| Introduction The purpose of cryptography is to make data storage and transmission secure. Security is achieved by means of encryption, that is, converting a clear-text message (plain text) into a data stream which looks like a meaningless and random sequence of bits (cipher text). A cryptographic algorithm, also known as cipher, is a mathematical function which uses plain text as the input and produces cipher text as the output (and vice versa). All modern ciphers use keys together with plain text as the input to produce cipher text. The same or a different key is supplied to the decryption function to recover plain text from cipher text. The details of a cryptographic algorithm are usually made public. It is in the key that the security of a modern cipher lies, not in the details of the cipher. Symmetric Cryptography In symmetric, or conventional, cryptography, the same key is used for both encryption and decryption. Symmetric cryptographic algorithms require that both the sender and receiver agree on a key before they can communicate securely. Most modern symmetric algorithms operate on 64-bit blocks of plain text. The encryption procedure usually consists of multiple and complex rounds of bit shifts, ActiveX Data Objects (Microsoft's newest high-level interface for data objects) (XORs), permutations, and substitutions involving plain text and key bits. Decryption is similar to encryption except that some operations may be performed in the reverse order. Some algorithms use fix-length keys; for others the key length may vary. The most popular symmetric ciphers are - DES (Data Encryption Standard) – a fixed key-length cipher which uses 56-bit keys.
- RC2 - a variable key-length cipher; the two commonly used implementations use 40-bit and 128-bit keys.
- Triple DES – applies DES encryption three times using three different keys, thereby increasing the effective key length to 56 x 3 = 168 bits.
One-Way Hash Functions A one-way hash function, also known as a message digest, fingerprint, or compression function, is a mathematical function that takes a variable-length input string and converts it into a fixed-length binary sequence. Furthermore, a one-way hash function is designed in such a way that it is hard to reverse the process, that is, to find a string that hashes to a given value (hence the name one-way.) A good hash function also makes it hard to find two strings that would produce the same hash value. Even a slight change in an input string should cause the hash value to change drastically. Even if 1 bit is flipped in the input string, at least half of the bits in the hash value will flip as a result. This is called an avalanche effect. Since it is computationally infeasible to produce a document that would hash to a given value or find two documents that hash to the same value, a document's hash can serve as a cryptographic equivalent of the document. This makes a one-way hash function a central notion in public-key cryptography. When producing a digital signature for a document, we no longer need to encrypt the entire document with a sender's private key (which can be extremely slow). It is sufficient to encrypt the document's hash value instead. The most popular one-way hash algorithms are MD4 and MD5 (both producing a 128-bit hash value), and SHA, also known as SHA1 (producing a 160-bit hash value). Public-Key Cryptography Unlike symmetric cryptography, public key cryptography uses two different keys (a key pair) - one public and one private. The keys are mathematically related, yet it is computationally infeasible to deduce one from the other. Anyone with the public key can encrypt a message but not decrypt it. Only the person with the private key can decrypt the message. Bruce Schneier, who writes about crytography1, compares public-key cryptography with a mailbox. He writes: "Putting mail in the mailbox is analogous to encrypting with the public key; anyone can do it. Just open the slot and drop it in. Getting mail out of a mailbox is analogous to decrypting with the private key. Generally it's hard; you need welding torches. However, if you have the secret (the physical key to the mailbox), it's easy to get mail out of a mailbox."2 Using public-key cryptography, two entities on a network (let’s call them Alice and Bob) can communicate securely using the following simple protocol: - Bob sends Alice his public key.
- Alice encrypts her message with Bob's public key and sends it to Bob.
- Bob decrypts Alice's message with his private key.
Notice that this protocol does not require any prior arrangements (such as agreeing on a key) for Alice and Bob to communicate securely. In real-world implementations, public keys are rarely used to encrypt actual messages because public-key cryptography is very slow, about 1000 times slower that conventional cryptography.3 Instead, public-key cryptography is used to distribute symmetric keys, which are then used to encrypt and decrypt actual messages, as follows: - Bob sends Alice his public key.
- Alice generates a random symmetric key (usually called a session key), encrypts it with Bob's public key, and sends it to Bob.
- Bob decrypts the session key with his private key.
- Alice and Bob exchange messages using the session key.
By far the most popular public-key encryption algorithm is RSA, developed by RSA Data Security, Inc. The acronym stands for Rivest, Shamir, and Adelman, the inventors of the technique. The algorithm is based on the fact that there is no efficient way to factor very large numbers. Using an RSA key, therefore, requires an extraordinary amount of computer processing power and time. RSA allows both the public and private key to be used for encryption. If a message is encrypted with someone's private key, it can only be decrypted with the corresponding public key. This feature can be used to generate digital signatures, as follows: - Alice computes a one-way hash of a document.
