Cryptography and You: What is it All About?

The rapid growth of Internet use has given rise to new security concerns. Any company that does not configure a strong security infrastructure is putting the company at risk. An unscrupulous person could, if security were lax, steal information or modify business information in a way that could result in major financial disaster. To protect the organization's information, the man in the middle must be eliminated. Cryptographic technologies provide a way to identify both users and servers during network use.

Public Key Cryptography

Encryption is the process of changing a cleartext message into an unreadable form to protect sensitive data. The transformation from the scrambled form, known as ciphertext, back to cleartext is called decryption.

Cryptography can be dated back to around 2000 B.C. in ancient Egypt. Through time and civilizations, ciphering text played an important role in wars and politics. As modern times provided new communication methods, scrambling information became increasingly more important. World War II brought about the first use of the computer in the cracking of Germany's Enigma code. In 1952, President Truman created the National Security Agency at Fort Meade, Maryland. This agency, which is the center of U.S. cryptographic activity, fulfills two important national functions: it protects all military and executive communication from being intercepted, and intercepts and unscrambles messages sent by other countries.

Three types of cryptographic functions exist. The hash function does not involve the use of a key at all, but uses a mathematical algorithm on the data to scramble it. The secret key method of encryption, which involves the use of a single key, is used to encrypt and decrypt the information and is sometimes referred to as symmetric key cryptography. An excellent example of secret key encryption is the decoder ring you may have had as a child. Any person who obtained your decoder ring could read your "secret" information.

There are basically two types of symmetric algorithms. Block symmetric algorithms work by taking a given length of bits known as blocks. Stream symmetric algorithms operate on a single bit at a time. One well-known block algorithm is Data Encryption Standard (DES). Windows 2000 uses a modified DES and performs that operation on 64-bit blocks using every eighth bit for parity. The resulting ciphertext is the same length as the original cleartext. For export purposes, the DES is also available with a 40-bit key.

One advantage of secret key encryption is the efficiency with which it takes a large amount of data and encrypts it. Symmetric algorithms can also be easily implemented at the hardware level. The major disadvantage of secret key encryption is that a single key is used for both encryption and decryption. There must be a secure way for the two parties to exchange the one secret key.

In the 1970s, the disadvantage of secret key encryption was eliminated through the mathematical implementation of public key encryption. Public key encryption, also referred to as asymmetric cryptography, replaced the one shared key with each user's own pair of keys. One key is a public key, which is made available to everyone and used for the encryption process only. The other key in the pair, the private key, is available only to the owner. The private key cannot be created as a result of the public key's being available.

Data that is encrypted by the public key can only be decrypted using the private key of the pair. It is also possible for the owner to use a private key to encrypt sensitive information. If the data is encrypted using the private key, the public key in that pair of keys is needed to decrypt the data.

The public key is made available to everyone, so a secure key exchange channel is not needed. Figure 4.1 shows the encryption process using the receiver's public key. Bob wants to send Alice a file that is encrypted so only she can access it. Bob encrypts the file with Alice's public key. The encrypted file is sent to Alice. She uses her private key to decrypt the file. As long as Alice's private key is protected, the encrypted data is also protected.

Figure 4.1: Encrypting Data

Public key cryptography can do everything secret key cryptography can do, but at a much slower pace. To work around the speed problem of public key encryption, designers often incorporate the two encryption methods together. The designers of Windows 2000 did just that. Any data that requires a fast encryption method is handled by secret key encryption, while the encryption of the secret key itself is handled by public key cryptography. Public key encryption is slow, but because the secret key is small, this method of encryption does not have an impact on the overall process.

Public Key Functionality

Public key cryptography brings major security technologies to the desktop in the Windows 2000 environment. The network is now provided with the capability to allow users to safely do the following:

• Transmit over insecure channels

• Store sensitive information on any commonly used media

• Verify a person's identity for authentication

• Prove that a particular person generated a message

• Prove that the received message was not tampered with in transit

Algorithms based on public keys can be used for all of these purposes. The most popular public key algorithm is the standard RSA, which is named after its three inventors: Rivest, Shamir, and Adleman. The RSA algorithm is based on two prime numbers with more than 200 digits each. A hacker would have to take the ciphertext and the public key and factor the product of the two primes. As computer-processing time increases, the RSA remains secure by increasing the key length, unlike the DES algorithm, which has a fixed key length.

