This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
In this research paper, we discussed about the following possible schemes or mechanisms for downloading someone's public key from a node located at a particular ip address. They are:
Looking up the key in the directory via an unauthenticated interaction.
Having an authenticated conversation with the directory.
Having the directory sign the information you request.
Storing and retrieving the certificates from the directory.
Having each individual responsible for their own certificates and sending it to the person they wish to talk.
We also discussed about the schemes or mechanisms in terms of the bandwidth, computational efficiency, security, flexibility.
Public key cryptography is a cryptographic process which usually uses the asymmetric key algorithms replacing the symmetric key algorithms replacing the symmetric key algorithms. It is not like the symmetric key algorithm where they require a secure initial exchange of one or more secret keys both sender and receiver.the asymmetric key algorithm generally provides a secret private key and publiched public key. By using these keys, they gave protection by authenticity of a message by using the private key to create digital signature which can be proved using the public key. It also provides the confidentiality and intergrity of the message by using public key encryption which encrypts the message using the public key, but it can be decrypted using only the private key. Generally the public key cryptography is the a fundamental and widely used technology around the world. It involves with many cryptographic algorithms and crypto systems.
Examples of such internet standards are transport layer security(TPS), PGP, GPG. The two main parts of the public key cryptography are:
Public key encryption: the message which is encrypted by the receipient public key cannot be decrypted by any other except the individual whose having tha matching private key. For the sake of confidentiality we used this for.
Digital signatures: a signed message with a private key of senders can be verified by anyone who has access of the senders public key, which proves the sender access to the private key.
LOOKING UP THE KEY IN A DIRECTORY VIA AN UNAUTHENTICATED INTERACTION
One of the most significant cryptographic ideas is the concept of public keys. Generally the system of public keys has two types of keys. They are:
Practically, consisting of two types of key will make distribution problem worse or not that much better. However, these keys possess the magical properties. They are:
A decryption key is provided for every encryption key. Both decryption key and encryption key are not identical to each other.
We can able to compute pair of keys using the respective encryption and decryption keys.
It cannot possible to compute the decryption key from the known encryption key.
So, hence by using these properties, alice and bob can communicate privately without having any secret keys in public key system. Practically, bob generates a pair of keys and by choosing convienient means he sends the encryption key to the alice. There is no need to keep the encryption key as secret. It has the right to decrypt the messages only not to decrypt it. alice usually uses the encrypt messages and later sends to the bob again. However the message sent by alice can be decrypted by bob ( he alone can do it) since by using his decrypted key which is maintained secretly. The below shown figure generally gives the idea of the flow of the information. If bob requires to send the private messages to the alice, then alice has to create similar pair of keys and has to send her encryption key to bob. As there is no need for bob to keep the encryption key as secret, bob can make that public key by placing it in a computer network public file. Once if bob done like this, then any one who wants to send a private message to bob can have look in to bobs public key and can use it to encrypt the message. Since bob need not to transmit the decrypted key, as however it cannot be computed by using public key the message remains as secure. Only bob can decrypt it. Other people can also encrypt keys in the same computer network public file such that it become a directory of public keys. Any two people who have entries in the directory can communicate properly, eventhough they don't know to each other previously. It is essential to protect the keys in such a file so that no one can change the others encryption key by placing another encryption key in it.
Security: provides good security
Flexibility: not flexible
Computational efficiency: fair
HAVING AN AUTHENTICATED CONVERSATION TO THE DIRECTORY
The authentication conversation to the directory can be achieved by using these concepts:
First of all, john has to generate pair of keys in which it consists of one public key and one private key respectively. Here the public key is made to know to everyone and a private key which should be maintained secretly. The signatures can be generated by using the private keys. The signature which is created by the johns private key cannot be forged by any one who donot have that key, but anyone can verify that particular signature is genuine or not by using the public key. So hence john created a pair of keys on his own computer and he also copy the public key to the particular server under a certain name. When server asks john to prove him, the signature is generated by winscp using johns private key. Later the serve verifies the signature as it as johns public key and allow john to log in. Now whether the server is spoofed or hacked, the hacker doesnot know your private key/password, they came to know only a signature. But where as the signatures cannot be reused so hence the hackers gains nothing by doing this.
