender uses the secret key to encrypt the message.
2. The receiver uses the same secret key to decrypt the message.
This form of cryptography has one hugely insecure factor. How to keep the 'secret' key as a secret! The sender and receiver must agree on the secret key (usually text of some form, similiar to a login password) without any other party finding out.
If they are in separate physical locations, communication is required to agree on the key. They must trust a courier, the phone system, or some other transmission system to ensure that the secret key being communicated is not disclosed to anyone else but the two parties.Anyone who overhears or intercepts the key while in transit is capable of decrypting and thus reading all messages encrypted using that key. This is the generation, transmission and storage of keys. All cryptosystems have to deal with key management issues. Secret-key cryptography often has difficulty providing secure key management due to the insecurity of agreeing on a secret key in the first place. Diffie and Hellman solved the key management problem in 1976 by inventing Public-key cryptography. This cryptosystem is based on the idea that each person gets a pair of keys, called a public key and a private key. Every user gets their public key published but the private key is kept secret. So the sender and receiver need not have to agree on, and communicate secret information (ie a key).
All communication involves public keys only. No private key is ever transmitted or shared. So trusting some communications channel to be secure against eavesdropping or betrayal is no longer an issue. The most important requirement is that no party can figure out the private key from the corresponding public key. Any sender can send a confidential message just using the intended recipient's public key, but it can only be decrypted with the private key solely in the possession of the receiver. Furthermore, public-key cryptography aswell as being used for privacy (encryption), can also be used for authentication (digital signatures - discussed below). How Public-key cryptography functions: 1. The sender wishes to send a message to the receiver
2. He/She looks up the receiver's public key in a directory
3. The public key is used to encrypt the message and it is sent off
4. The receiver uses his/her private key to decrypt the message and read it.
5. No other party listening in can decrypt the message.
6. Anyone can send an encrypted message to the receiver but only the receiver can read it. RSA was invented in 1977 by Ron Rivest, Adi Shamir, and Leonard Adleman. It is a public-key cryptosystem used for the purposes of both encryption and authentication.
1. Take two large primes, p and q.
2. Find their product n = pq; n is called the "modulus".
3. Choose a number, e, less than n.
4. e must also be relatively prime to (p-1)(q-1).
5. Find its inverse, d, mod (p-1)(q-1).
6. This means that ed = 1 mod (p-1)(q-1).
7. e and d are called the public and private exponents, respectively.
8. The public key is the pair (n,e) and the private key is d.
9. The factors p and q must be kept secret, or destroyed.
It is presumed to be too difficult to obtain the private key d from the public key (n,e). This is the fundamental irony of RSA. We could call this both a flaw and an adequately good enough security measure. If an intruder could factor n into p and q, then he could obtain the private key d 1. The sender wants to send a private message, m, to the receiver.
2. The sender creates the ciphertext c by exponentiating: c = m^e mod n, where e and n are the receiver's public key.
3. To decrypt, the receiver performs the exponentiation: m = c^d mod n, and recovers the original message m.
4. The relationship between e and d ensures that the receiver correctly recovers m.
5. Since only the receiver knows d, only he/she can decrypt the message.
While encryption dates back to the times of Caesar, digital signatures are more recent. This is due to the proliferation of digital communications and in this context the exponential growth of the Web. Authentication is the use of digital signatures and holds the same function and meaning for digital documents as handwritten signatures do for printed documents. In paper and ink terms, a signature is an unforgeable piece of information unique to a particular person who has written or has agreed with the contents of the document where their signature is attached. The recipient (as well as a third party) can verify that the document did originate from the person whose signature is attached and also that the document has not been tampered with since it was signed and dispatched.
The same concepts hold for electronic messages. Authentication in the context of Web Security is where the receiver of a digital data message can be confident of the identity of the sender and of the validity of the message.
Popular examples of authentication protocols in use today are: secret- key cryptosystem: DES, public-key system: RSA (detailed below) Authentication in public-key systems uses digital signatures. All secure cryptosystems consist of two parts: The method of signing the document at the senders end, making forgery an impossibility, and the method of verifying that the signature was actually generated by the real sender, at the receivers end. The advantages and disadvantages: The obvious advantage of public-key cryptography is increased security in that the private keys need not ever be communicated, transmitted or revealed to anyone.
This, in contrast, is the insecurity of a secret-key system. There is always the possiblility that another rogue party could discover the secret key while it is being transmitted for agreement purposes.
From the authentication point of view public-key systems are a major advantage in that they can provide a method for digital signatures.
".
Authentication via a secret-key system would require the sharing of some secret key and sometimes requires trust of a third party as well. A sender could then deny any association with a previously signed message by claiming that the shared secret was somehow compromised by one of the parties sharing the secret.
However this conflict would never arrive using public-key authentication because each user is responsible for protecting his/her private key. This property of public-key authentication is called "non-repudiation".
From the judicial point of view, digitally signed messages can be proved authentic to a third party, such as a judge, thus allowing such messages to be legally binding.
The major disadvantage of using public-key cryptography for encryption is speed of encrypting a message before dispatching it. Most popular Secret-key encryption methods are significantly faster than any public- key encryption methods currently available. So obviously the trade-off involves secure key management against speed.
A compromise is achieved where public-key cryptography can share the burden with secret-key cryptography to get the best of both worlds.
In order to utilise both the security advantages of public-key systems, and the speed advantages of secret-key systems, the solution is to combine public- and secret-key systems. Initially the public-key system can be used to encrypt a secret key. The secret is probably small in size, so speed of encryption is not important. Once such a key has been securely communicated between patries, it is then used to encrypt a complete file or message. This may be large in size, but the sender and receiver have the assurance that it is being encrypted as quickly as possibly and that the secret- key has been shared using a sound secure method. This is indeed the case in RSA
Public-key cryptography is not meant to replace secret-key cryptography, but rather to supplement it, to make it more secure. The first use of public- key techniques is for secure key exchange in an (otherwise) speedy secret-key system. Hence secret-key cryptography is still extremely important