Public key algorithms provide privacy, authentication, and easy key management, but they encrypt and decrypt data slowly because of the intensive computation required. RSA has been evaluated to be from 10 to 10,000 times slower than DES in some environments, which is a good reason not to use public key algorithms for bulk encryption.

Digital Signatures

Forgery is a security issue. When information is sent electronically, no human contact is involved. The receiver wants to know that the person listed as the sender is really the sender and that the information received has not been modified in any way during transit. A hash algorithm is implemented to guarantee the Windows 2000 user that the data is authentic. A hash value encrypted with a private key is called a digital signature. Anyone with access to the corresponding public key can verify the authenticity of a digital signature. Only a person with a private key can generate digital signatures. Any modification makes a digital signature invalid.

The purpose of a digital signature is to prevent changes within a document from going unnoticed and also to claim the person to be the original author. The document itself is not encrypted. The digital signature is data sent along with the document that is guaranteed not to be tampered with. A change of any size invalidates the digital signature.

When King Henry II had to send a message to his troops in a remote location, the letter would be sealed with wax, and while the wax was still soft the king would use his ring to make an impression in it. No modification occurred to the original message if the seal was never broken during transit. There was no doubt that King Henry II had initiated the message, because he was the only person possessing a ring that matched the waxed imprint. Digital signatures work in a similar fashion, in that only the sender's public key can authenticate both the original sender and the content of the document.

Digital signatures are generated by a message digest, which is a number generated by taking a message and using a hash algorithm. A message digest is regarded as a fingerprint and can range from a 128-bit number to a 256-bit number. A hash function takes variable-length input and produces a fixed-length output. The message is first processed with a hash function to produce a message digest. This value is then signed by the sender's private key, which produces the actual digital signature. The digital signature is then added to the end of the document and sent to the receiver along with the document.

Because the mere presence of a digital signature proves nothing, verification must be mathematically proven. In the verification process, the first step is to use the corresponding public key to decrypt the digital signature. The result produces a 128-bit number. The original message is processed with the same hash function used earlier and results in a message digest. The two resulting 128-bit numbers are then compared, and if they are equal, notification is received of a good signature. If a single character has been altered, the two 128-bit numbers will be different, indicating that a change has been made to the document, which was never scrambled.

Figure 4.2 illustrates the generation of a digital signature. The original message is processed with a mathematical function to generate a message digest. The sender's private key is used to encrypt the message digest, and the final result is a digital signature.

Figure 4.2: Generating a Digital Signature

Authentication

Public key cryptography can provide authentication instead of privacy. In Windows 2000, the receiver of the information sends a challenge. The challenge can be implemented one of two ways.

In the first authentication method, a challenge to authenticate involves sending an encrypted challenge to the sender. The challenge is encrypted by the receiver, using the sender's public key. Only the corresponding private key can successfully decode the challenge. When the challenge is decoded, the sender sends the plaintext back to the receiver. This is the proof for the receiver that the sender is truly the sender.

For example, when Alice receives a document from Bob, she wants to authenticate that the sender is really Bob. She sends an encrypted challenge to Bob, using his public key. When he receives the challenge, Bob uses his private key to decrypt the information. The decrypted challenge is then sent back to Alice. When Alice receives the decrypted challenge, she is convinced that the document she received is truly from Bob.

The second authentication method uses a challenge that is sent in plaintext. The receiver, after receiving the document, sends a challenge in plaintext to the sender. The sender receives the plaintext challenge and adds some information before adding a digital signature.

The challenge and digital signature now head back to the sender. The digital signature is generated by using a hash function and then encrypting the result with a private key, so the receiver must use the sender's public key to verify the digital signature. If the signature is good, the original document and sender have at this point been verified mathematically. Figure 4.3 uses Alice and Bob to demonstrate the plaintext challenge.

