Public Key Cryptography

Abstract- Public- delineate cryptology is a primordial engine room for e-commerce, intranets, extranets and other(a) web-enabled finishings. However, to pile up the benefits of exoteric- learn secret writing, a supporting infrastructure is needed. The Microsoft Windows 2000 in operation(p) system includes a indigen reality-key infrastructure (PKI) that is de sign-language(a) from the ground up to take full reward of the Windows 2000 security architecture.This paper describes the fundamentals of globe-key security systems, including what benefits they hold out and what comp singlents argon demand to implement them. It as well describes how the Windows 2000 PKI components hawk the needed serve while providing interoper strength, security, flexibility, and tranquility of use. I. Overview Public-key cryptography offers signifi dopet security benefits when its properly implemented. Like other change technologies, usual-key cryptography requires an infrastructure to del iver its benefits.However, the public-key infrastructure, or PKI, isnt a physical mark or software package process instead, its a set of useful serve permitd by a collection of interconnected components These components work together to abide public-key-based security services to applications and users. This white paper has two goals to explain public-key technology and its uses, and to describe the features and benefits provided by the native PKI in the Microsoft Windows 2000 operating system.Understanding both of these topics leave help you to decide where you throw out use PKI technology to im ascend your point processes and increase your ability to securely handle proceedings with others. In this paper, youll pick out what a public key infrastructure is, what desirable benefits it can offer your operations, and how the Windows 2000 PKI delivers interoperability, security, flexibility, and ease of use. II. History During the early history of cryptography, two parties w ould agree upon a key utilise a secure, barely non-cryptographic, method for example, a personal meeting or an exchange via a presumptioned courier.This key, which both parties unploughed absolutely secret, could then be use to exchange computeed messages. A flesh of significant practical difficulties arise in this approach to distributing keys. Public-key cryptography addresses these drawbacks so that users can communicate securely over a public channel without having to agree upon a shared key beforehand. In 1874, a consent by William Stanley Jevons1 described the relationship of one-way functions to cryptography and went on to handle specifically the factorization problem utilise to create the trapdoor function in theRSA system.Since the 1970s, a large number and variety of encryption, digital signature, key agreement, and other techniques have been developed in the field of public-key cryptography. The ElGamal cryptosystem (invented by Taher ElGamal) relies on the (si milar, and related) obstruction of the discrete logarithm problem, as does the closely related DSA developed at the US National Security Agency (NSA) and published by NIST as a proposed standard. The introduction of elliptic curve cryptography by Neal Koblitz and maestro Miller independently and simultaneously in the mid-1980s has yielded new public-key algorithms based on the discrete logarithm problem.Although numericly more complex, elliptic curves provide small key sizes and faster operations for equivalent estimated security. III. What is public key cryptography? When most people hear the words encrypt or cryptography, they without delay think of secret-key cryptography, wherein two parties share a single secret key thats used both to encrypt and decrypt info. Loss or agree of the secret key makes the data it encrypts vulnerable. By contrast, public-key systems use two keys a public key, de write to be shared, and a cloak-and-dagger key, which must be closely held.These keys are complementary if you encrypt well-nighthing with the public key, it can lonesome(prenominal) be decrypted with the corresponding individual(a) key, and vice versa. Public-key systems depend on the mathematical relationship between the public and reclusive keys. Its non feasible to deign one from the other. There are two fundamental operations associated with public key cryptography encryption and write. The goal of encryption is to obscure data in such a way that it can only be read by the intended troupe. In public-key cryptography, if Bob inadequacys to send Alice some cloak-and-dagger data, he uses her public key to encrypt it, then sends it to her.Upon receiving the encrypted data, Alice uses her private key to decrypt it. The historic concept here is that Alice can freely distribute her public key in order to impart some(prenominal)one in the cosmos to encrypt data that only she can decrypt. If Bob and fling both have copies of her public key, and Chuck intercepts an encrypted message from Bob to Alice, he will not be able to decrypt it only Alices private key can do that, and she is the only person who holds it. These two operations can be used to provide three capabilities A PrivacyPrivacy is a necessity for traffices of all kinds, but its of vital immenseness