Protection Keys

Cryptographic technologies take two main protection approaches:

1. Secret algorithm. Keep the algorithm used to protect messages secret so that only parties who need to be able to encrypt, decrypt, and sign messages know how to do that. For example, if an encryption algorithm defines a specific transformation of the plain-text in order to encrypt it, this transformation should be kept secret.

The problem with this approach is that it does not work efficiently in commercially available systems. If a software company takes this protection approach for the products it is selling, a user with sufficient knowledge who already has the software product can reverse-engineer it and determine the encryption algorithm, and then even make it public by publishing it on the Internet, which will render the protection useless. This also applies in a similar fashion to hardware.

2. Secret key(s). Use a special password (a key or a number of keys) as input to the protection mechanism to protect messages. Keep the key (or keys) used to protect messages secret, although the protection algorithm may be well known and publicly available.

The key is only known to the parties that need to be able to encrypt or decrypt the messages, and potentially generate or check the signature. For example, if communication between two com-puters needs to be encrypted, and encryption/decryption agents

AU5219_book.fm Page 47 Thursday, May 17, 2007 2:36 PM

48  Mechanics of User Identification and Authentication

on both computers are the only two that know the encryption key, even if a computer running the same encryption pr oduct in between the two peers is trying to decrypt the communication, it will fail to do so until it obtains the correct key.

For commercial systems, the approach using secret keys and publicly available algorithms has proven much more successful and provides much better protection than the approach using secret algorithms. Some of the most important reasons for this include:

 Open encryption algorithms are available to the IT community, including cryptologists. The strength of these algorithms can be analyzed; and if problems are found with the specific algorithm, cryptologists may be able to propose workarounds for these prob-lems. This may include changes in the algorithm itself, the advice to not use specific keys (weak keys) with this algorithm, or other forms of advice that may be able to identify and contribute to the development of the specific algorithm, as well as other existing and future algorithms.

 Secret keys scale better. If two users need to communicate in a secure fashion, all they need is a shared secret (a password). It is not necessary to invent a new encryption algorithm for each secret conversation between two or more users, services, or applications.

 Secret keys may change, so that if two users no longer need to communicate with each other or do not trust each other anymore, they just need to use a different set of keys and they can start communicating with other users.

 Keys may provide variable-strength protection. Some cryptographic algorithms allow for the use of keys of variable size, so that if two parties communicate using messages that do not require the stron-gest possible protection, they can spare some CPU cycles using an algorithm that provides weaker protection and consumes less resources; if at some point in time the two users need to start communicating on a very secure matter, all they need to do is generate a longer key, which will consume more CPU resources but will provide for better protection.

When keys are used to encrypt information, there are two main approaches related to the types of keys being used:

1. Symmetric approach. The same key (called shared or symmetric key) is used by both the party encrypting the messages and the party decrypting the messages. An administrator may be able to

AU5219_book.fm Page 48 Thursday, May 17, 2007 2:36 PM

User Identification and Authentication Concepts  49

distribute the key in a secure fashion to only the parties that require this key. Key management is a problem with this approach, and often requires manual intervention. It is not easy to change keys very often due to the fact that there is typically manual intervention involved. A key compromise may lead to a third party being able to encrypt and decrypt messages. The size of the key is typically 56/64/128/168/256-bits, so encryption is not too resource consum-ing with regard to CPU cycles.

2. Asymmetric approach. A set of keys — private and public — is used to encrypt and, respectively, decrypt messages between the communicating parties. If the sender encrypts a message with the receiver’s public key, the receiver can only use his own private key to decrypt the message. If the sender encrypts a message with his own private key, then the message can only be decrypted using the sender’s public key, which is known to the recipient. Each party should make every effort possible to hide (protect) its private key, and should make its public key widely available by sending e-mails with the public key, or publishing the public key in the directory. Encryption in the long public key is very r esource consuming and is typically avoided for bulk data encryption oper-ations. Public key sizes vary but typically are 768/1028/2048 bits in size.

A hybrid approach is available as well: communicating parties can generate a secret symmetric key for actual encryption. The parties then use asymmetric encryption and protect the messages between them, and exchange the symmetric key that they have generated. Once this has been done, both parties have a copy of the symmetric key and they can switch to symmetric encryption for bulk user data.

1.8.2.1 Symmetric Encryption

Symmetric encryption mechanisms use one key or set of keys to encrypt messages, and exactly the same key or set of keys to decrypt messages.

They are symmetric with regard to the encryption keys being used on the encrypting and decrypting end.