There is also one draw back with this, if johns private key is unprotected on his own computer, then any one who accessed the computer will be able to generate the signatures as if like john. So hence they log in to the johns server under his account. Hence only for this reason, johns private key has to be encrypted when it is stored on his local machine, using a password of johns choice. Winscp has to decrypt the key in order to generate a signature, so john has to type his password. This will make password authentication more convenient then public key authentication, when every time john logged in to the server, he should have to prefer longer password instead of the shorter ones. Here the only solution is to use an authentication agent, which holds decrypted private keys and by requests it generates signatures. Generally, puttys authentication agent is used by winscp called pagent.whenever the john starts the windows session, john begin pagent and he loads private keys on it. For the rest of the time, john can start winscp many times and respective signatures are generated using the pageant. Pageant generally shutdown whenever the john closes windows session, it nevers stores johns decrypted private key on disk.
Security: it provides good security.
Flexibility: as it provides good convince, it is flexible in nature.
Bandwidth: it provides good bandwidth for the user.
Computation efficiency: it is efficient.
References: N . ferguson; B. Schneier, practical cryptography,
IEEE 1363: standard specifications for public key cryptography.
HAVING THE DIRECTORY SIGN THE INFORMATION YOU REQUEST
Generally the concept of the digital signatures plays an important role. It defines as the installed file resident on the computer which verifies who you are. These are used to confirm your identity to any other(third) party. Digital signatures makes sure that the user which deals with the company has the trusted authority registration or not and also it should guarantee the transaction which is to be done with the parties. It does verification and validation of the user for whom he or she claims to be. This can be done by considering the users documents providing qualifications to the digital certificates. Digital certificates generally gives the user a piece of mind that the message which they have sent has not been accidentally altered, insures data integrity. All this process will be done cryptographically. Digital certificates can provide confidentiality and security why because the messages can only be read by the authorized intended recipients. Digital certificates also checks date and time by which sender or recipients cannot argue about the messages which were actually sent or received.
The main components of the digital signature are:
Public key: this is the part of the verification system and even any one can get a copy of it.
Your email address and name: this is compulsory to enable the viewer to identify the details and these are information purposes.
Name of the directory: this part identifies the directory to which this signature relates too.
Public keys encryption date: this section is used to reset the signature if the sign is abused. Its main aim is to set a shelf life.
Digital ids serial number: this serial numbers are different numbers which are wrapped to the signature for extra identifiactiion reasons.
Digital signature of the directory: this is the signature of the directories which issues the certificates.
In the above shown figure the user a is provided with two keys public and private keys respectively.
The public key can be known to everyone and also available for the public to download, where as the private key is not available to the public it is maintained secretly. These keys are used in an encrypted mode to lock the information. To decrypt the data the same keys are required. User b can encrypt data using public key of user's A. The private key of user A 's is used to decrypt the message. With the absence of the user A's private the decryption of data cannot be possible. The below shown figure generally gives the idea about the encryption and decryption methods respectively.
The users A's machine data is converted in to simple string of the code after the encryption of the message is been done with his private key. The obtained result is the digital signature .the software of users A's passes the digital signature to the directory. The complete data which has been hashed has been signed. User b then gets the digitally signed document which is passed by the user a. the decryption of the signature is been done by the user B's software afterwards it change back in to a message digest by using user A's public key. After the process of the decryption if it has decrypted the data to the digest level after that it verifies the user a signed the data or not.to avoid the frauds directories have been introduced. Users A's public key can be signed by certificate authorities, such that to ensure no one else uses this information. It can be possible to verify the digital signature using the directory if the user is uncertain of the digital signature. This signature can also be no longer valid if they are abused. This entire process is shown below:
User A sends a signed document to the user B.
User B first uses the directories public key to verify the signature on users A 's certificate
If the decryption process is successful then it proves that it is created by the directory.
The user B then takes user B's public key from the directory and it uses that one to check the signature of the user A. if there is successful decryption of the user A's public key user B gives assurance that the signature was created using private key of user A, for which the directory has certified the matching public key
Efficiency: The signature is much shorter and hence it saves time.
Security: It provides good security.
Flexible: It is inflexible in nature.
STORING AND RETRIEVING CERTIFICATES FROM THE DIRECTORY
Bandwidth over here is highly effective when it comes to storing and retrieving certificates from directory. Users can effectively use the schemes and mechanisms via PKI.Public key certificate is also known as Digital Certificate or Identity certificate. It represents Certificate Authorities (CA), Registration authorities (RA), Digital Certificates, certificate management service, X500 directories.
