Public Key Cryptography

Abstract- Public- expose cryptogram is a light upon technology for e-commerce, intranets, extranets and early(a) blade-enabled applications. However, to garner the benefits of overt-key cryptography, a supporting groundwork is needed. The Microsoft Windows 2000 operational system includes a primal human beings-key infrastructure (PKI) that is designed from the ground up to take full advantage of the Windows 2000 security architecture.This paper describes the fundamentals of worldly concern-key security systems, including what benefits they offer and what comp adeptnts are take awayd to consume them. It as well as describes how the Windows 2000 PKI components deliver the needed services while providing interoperability, security, flexibility, and ease of implement. I. Overview Public-key cryptography offers signifi tin undersurfacet security benefits when its properly implemented. Like other enabling technologies, public-key cryptography requires an infrastructure to deliver its benefits.However, the public-key infrastructure, or PKI, isnt a physical object or software process instead, its a set of useful services admitd by a aggregation of interconnected components These components work together to provide public-key-based security services to applications and exploiters. This white paper has two ends to explain public-key technology and its uses, and to describe the larks and benefits provided by the native PKI in the Microsoft Windows 2000 operating system.Understanding both of these topics will help you to decide where you open fire use PKI technology to improve your business processes and increase your ability to securely handle proceeding with others. In this paper, youll learn what a public key infrastructure is, what desirable benefits it burn offer your operations, and how the Windows 2000 PKI delivers interoperability, security, flexibility, and ease of use. II. History During the early history of cryptography, two parties would find out upon a key apply a secure, but non-cryptographic, method for example, a face-to-face meeting or an exchange via a certain(p) courier.This key, which both parties unbroken absolutely hole-and-corner(a), could then be used to exchange encrypted messages. A physical body of signifi give noticet practical difficulties arise in this approach to distributing keys. Public-key cryptography addresses these drawbacks so that users dope communicate securely over a public channel without having to agree upon a divided key beforehand. In 1874, a book by William Stanley Jevons1 draw the relationship of one-way functions to cryptography and went on to discuss specificall(a)y the factorization problem used to create the trapdoor function in theRSA system.Since the 1970s, a large number and variety of encryption, digital signature, key agreement, and other techniques have been developed in the field of public-key cryptography. The ElGamal cryptosystem (invented by Taher ElGamal) re lies on the (similar, and related) difficulty of the discrete logarithm problem, as does the close related DSA developed at the US National Security Agency (NSA) and published by NIST as a proposed standard. The introduction of elliptic curve cryptography by Neal Koblitz and Victor Miller independently and simultaneously in the mid-1980s has yielded new public-key algorithms based on the discrete logarithm problem.Although mathematically more complex, elliptic curves provide smaller key sizes and faster operations for equivalent estimated security. III. What is public key cryptography? When most people hear the words encrypt or cryptography, they straightaway think of secret-key cryptography, wherein two parties share a single secret key thats used both to encrypt and decrypt data. Loss or compromise of the secret key makes the data it encrypts vulnerable. By contrast, public-key systems use two keys a public key, designed to be shared, and a private key, which must be closely held .These keys are complementary if you encrypt something with the public key, it can only be decrypted with the corresponding private key, and vice versa. Public-key systems depend on the mathematical relationship between the public and private keys. Its not feasible to derive one from the other. There are two fundamental operations associated with public key cryptography encryption and signing. The goal of encryption is to obscure data in such a way that it can only be read by the intended party. In public-key cryptography, if bobtail wants to send Alice some private data, he uses her public key to encrypt it, then sends it to her.Upon receiving the encrypted data, Alice uses her private key to decrypt it. The important concept here is that Alice can freely distribute her public key in order to allow anyone in the world to encrypt data that only she can decrypt. If Bob and toss out both have copies of her public key, and Chuck intercepts an encrypted message from Bob to Alice, he w ill not be able to decrypt it only Alices private key can do that, and she is the only person who holds it. These two operations can be used to provide three capabilities A PrivacyPrivacy is a necessity for businesses of all kinds, but its of