Figure 4.3: Plaintext Authentication Challenge

This type of authentication is referred to as proof of possession. The sender must prove they are who they say they are by having the correct corresponding private key. The receiver of the document always starts the process. The document is never encrypted in this authentication process.

Secret Key Agreement via Public Key

The PKI of Windows 2000 permits two parties to agree on a secret key while using nonsecure communication channels. Each party creates half the shared secret key by generating a random number, which is sent to the other party after being encrypted with the other party's public key. Each receiving side then decrypts the ciphertext using a private key, which results in the missing half of the secret key.

By adding both random numbers together, each party has an agreed-upon shared secret key, which can then be used for secure communication even though the secret key was first obtained through a nonsecure communication channel.

Bulk Data Encryption without Prior Shared Secrets

The final major feature of public key technology is that it can encrypt bulk data without generating a shared secret key first. The biggest disadvantage of using asymmetric algorithms for encryption is the slowness of the overall process, which results from the necessary intense computations; the largest disadvantage of using symmetric algorithms for encryption of bulk data is the need for a secure communication channel for exchanging the secret key. The Windows 2000 operating system combines symmetric and asymmetric algorithms to get the best of both worlds at just the right moment.

When large files need to be encrypted, secret key encryption is the quickest method to use. To encrypt such a file, a special session key is created. To protect the session key, which is the secret key needed to decrypt the protected data, the sender quickly encrypts it by using the receiver's public key. This encryption of the session key is handled by asymmetric algorithms, which use intense computation but do not require much time, due to the small size of the session key. The document, along with the encrypted session key, is then sent to the receiver. Only the intended receiver possesses the correct private key to decode the session key, which is needed to decode the actual document. When the session key is in plaintext, it can be applied to the ciphertext of the bulk data, and then it can transform the bulk data back to plaintext.

Protecting and Trusting Cryptographic Keys

When secret key cryptography is implemented, both the sender and the receiver share a key, which they protect and keep private. In some secure fashion, both parties have agreed upon and exchanged this single key, which is used to encrypt and decrypt the data the two parties want to keep secure.

In contrast to secret key cryptography, public key cryptography does not protect all of the involved keys. In public key cryptography, only the private keys are protected; the public keys are shared by the act of publishing them. Because the public key is not protected, in any PKI the sender must be provided with a means to trust the relationship of the public key and its entity.

Unlike secret key cryptography, in which the single key is exchanged by a secure contrived plan, the public key is available without passing any security checkpoints. The public key's availability for public use limits security implementation to protect it. Because public keys are not surrounded by any security measures, a mechanism is needed to ensure that the public key being used is really the entity's public key.

Certificates

Certificates are used to provide the assurance that the public key being used does in fact belong to the entity that owns the corresponding private key. A certificate is a digitally signed statement by its issuer that affirms the validity of both the public key and the subject's identity information. The certificate is the user's guarantee between the public key and the entity holding the corresponding private key. The certificate contains the public key and a complete set of attributes. These attributes may include information about the holder's identity, what the holder is allowed to do, and under what circumstances the certificate is valid. The digital signature ties the attributes and the public key together on the certificate itself. The issuer's signature on the certificate is in effect the guarantee of authenticity.

A real-world example of a certificate is a passport. All passports contain a unique key, the registered passport number from the issuing government. Also included on every passport are the passport holder's full name, date of birth, place of birth, the date of issue, and the expiration date. U.S. passports are issued by the federal government and require a photo identification on the laminated information page. Any country that has agreed to accept these passports trusts that the information on the document is true as long as the passport does not seem to have been illegally altered. This means that foreign countries are relying on the passport's authenticity, just as the user of a public key relies on the issuer's certificate.

The PKI of Windows 2000 supports the International Telecommunication Union (ITU)-T X.509 version 3 standard for certificate creation. This X.509v3 standard defines the format and content of digital certificates. The use of a standard for certification creation allows the exchange of certificates between vendors and ensures true interoperability. X.509v3 certificates contain the information detailed in Table 4.1.