Certificate Authorities issue certificates. A trusted third party can provide Certificate Authority. Management console implements a management function. PKI-Public key infrastructure provides key recovery which is required to recover data or messages when a key is lost. Registration authorities are used for registration of users and accepting requests for certificates. User registration is used to collect information and check identity of the users and then register him or her according to the policy. PKI plays an important role in computation efficiency.
PKI functions include:
Storing and Retrieving Certificates
CRLs- Certificate Revocation List.
Fig 1: Shows the PKI functions, enabled applications and servers and how to store and retrieve certificates from the directory.
Storing and retrieving certificates from the directory:
Repository is a public access system for storing and retrieving certificates. Data Archives plays a main role in storing CA files and its records. CA lifetime is short but it is important to verify signatures on the documents. Data Archives help to retrieve files even after a long time. Naming and Registration also helps in retrieving and storing certificates from the directory. Via directory service with access of LDAP-Lightweight Directory Access Protocol and other means are HTTP, E-Mail, FTTP and X500 compatible directories. Each user must have one public key in order to implicit the trust policy. Key Recovery server plays an important role in retrieving or recovering the certificates from the directory. X500 directory server is used to store and retrieve CRLS and trusted Certificate Authorities certificates. X500 directory severs uses Directory Access Protocol, Lightweight Directory Access Protocol, whereas Lightweight Directory Access Protocol is supported by IBM HTTP server. By enabling the TRUST POLICY you can either add or delete and either store or retrieve trusted CAs without reconfiguring. Making certificates and CRLs conveniently available to authorised users. The storage of certificates and CRLs is a secure, replicated directory service accessible Via LDAP.
Repository, Data archives, HTTP, e-mail, X500 directory servers are very flexible and plays an important role in securing, storing and retrieving certificates from directory.
HAVING EACH INDIVIDUAL RESPONSIBLE FOR THEIR OWN CERTIFICATES AND SENDING IT TO THE PERSON THEY WISH TO TALK TO
Bandwidth between the two end users will be highly efficient and secured. Each individual is responsible for their own certificates where it includes Digital certificate, Certification authorities, Registration authorities and Deploying a public key infrastructure. But using no directory each individual has to create a shared key between them, with a person they need to talk to. Shared key must be kept secret. Here cryptography plays a main role where it keeps the data in secret. It includes algorithms to protocols, applications, messages and secure systems. The most important role in cryptography is ENCRYPTION. It is the base for XML encryption and XML signature. Encryption encrypts a message with a digested form. Hash function creates a small output that is unique and it functions for all input messages. Uses are same for both shared key and public key encryption.
It is important to learn about the computation efficiency of the shared and public key. Plain text is the message which is completely readable, not scrambled and disguised. Plain text is unencrypted data whereas cipher text is an encrypted data. Decryption main function is to reverse the encrypted data of the cipher text and convert it into plain text.
Figure 1. Shows the encryption and decryption to transform cipher text to a plaintext.
Encryption plays a main role in confidentiality where it transforms cipher text to a plain text and is send or shared between particular users. It sends the data to person where the data is intended to send.
The algorithm for encryption and decryption needs a key with a numerical value which should be special and a parameter for the algorithm. Wrong key will not be taken as it is not a correct output. There is a difference between shared key and public key using keys for encryption and decryption, where shared key uses the same key for encryption and decryption, whereas public key uses the different key with special mathematical values and parameters for encryption and decryption. Also the shared key uses the symmetrical way and public key uses the asymmetrical way. Public key is used to secure shared key distribution and digital signatures.
EXAMPLE OF EACH INDIVIDUAL RESPONSIBLE FOR THEIR OWN CERTIFICATES:
Let us assume two users ALICE and BOB need to send a data in secret in between them. Bob is the end user. Alice creates a shared key between him and Alice. This will be known only to the two users. Therefore Alice can encrypt or decrypt the shared key so that no third person will know the data transferred or shared between them. Alice can use specific values or parameters to encrypt or decrypt the data.
The shared or the secured key can be known and found out by the DIFFIE-HELLMAN method.
Figure 2. Shows the shared or secured key between Alice and Bob and how they follow the steps to get the value of the secret key 'K'.
DIFFIE-HELLMAN method is very flexible in securing the key shared between two end users. Using the following schemes/mechanisms each individual will be responsible for their own certificates and sending it to the person they wish to talk. Creating a shared key helps them to encrypt or decrypt the data and also public key uses the same rule as the shared key.