for ones that use the lucre. The Internet allows anyone in the world to communicate with anyone else, but it doesnt provide security. Even at bottom your companys internal net, if someone can gain physical access to your engagement media, they can eavesdrop on any data that traverses it. Public-key cryptography provides seclusion via data encryption, whether the data is in the form of e-mail messages, credit fare numbers sent over the Internet, or network traffic.Because public keys can be posted freely, complete strangers can establish private communications scarcely by retrieving each others public keys and encrypting the data. B. Authentication Any transaction i nvolves two parties, whether theyre a client and a server or a node and a vendor. For more transactions, its desirable for one or both sides to be able to authenticate, or blaspheme the identity of, the other. For instance, before a customer provides their credit card number to an e-commerce web site, they will demand to know that they are not talking to an imposter.One way that a customer can do this is by making the web site prove that it holds the right private key. For example, a web browser might encrypt a piece of information using the sites public key and attend to the web server to decrypt it, thereby demonstrating that the server has the right private key, and proving its identity. Authentication can also take the form of assuring your customers that you produced a particular piece of data and that it has not been tampered with. Public-key cryptography enables you to do this by means of a digital signature, a concept which is an extension of the public-key subscribe operation discussed above.If Bob wants to digitally sign his companys annual report, he original generates a unique fingerprint of the report using an algorithm called a hash algorithm. Hash algorithms are specially designed to guarantee that dismantle a single changed byte in the document will generate a entirely different hash. Next, he encrypts the report and the hash using his private key. Alice (or anyone else) can verify the origin and legitimacy of the signed report by first decrypting it using Bobs public key, then calculating her declare recitation of the fingerprint and comparing it to the fingerprint she received.If the two match, it proves two things that the report has not been tampered with, and it came from Bob. C. Non-repudiation Businesses require the ability to enter into salad dressing agreements, whether in the physical world or on the Internet. Suppliers and buyers need the assurance that if they enter into an agreement, the other party will not be able t o repudiate the agreement at some later point. Digital signatures on electronic purchase orders, contracts, and other agreements are legally binding in several countries and in many U.S. states, and legal acceptance is rapidly growing. D. infrastructure Manage keys a PKI makes it idle to going new keys, review or revoke existing keys, and get away the trust level attached to keys from different wall plugrs. Publish keys a PKI offers a well-defined way for clients to locate and retrieve public keys and information approximately whether a specific key is valid or not. Without the ability to retrieve keys and know that they are valid, your users cant make use of public key services.Use keys a PKI provides an easy-to-use way for users to use keysnot just by moving keys well-nigh where theyre needed, but also by providing easy-to-use applications that perform public-key cryptographic operations, making it achievable to provide security for e-mail, e-commerce, and networks. E. A ca pability,not a thing A greenness misperception is that a PKI is a thing. In fact, its a capabilitythe capability to substantially publish, manage, and use public keys. Think of a PKI alike a municipal water system. A water system is made up of civilization plants, storage towers, pumps, water mains, and so on, as well as the pipes and faucets in your house.All of the disparate service-providing objects work together to provide a capability for users to catch water on demand. In a similar way, a PKI consists of a group of discrete components that work together to allow you to use public keys, and public-key cryptography, seamlessly and transparently. The best place to implement a PKI is in the operating system. operating(a) systems already provide a number of other infrastructures, like the depression infrastructure that moves documents to printers and the file service infrastructure that retrieves files from shared storage.In both cases, the operating system provides a capabil ity to transparently and easily use a network service, just as a PKI does. F. Digital security measurespackaging for public key So far, this paper has mentioned public keys when talking about the objects that a PKI uses. While public keys are required for PKI-based security, theyre usually box as digital security measuress. (Its important to stress that only public keys are packaged into certificates. The private key is never shared, so it doesnt require packagingits apparently stored securely). The certificate contains the public key and a set of attributes, like the key holders name.These attributes may be