vital importance for ones that use the Internet. The Internet allows anyone in the world to communicate with anyone else, but it doesnt provide security. Even within your companys internal network, if someone can gain physical access to your network media, they can eavesdrop on any data that traverses it. Public-key cryptography provides privacy via data encryption, whether the data is in the appoint of e-mail messages, credit card numbers sent over the Internet, or network traffic.Because public keys can be posted freely, complete strangers can get to private communications simply by retrieving each others public keys and encrypting the data. B. Authentication Any transaction involves two parties, whether theyre a client and a server or a cu stomer and a vendor. For many transactions, its desirable for one or both sides to be able to authenticate, or verify the identity of, the other. For instance, before a customer provides their credit card number to an e-commerce meshwork site, they will want to know that they are not talking to an imposter.One way that a customer can do this is by making the web site prove that it holds the right private key. For example, a web browser might encrypt a foregather of information using the sites public key and ask the web server to decrypt it, thereby demonstrating that the server has the right private key, and proving its identity. Authentication can in any case take the form of assuring your customers that you produced a particular piece of data and that it has not been tampered with. Public-key cryptography enables you to do this by means of a digital signature, a concept which is an extension of the public-key signing operation discussed supra.If Bob wants to digitally sign his companys annual report, he first leaves a unique fingerprint of the report using an algorithm called a hash algorithm. Hash algorithms are specially designed to guarantee that even a single changed byte in the document will generate a completely different hash. Next, he encrypts the report and the hash using his private key. Alice (or anyone else) can verify the origin and authenticity of the signed report by first decrypting it using Bobs public key, then calculating her own version of the fingerprint and comparing it to the fingerprint she received.If the two match, it proves two things that the report has not been tampered with, and it came from Bob. C. Non-repudiation Businesses require the ability to enter into rachis agreements, whether in the physical world or on the Internet. Suppliers and buyers need the assurance that if they enter into an agreement, the other party will not be able to repudiate the agreement at some later point. Digital signatures on electronic purchas e orders, contracts, and other agreements are legally binding in several countries and in many U.S. states, and legal acceptance is rapidly growing. D. infrastructure Manage keys a PKI makes it easy to issue new keys, review or revoke existing keys, and manage the send aim attached to keys from different issuers. Publish keys a PKI offers a well-defined way for clients to locate and retrieve public keys and information about whether a specific key is valid or not. Without the ability to retrieve keys and know that they are valid, your users cant make use of public key services.Use keys a PKI provides an easy-to-use way for users to use keysnot just by moving keys around where theyre needed, but also by providing easy-to-use applications that perform public-key cryptographic operations, making it literalistic to provide security for e-mail, e-commerce, and networks. E. A capability,not a thing A common misperception is that a PKI is a thing. In fact, its a capabilitythe capabilit y to easily publish, manage, and use public keys. Think of a PKI like a municipal pissing system. A water system is made up of purification plants, storage towers, pumps, water mains, and so on, as well as the pipes and faucets in your house.All of the disparate service-providing objects work together to provide a capability for users to obtain water on demand. In a similar way, a PKI consists of a group of discrete components that work together to allow you to use public keys, and public-key cryptography, seamlessly and transparently. The surmount place to implement a PKI is in the operating system. Operating systems already provide a number of other infrastructures, like the printing infrastructure that moves documents to printers and the file service infrastructure that retrieves files from shared storage.In both cases, the operating system provides a capability to transparently and easily use a network service, just as a PKI does. F. Digital certifications furtherance for pub lic key So far, this paper has mentioned public keys when talking about the objects that a PKI uses. While public keys are required for PKI-based security, theyre usually packaged as digital suretys. (Its important to stress that only public keys are packaged into presents. The private key is never shared, so it doesnt require packagingits simply stored securely). The security system contains the public key and a set of attributes, like the key holders name.These attributes whitethorn be