- Alice encrypts the hash with her private key. The encrypted hash becomes the document's signature.
- Alice sends the document along with the signature to Bob..
- Bob produces a one-way hash function of the document received from Alice, decrypts the signature with Alice's public key, and compares the two values. If they match, Bob knows that: (1) the document really came from Alice and (2) the document was not tampered with during transmission.
Man-in-the-Middle Attack The public key-based secure communication protocol between Alice and Bob described above is vulnerable to a man-in-the-middle attack. Let's assume that Mallory, an enemy hacker, not only can listen to the traffic between Alice and Bob, but also can modify, delete, and substitute Alice's and Bob's messages, as well as introduce new ones. Mallory can impersonate Alice when talking to Bob and impersonate Bob when talking to Alice. Here is how the attack goes: - Bob sends Alice his public key. Mallory intercepts the key and sends his own public key to Alice.
- Alice generates a random session key, encrypts it with "Bob’s public key (which is really Mallory's), and sends it to Bob.
- Mallory intercepts the message. He decrypts the session key with his private key, encrypts it with Bob's public key, and sends it to Bob.
- Bob receives the message thinking it came from Alice. He decrypts it with his private key and obtains the session key.
- Alice and Bob start exchanging messages using the session key. Mallory, who also has that key, can now decipher the entire conversation.
A man-in-the-middle attack works because Alice and Bob have no way to verify they are talking to each other. An independent third party that everyone trusts is needed to foil the attack. This third party could bundle the name "Bob" with Bob's public key and sign the package with its own private key. When Alice receives the signed public key from Bob, she can verify the third party's signature. This way she knows that the public key really belongs to Bob, and not Mallory. A signed package containing a person's name (and possibly some other information such as an E-mail address and company name) and his public key is called a digital certificate (or digital ID). An independent third party that everyone trusts, whose responsibility is to issue certificates, is called a Certification Authority (CA). Digital certificates are the topic of the next section. Digital Certificates A certificate is a data package that completely identifies an entity and is issued by a CA only after that authority has verified the entity's identity. The data package includes the public key that belongs to the entity. When the sender of a message signs the message with his private key, the recipient of the message can use the sender's public key (retrieved from the certificate either sent with the message or available elsewhere on the network) to verify that the sender is legitimate. A certificate can also be used to send an encrypted message to the certificate owner by using the public key contained in the certificate The X.509 protocol defines the following structure for public-key certificates: | Version | | Serial Number | | Signature Algorithm | | Issuer Name | Period of Validity - Not Before Date
- Not After Date
| | Subject Name | | Subject's Public Key | | Extensions | | Signature |
The version field identifies the certificate format. The serial number is unique within the CA. The signature algorithm identifies the algorithm used to sign the certificate. Issuer is the name of the CA. The period of validity is a pair of dates; the certificate is valid during the time period between the two. Subject is the name of the user to whom the certificate is issued. The subject's public key field includes the algorithm name and the public key itself. The last field is the CA's signature. You can obtain a personal certificate from companies like VeriSign www.verisign.com or Thawte www.thawte.com. S/MIME and Secure Mail Secure Multipurpose Internet Mail Extensions (S/MIME) is a de facto standard developed by RSA Data Security, Inc, for sending secure mail based on public-key cryptography. S/MIME is based on MIME, the industry standard format for electronic mail, which defines the structure of a message's body. S/MIME-supporting E-mail applications add digital signatures and encryption capabilities to that format to ensure message integrity, data origin authentication, and confidentiality of electronic mail. A signed E-mail message in the S/MIME format contains a digital signature attachment in the PKCS#7 format. This attachment contains the hash of the original message signed with the sender's private key, as well as the signer certificate. Enveloped (encrypted) mail is generated using a recipient's public key. The message is actually encrypted using a random symmetric key, and it is that symmetric key that is encrypted using the recipient's public key and sent along with the message. If a message is being sent to multiple recipients, the symmetric key is encrypted separately by every recipient's public key. The enveloped message and all encrypted symmetric keys are packaged together using the PKCS#7 format. S/MIME also supports messages that are first signed with the sender's private key and then enveloped using the recipients' public keys. Most major E-mail clients, including Microsoft Outlook 2000, Outlook Express, and Netscape Messenger, support the S/MIME format and do not require any plug-ins to read S/MIME-based encrypted and signed messages. For more information on S/MIME, visit http://www.rsa.com/smime About the Author Peter Persits is the founder and president of Persits Software, Inc., the
vendor of the popular ASP components AspUpload, AspNTUser, AspGrid,
AspAccessControl, and AspEmail. He has been developing software for
Microsoft platforms for over ten years. Peter holds a Master's degree in
Computer Science from American University (Washington, DC), and is a
Microsoft Certified Solution Developer. Peter Persits currently lives in
Arlington, VA.
|