related to the holders identity, what theyre allowed to do, or under what conditions the certificate is valid. The binding between attributes and the public key is present because the certificate is digitally signed by the entity that issued it the issuers signature on the certificate securees for its authenticity and correctness. For a real-world analogy, look in your wal let. If you have a drivers license, you have the equivalent of a digital certificate. Your license contains a unique key (your license number) and some attributes (an result date, your name, address, hair color, and so on).Its issued by a trusted agency and laminated to prevent it from being tampered with. Anyone who trusts the agency that issued your license and verifies that the lamination is intact can rely on its authenticity. At that point, though, the analogy breaks downin the real world, only the political relation can issue a drivers license, so everyone knows that a license issued by Joes Really Good DMV isnt valid. How do you make the same determination with a digital certificate? The answer lies in the concept of a certificate hierarchy.In a hierarchy, as shown in figure of speech 1, each issuer, or certificate authority, signs (using its own private key) the certificates it issues. The public half of the CAs keypair is itself packaged in a certificateone that was iss ued by a higher-level CA. This pattern can remain through as many levels as desired, with each CA certifying the authenticity of the certificates it has issued. Eventually, though, there must be a top-level CA, called a free radical certificate authority. Since theres nobody above the root CA in the hierarchy, theres nobody to vouch for the authenticity and origin of its certificate.Instead, the root CA signs its own certificateit simply asserts that it is the root. Figure 1 What a certificate hierarchy looks like Clearly, its not secure to accept a root CAs assertion of its own identity. To verify a root CAs certificate, a trusted copy of its public key is obtained via an out-of-band method-that is, its delivered by a third party instead of over the networkand the key is used to verify that the root certificate is bona fide. Microsoft provides the public keys for many popular root CAs in PK-enabled products like Internet Explorer, allowing users to verify those root transparently .Root CAs can also provide copies of their public keys for downloading from public web sites. one time the root key has been delivered via an out-of-band means, the user can verify the root certificate, and indeed the entire certificate chain. Even better, because each certificates digital signature protects it from tampering, certificate chains can be freely passed over insecure media like the Internet. G. Public key enabled application Once your PKI can issue, publish, and interpret certificates, the bordering step is to deploy applications that can use them.A well-written application that is tightly corporate with the rest of the PKI can make the use of public-key cryptography all but transparent to the user. The user should not need to know how cryptography works, where certificates are stored, or any of the other detailsthey should simply indicate what they want done, and leave it to the applications and the PKI to make it happen. Applications can use digital certificates to deliver the benefits of public-key cryptography, and they can combine cryptographic functions like signing and encryption to make affirmable e-commerce, secure network access, or other desirable services.All Microsoft applications that use public-key cryptography are natively public-key enabled. For example, the Microsoft Outlook messaging and collaboration client offers built-in signing and encryption support, combined with the ability to use certificate publishers and root certificates from a number of sources. Internet Explorer, Microsoft Money, and Internet Information Server provide the ability to set up encrypted web sessions. PKI-enabled applications can build on industry-standard protocols to travel rapidly development and allow easy interoperability with other organizations, too.H. Hardware support The change magnitude market demand for PKI implementations has spurred hardware vendors to develop cryptographic hardware, including smart cards, PC cards, and PCI cards th at offer onboard cryptographic bear upon. These hardware devices offer a all-encompassing range of capabilities. On the low end, smartcards offer limited cryptographic processing combined with secure key storage on the high end, multiprocessor crypto-accelerators allow high-volume web services to secure data without suffering from bottlenecks caused by software cryptographic modules.The best thing about PKI hardware devices is that theyre optionalif your application requires additional performance or security, you can add hardware to provide it as necessary, but you can tranquillise build a completely functional PKI in software. I. Models The standalone CA archetype The standalone CA model (see Figure 2) is probably familiar to you if youve used SSL-protected web sites. In the standalone model, some third-party entity holds the root key and certificate for your organization, and it issues and revokes