related to the holders identity, what theyre allowed to do, or under what conditions the present is valid. The binding between attributes and the public key is present because the certificate is digitally signed by the entity that issued it the issuers signature on the certificate vouches for its authenticity and correctness. For a real-world analogy, look in your wallet. If you have a drivers license, you have the equivalent of a digital certificate. Your license contains a unique key (your lic ense number) and some attributes (an expiration date, your name, address, hair color, and so on).Its issued by a trusted agency and laminated to prevent it from being tampered with. Anyone who trusts the agency that issued your license and verifies that the lamination is intact can rely on its authenticity. At that point, though, the analogy breaks downin the real world, only the government can issue a drivers license, so everyone knows that a license issued by Joes Really Good DMV isnt valid. How do you make the same end with a digital certificate? The answer lies in the concept of a certificate hierarchy.In a hierarchy, as shown in symbol 1, each issuer, or certificate authority, signs (using its own private key) the certificates it issues. The public half of the CAs keypair is itself packaged in a certificateone that was issued by a higher-level CA. This pattern can continue through with(predicate) as many levels as desired, with each CA certifying the authenticity of the cert ificates it has issued. Eventually, though, there must be a top-level CA, called a root certificate authority. Since theres nobody above the root CA in the hierarchy, theres nobody to vouch for the authenticity and origin of its certificate.Instead, the root CA signs its own certificateit simply asserts that it is the root. Figure 1 What a certificate hierarchy looks like Clearly, its not secure to accept a root CAs assertion of its own identity. To verify a root CAs certificate, a trusted copy of its public key is obtained via an out-of-band method-that is, its delivered by a third party instead of over the networkand the key is used to verify that the root certificate is bona fide. Microsoft provides the public keys for many popular root CAs in PK-enabled products like Internet Explorer, allowing users to verify those roots transparently.Root CAs can also provide copies of their public keys for downloading from public web sites. Once the root key has been delivered via an out-of-b and means, the user can verify the root certificate, and hence the entire certificate chain. Even better, because each certificates digital signature protects it from tampering, certificate chains can be freely passed over insecure media like the Internet. G. Public key enabled application Once your PKI can issue, publish, and nurse certificates, the next tread is to deploy applications that can use them.A well-written application that is tightly integrated with the rest of the PKI can make the use of public-key cryptography all but transparent to the user. The user should not need to know how cryptography works, where certificates are stored, or any of the other detailsthey should simply indicate what they want done, and leave it to the applications and the PKI to make it happen. Applications can use digital certificates to deliver the benefits of public-key cryptography, and they can combine cryptographic functions like signing and encryption to make possible e-commerce, secure network access, or other desirable services.All Microsoft applications that use public-key cryptography are natively public-key enabled. For example, the Microsoft Outlook messaging and collaboration client offers built-in signing and encryption support, combine with the ability to use certificate publishers and root certificates from a number of sources. Internet Explorer, Microsoft Money, and Internet Information Server provide the ability to set up encrypted web sessions. PKI-enabled applications can build on industry-standard protocols to speed development and allow easy interoperability with other organizations, too.H. Hardware support The increasing market demand for PKI implementations has spurred hardware vendors to develop cryptographic hardware, including smart cards, PC cards, and PCI cards that offer onboard cryptographic processing. These hardware devices offer a wide range of capabilities. On the low end, smartcards offer limited cryptographic processing combined with secure key storage on the high end, multiprocessor crypto-accelerators allow high-volume web services to secure data without suffering from bottlenecks caused by software cryptographic modules.The best thing about PKI hardware devices is that theyre optionalif your application requires additional performance or security, you can add hardware to provide it as necessary, but you can unsounded build a completely functional PKI in software. I. Models The standalone CA imitate The standalone CA model (see Figure 2) is probably familiar to you if youve used SSL-protected web sites. In the standalone model, some third-party entity holds the root key and certificate for your organization, and it issues and revokes all certificates for your