With symmetric encryption, the strength of protection strongly depends on the selection of a suitable secret key. Important factors to consider when using secret keys include:

 Random/predictable keys. If a key is to be secret, it must only be known to the parties that want to communicate. A third party that wants to interfere with the communication process must not be

AU5219_book.fm Page 49 Thursday, May 17, 2007 2:36 PM

50  Mechanics of User Identification and Authentication

able to predict what the key will be. A key should therefore not be based on publicly available information. The best keys would be those that are completely random. Unfortunately, there is noth-ing random in the way computers operate, so machine-generated keys are pseudo-random. Human-generated keys are likely to be even less random. A combination of the two — such as having the user generate some random input, such as mouse movements or a sequence of keystrokes, that can then be fed as input into the machine pseudo-random function — is likely to provide the best results.

 Keyspace. If an attacker tries to guess a key, he will try to determine combinations that are more likely to be used and will try those first. For example, if a key is 4 bytes long, the possible key space would be 2^8*4 = 2³² = 4,294,967,296 possible combinations. How-ever, if the key only consists of digits (such as a PIN code), then the possible combinations are only 10⁴ = 10,000. It is important for keys to use the entire keyspace, and not just portions of it.

 Key length. In general, the longer the key, the more difficult it is to guess the key and — as a result — to decrypt a message. If the key is generated in a random (or pseudo-random) fashion, all the attacker can do is try to guess the key by trying all the possible keys, or at least the most likely keys. A key that is 2 bytes (16-bits) long will result in 65,536 possible combinations, which a modern computer will be able to generate and check in less than one second. A key that is 32 bits in length will result in more than 4,294,967,296 possible combinations, which appears to be a minor challenge. Keys of length 64 bits are virtually 4,294,967,296 times stronger than 32-bit keys, and even these keys are considered week nowadays. 128- and 256-bit keys are considered secure at the time of this writing.

 Key protection. Communicating parties must provide appropriate protection for the secret keys. It is important not only to generate such a key, but also to store it in a secure fashion. Possible locations include files on the hard drive of a computer, floppy disks, and smart cards. The secret key can also be entered by a human when required, and not stored anywhere. Unfortunately, this can only be the case for weak keys, such as human-readable and memorable words, and is unlikely to be the case for random, 128-bit keys, especially if they are changed on a regular basis.

 Key exchange. After generating the key, it must be delivered to the communicating parties in a secure manner. The key can be configured by an administrator for all the communicating devices and services. Alternatively, the key can be transported on physical

AU5219_book.fm Page 50 Thursday, May 17, 2007 2:36 PM

User Identification and Authentication Concepts  51

media, such as a USB drive or memory stick, floppy disk, or smart card. Finally and most often, there may be a special key manage-ment protocol responsible for generating keys and distributing them across the network.

1.8.2.2 Asymmetric Keys

Asymmetric keys are pairs of keys such that if one of the keys is used to encrypt a message, only the other key from the pair can decrypt the message, and vice versa. Unlike symmetric cryptographic algorithms, if a key is used to encrypt a message, this same key cannot be used to decrypt the message. Therefore, asymmetric algorithms are asymmetric with regard to the protection keys being used.

The pair of keys typically consists of a public key and a private key.

The public key for a party is publicly known and everyone who will communicate with this party needs to know its public key. Every party is responsible for distributing its public key to other peers by publishing it in a directory, sending it in an e-mail message, or exchanging it with them in some other way. When such a party distributes its public key, there is no need to protect it by means of encryption because it is not secret. However, the party can sign the key to make sure that it is authentic and not replaced by a malicious third party that may do so to launch a man-in-the-middle attack. Public key signing is available in some key distribution approaches, such as X.509 certificates.

There are different algorithms that can be used to generate asymmetric keys for data protection. All of these algorithms are based on mathematical problems that are difficult to solve. All the algorithms rely on a keypair, consisting of a public key, which is publicly known and typically made available in user directories, and a corresponding private key, which needs to be kept secret by its holder and not disclosed to any party, however trusted. There is a strong mathematical relation between the private and public keys, and each public key has one corresponding private key.

The most popular asymmetric key scheme is RSA. It was inspired by the Diffie-Hellman Key Agreement algorithm, invented in the 1970s. The three researchers who invented RSA were Ron Rivest, Adi Shamir, and Leonard Adelman, and the algorithm was named after the first letters of their surnames. Rivest, Shamir, and Adelman later established their own security company — RSA Security.

The RSA algorithm is based on the assumption that factoring is difficult.

The RSA algorithm generates keypairs in the following way: