Cryptography is one way to solve the security challenges raised in the introduction. The basic idea is that, using some secret information it is possible to protect the confidentiality and the integrity of the information that flows in the World Wide Web. This section aims to introduce the basic elements of cryptography so that one can understand how they are used in providing secure services in the WWW.
Let us consider the case when Alice wants to send a message to Bob so that another person (let us call her Eve) cannot find out the original information from the message. The message that Alice wants to send is the cleartext or plaintext. To assure the secrecy of the message, Alice encrypts the cleartext into an encrypted message. When Bob gets the message, he decrypts the encrypted message and retrieves the cleartext. Even if Eve has access to the encrypted message (that is, she eavesdrops the transmission channel) she cannot find the cleartext. In the previous example, Alice and Bob are using cryptography to achieve confidentiality: the message sent by Alice is understood only by Bob. In addition to confidentiality, cryptography can be used for:
An entire family of cryptographic algorithms has been designed to encrypt messages when Alice and Bob share a common secret - the key. These algorithms are called secret-key encryption algorithms because they are based on the fact that only Alice and Bob know the secret key. We start with a simple example of a secret-key encryption algorithm. Let us suppose that Alice wants to send a message to Bob and they both know a key. To encrypt, Alice computes the XOR (exclusive or) operation between the characters from the message and the characters from the key. At the end she gets the encrypted message which is sent to Bob. To decrypt, Bob applies the operation XOR between the characters of the encrypted message and the characters of the key. This simple-XOR algorithm is a polyalphabetic substitution cipher. It is considered a weak encryption algorithm because there are methods to derive the key and the clear text from the encrypted text.
There are secret-key encryption algorithms that are considered strong. The rest of this section will present the most often used algorithms. The algorithms are complicated and the reader can find more details in Schneier, 1996.
A general problem with these algorithms is the key management. Two communication partners must use another (secure) channel to exchange the key. To solve this problem, in 1976, Diffie and Hellman published a paper in which they describe a protocol for exchanging secret keys over an insecure channel. The protocol, called Diffie-Hellman Algorithm works as follows:
The algorithm ensures that the values of K_x and K_y are equal and can be used as the key in a secret-key encryption algorithm. A third party (Eve) cannot determine the value of the secret key by eavesdropping. The reason is that it is difficult to determine K_x (= K_y) given the values X and Y.
In an attempt to solve the problem of key management for secret-key algorithms an entire new family of cryptographic algorithms has been developed. The basic idea in these algorithms is to use two different keys for encryption and for decryption respectively. Bob has two keys: one public that is known by any other party that wants to communicate with Bob and one private that is known only to Bob. If Alice wants to send a secure message to Bob, she encrypts the message with the Bob's public key and sends the message to Bob. Bob receives the message and decrypts it with his private key.
The advantage of the public key algorithms is that they do not require a secret shared by both partners or a secure channel to exchange the key. One disadvantage of these algorithms is that they are slower than the secret key algorithms. Because of that, in practice, the communication is done using a hybrid protocol: the partners use the public-key protocol to exchange a secret key that is used from there on in a secret key based communication.
The "de facto" standard in public key encryption algorithms is the RSA algorithm (designed by Ron Rivest, Adi Shamir and Leonard Adleman). The algorithm has two phases. In the first phase, Bob generates the keys and makes public the public-key. In the second phase, Alice encrypts the message and Bob decrypts it:
For two-way communication, Alice has to generate her pair of keys and to publish the public key so that Bob can use it.
The RSA algorithm is used in many applications. It has gotten more public attention since it has been used in the WWW browsers. For example, Netscape Navigator uses it for secure transactions over WWW as we will see later in the section on Secure Sockets Layer Protocol.
The algorithms presented so far are used to preserve the confidentiality of the messages. As we mentioned in the beginning of this chapter other issues related to security are integrity and non-repudiation. These goals can be accomplished by using public key algorithms and one-way hash functions. The basics of public key algorithms have been presented in the previous section. In this section we will present the one-way hash functions and how they are used in the verification of the integrity.
The purpose of the hash functions is to create a digest of a message that has the following properties:
The algorithms for computing secure hash functions are intricate. We refer the reader to Schneier, 1996 for several examples. The most often used algorithms are: MD5 (Message Digest 5) designed by Ron Rivest and SHA (Secure Hash Algorithm) designed by the U.S. National Institute of Science and Technology (NIST) and the U.S. National Security Agency (NSA) and proposed as a standard. Let us consider the following situation: Alice sends a message to Bob and Bob wants to verify the integrity of the message. In order to do so, the following protocol occurs between Alice and Bob:
Using one-way hash functions and public-key cryptographic algorithms it is possible to verify the integrity of the message and also to ensure non-repudiation.
The algorithms presented in the section for public-key encryption and digital signatures can raise the question: How does Alice know that the key she has is Bob's public key? This is part of a more general issue in security - authentication: how to bind the public key signature to a person? The solution is to use a trusted third party (called in the cryptography slang Trent). The rest of this section presents the solution to authentication using public-key certificates. The basic idea for the authentication protocol used in the WWW is the following: Bob goes (physically) to a Certificates Authority and presents his ID and his public key. The Certificates Authority issues a certificate that contains:
There are several remarks on the contents of the certificate:
Let us see how the certificate is used in the communication between Alice and Bob. When Alice wants to send a message, she asks Bob for his certificate. Bob sends the certificate. Alice verifies the validity of the certificate and extracts the public key. Then Alice generates a random key and sends it to Bob using the public key encryption algorithm. From this point forward, Alice and Bob can communicate using a secret key algorithm. Note that Bob can also ask Alice to present her public key certificate for a two-way communication.
In the previous description of the communication between Alice and Bob, the detail of verification of the certificate has been left out. In order to do that Alice needs the public key of the issuer of the certificate. There are two ways to get it: either the issuer is well-known and has publicized the public-key in the media, or there is another Certificates Authority that can certify the public key of the issuer with a public key certificate. This can go on until Alice knows, and trusts, the public key of an authority. This process of certification is called a certificate chain and the entire system that supports the process of certification and verification is called the "public key infrastructure."
There are a large number of books and papers that describe to various levels of detail the cryptographic algorithms presented in the section. The reader interested in this topic can find more information in: Hughes, 1995, Schneier, 1996, Netscape, 1996a, Netscape, 1996b, VeriSign, 1996.
Copyright © 1996 Calin Groza, All Rights Reserved
Calin Groza<cgroza@cs.vt.edu>
Last modified: Dec. 16 12:00 1996