users.This third party might be a commercial CA like VeriSign, Thawte, Belsign, or GTE Cybertrust it could also be a bank, a law firm, a trade association, or any other organization that you trust to issue certificates on your behalf. Figure 2 The stan dalone CA model This model allows trust both within and outside your organization, so you can exchange secure e-mail and e-commerce transactions with outsiders. Standalone CAs also free you from the complexities of issuing, revoking, and tracking certificates.However, it requires you to trust some outside entity with your certificate management, and many third-party CAs levy an soulfulness charge for each issued certificate. The enterprise CA model In this model (see Figure 3), your enterprise acts as its own CA, issuing and revoking certificates subject to your business requirements. Because no outsourcing provider is involved, your organization maintains complete control over its PKI. In addition to that control, though, you can guarantee that no one outside the enterprise can obtain a certificate unless you issue it to them.This model works well for controlling access to internal resources, or for generating certificates whose attributes would be meaningless to an outside entity . For example, you could issue certificates to managers that would allow them to make electronic start reservations through the company travel office. Figure 3 The enterprise CA model Enterprise CAs with subordinates You can expand the flexibility of the enterprise CA model by adding subordinate CAs for individual departments, business units, or subdivisions of the organization. Most organizations already delegate some amount of administrative control to their subunits.For example, individual managers at most companies have some level of purchasing authority higher-ranking managers can write bigger checks. Even though theres a centralized purchasing department that does much of the enterprise-wide buying, individual units still have the ability to perform day-to-day purchasing tasks. Choose your trust model If the choice of a CA model is the most important one you face when implementing a PKI, choosing a trust model comes in a very close second. When you trust a root, youre making an implicit statement that you trust them to be careful about who they issue certificates to.In this case, careful isnt quite the right word what youre really saying is that you trust them to follow their prescribed policies and procedures to verify the identity of a certificate holder when they issue the certificate. When you choose to trust a root certificate, youre also choosing to trust certificates signed by that root. Depending on the CA model you use, the practical impact of this choice could be large (as when you choose to trust a large, widely used commercial root CA) or small (like deciding to trust your own accounting department).Normally these decisions are made for the enterprise as a whole however, the Windows 2000 PKI allows individual users (or their administrators) to make their own trust decisions. In addition, administrators may override or augment user trust decisions with group policies. You also have to choose what you trust certificates to be used for. The X. 509 v3 certificate standard allows you to furbish up whether certificates can be used for signing, encryption, or both. For example, you might want to give everyone signature certificates but restrict the use of encryption-capable certificates to certain departments or individuals.Microsoft has extended this feature to allow you to specify additional uses, including signing software components, logging on using a smart card, or recovering an encrypted file. When using the Windows 2000 PKI, the issuer has total control over what the certificate can be used for. IV Conclusion Public key cryptography offers critical business advantages, including the ability to conduct e-commerce and normal business operations with increased privacy, security, and assurance. To deliver these benefits, a public-key infrastructure is necessary that makes it easy to manage, publish and use public keys.Windows 2000 offers a PKI that is completely integrated with the operating system and provides flexible , secure, interoperable services that are easy to use, easy to deploy, and easy to manage. References N. Ferguson B. Schneier (2003). Practical cryptanalytics. Wiley. ISBN 0-471-22357-3. J. Katz Y. Lindell (2007). Introduction to Modern Cryptography. CRC Press. ISBN 1-58488-551-3. J. Menezes P. C. van Oorschot S. A. Vanstone (1997). Handbook of Applied Cryptography. ISBN 0-8493-8523-7. IEEE 1363 Standard Specifications for Public-Key Cryptography Single Sign-On Technology for SAP Enterprises What does SAP have to say? 1 Ed Gerck, Overview of Certification Systems x. 509, CA, PGP and SKIP, in The Black Hat Briefings 99, http//www. securitytechnet. com/resource/rsc-center/presentation/black/vegas99/certover. pdf andhttp//mcwg. org/mcg-mirror/cert. htm Stephen Wilson, descent 2005, The importance of PKI today, China Communications, Retrieved on 2010-12-13 Mark Gasson, Martin Meints, Kevin Warwick (2005), D3. 2 A study on PKI and biometrics, FIDIS deliverable (3)2, July 2005