10.

Under public key encryption, a person wishing to send an encrypted message to another person or organization acquires the recipient’s public key and uses that key to encrypt the message. The recipient uses their private key to decrypt the message. Since each user or organization in a public key system only has to maintain two keys, one public and one private, regardless of the number of persons or locations in the system the total number of keys required for n users becomes 2*n. Thus, for a large n the number of keys required is significantly reduced from the 2ⁿ-2 keys required for a private key based encryption system.

The use of a public key based encryption system results in keys providing one-way encryption and decryption based upon the type of key used, public for encryption, private for decryption. Thus, another term commonly used to reference a public key encryption system is an asymmetric encryption system.

From a mathematical perspective the ciphertext, E_k(x), is computed using a public key (k_p) which has a mathematical relationship to the private key (k_r). Unlike a private key system where D_k(E_k(x)) results in the reconstruction of the original plaintext, D_k(x) cannot be easily computed from k_p without knowledge of k_r. Instead, D_k(x) is easily computed when the private key (k_r) is known. The key to the use of a public key system is the ability for individuals to generate their own public and private keys so that they can freely distribute their public key to persons they may wish to communicate with in a secure manner. Through the use of exponentiation and large prime numbers it becomes possible to generate relatively long public and private keys. While it is possible for other persons to use similar algorithms to generate public and private keys in an attempt to decrypt data encrypted by another person, the time required to factor relatively long primes would require the use of supercomputers for decades. Thus, you can be reasonably assured that properly developed public and private key pairs provide a high degree of protection for messages well into the future.

Key Generation, Management, and Distribution

An enciphering system that produces billions of possible key combinations may be extremely vulnerable if keys are selected in a manner in which their possible composition can be easily guessed. For example, a birth date or home address would not be advisable for use as a key as they represent one of the first trials in a trial-and-error process an unauthorized person will more than likely attempt to use as a key. Ideally, keys should be generated based upon some random process. However, if you’re traveling and wish to use your laptop or notebook computer to transmit or receive private messages enciphered according to a predefined key, you would probably prefer to remember PCATV instead of Q4R51. Because PCATV is obviously an easier guess than Q4R51, you can consider using a random process to generate keys and store those keys for use over a predefined period of time on a computer file enciphered using a different key. Then, employees would only be tasked with remembering one key for a period of time to access a list of keys and the period of time each key is valid for use. This technique is one of many methods associated with key management.

Key management can be considered the process of generating, maintaining, and distributing keys. In addition, this activity is responsible for defining what action or actions to take in the event a cipher system or key to a cipher system is lost or compromised.

The key management process, as well as functions associated with this process, will vary from organization to organization based upon a variety of factors. Those factors may include the number of employees that require knowledge of an enciphering key, their geographical distribution, and the integrity of the firm’s internal mail service. Additionally, the type of key system, public or private, will significantly affect the key distribution method. Some organizations post public keys on their Web servers or deliver those keys via internal interoffice mail in a manner similar to which computer passwords are distributed. Other organizations distribute keys via registered mail, through the use of the corporate electronic mail system enciphered using the current key, or in plaintext. Obviously, the repeated distribution of new private keys in plaintext or enciphered using the currently-in-use key opens the organization to a potentially compromising situation. However, you should remember that many organizations simply want a mechanism to keep personal communications personal and are not looking for nor do they seek an elaborate method to guarantee that their communications will never be broken. Although some sophisticated methods to distribute keys are discussed in succeeding chapters, our primary focus of attention will be placed on practical and efficient methods to distribute keys.

Regardless of the manner in which new keys are distributed, they should be distributed because employees will leave the organization, lose their keys, misplace a message containing a listing of keys, and do other things which in hindsight can compromise a system.

---

Perhaps one of the more interesting public compromises of security occurred when a president of the United States was photographed with a document folded in his suit pocket. The document was folded in such a manner that a keyword was prominently displayed in the photograph that appeared in newspapers. Fortunately for national security, the keyword denoted a classification associated with a special type of communications and did not reflect the key used to encipher communications. Unfortunately for many persons involved in national security, the display of the keyword resulted in a large amount of unpaid overtime required to rapidly change the keyword used to classify the type of communications exposed to the public.

---