all certificates for your users.This third party might be a commercial CA like VeriSign, Thawte, Belsign, or GTE Cybertrust it could also be a bank, a law firm, a trade association, or any other organization that you trust to issue certificates on your behalf. Figure 2 The standalone CA model This model allows trust both within and outside(a) your organization, so you can exchange secure e-mail and e-commerce transactions with outsiders. Standalone CAs also free you from the complexities of issue, revoking, and tracking certificates.However, it requires you to trust some outside entity with your certificate management, and many third-party CAs levy an individual charge for each issued certificate. The enterprisingness CA model In this model (see Figure 3), your opening move acts as its own CA, issuing and revoking certificates subject to your business requirements. Because no outsourcing provider is involved, your organization maintains complete guarantee over its PKI. In addition to that control, though, you can guarantee that no one outside the enterpri se can obtain a certificate unless you issue it to them.This model works well for controlling access to internal resources, or for generating certificates whose attributes would be meaningless to an outside entity. For example, you could issue certificates to managers that would allow them to make electronic travel reservations through the company travel office. Figure 3 The enterprise CA model Enterprise CAs with subordinates You can expand the flexibility of the enterprise CA model by adding subordinate CAs for individual departments, business units, or subdivisions of the organization. Most organizations already delegate some amount of administrative control to their subunits.For example, individual managers at most companies have some level of buy authority higher-ranking managers can write bigger checks. Even though theres a centralized purchasing department that does much of the enterprise-wide buying, individual units still have the ability to perform day-to-day purchasing t asks. Choose your trust model If the choice of a CA model is the most important one you face when implementing a PKI, choosing a trust model comes in a very close second. When you trust a root, youre making an unuttered statement that you trust them to be thoughtful about who they issue certificates to.In this case, careful isnt quite the right word what youre really saying is that you trust them to total their prescribed policies and procedures to verify the identity of a certificate holder when they issue the certificate. When you choose to trust a root certificate, youre also choosing to trust certificates signed by that root. Depending on the CA model you use, the practical impact of this choice could be large (as when you choose to trust a large, widely used commercial root CA) or small (like deciding to trust your own accounting department).Normally these decisions are made for the enterprise as a totally however, the Windows 2000 PKI allows individual users (or their adm inistrators) to make their own trust decisions. In addition, administrators may lift or augment user trust decisions with group policies. You also have to choose what you trust certificates to be used for. The X. 509 v3 certificate standard allows you to allot whether certificates can be used for signing, encryption, or both. For example, you might want to represent everyone signature certificates but restrict the use of encryption-capable certificates to certain departments or individuals.Microsoft has extensive this feature to allow you to specify additional uses, including signing software components, enter on using a smart card, or recovering an encrypted file. When using the Windows 2000 PKI, the issuer has total control over what the certificate can be used for. IV Conclusion Public key cryptography offers critical business advantages, including the ability to conduct e-commerce and normal business operations with increased privacy, security, and assurance. To deliver the se benefits, a public-key infrastructure is necessary that makes it easy to manage, publish and use public keys.Windows 2000 offers a PKI that is completely integrated with the operating system and provides flexible, secure, interoperable services that are easy to use, easy to deploy, and easy to manage. References N. Ferguson B. Schneier (2003). Practical Cryptography. Wiley. ISBN 0-471-22357-3. J. Katz Y. Lindell (2007). Introduction to contemporary Cryptography. CRC Press. ISBN 1-58488-551-3. J. Menezes P. C. van Oorschot S. A. Vanstone (1997). Handbook of Applied Cryptography. ISBN 0-8493-8523-7. IEEE 1363 Standard Specifications for Public-Key Cryptography Single Sign-On engineering for SAP Enterprises What does SAP have to say? 1 Ed Gerck, Overview of Certification Systems x. 509, CA, PGP and SKIP, in The Black Hat Briefings 99, http//www. securitytechnet. com/resource/rsc-center/presentation/black/vegas99/certover. pdf andhttp//mcwg. org/mcg-mirror/cert. htm Stephen Wilson , Dec 2005, The importance of PKI today, China Communications, Retrieved on 2010-12-13 Mark Gasson, Martin Meints, Kevin Warwick (2005), D3. 2 A airfield on PKI and biometrics, FIDIS deliverable (3)2, July 2005