Public key infrastructure
Public Key Infrastructure (PKI) is a framework that enables integration of various services that are related to cryptography.
The aim of PKI is to provide confidentiality, integrity, access control, authentication, and most importantly, non-repudiation.
Non-repudiation is a concept, or a way, to ensure that the sender or receiver of a message cannot deny either sending or receiving such a message in future. One of the important audit checks for non-repudiation is a time stamp. The time stamp is an audit trail that provides information of the time the message is sent by the sender and the time the message is received by the receiver.
Encryption and decryption, digital signature, and key exchange are the three primary functions of a PKI.
RSS and elliptic curve algorithms provide all of the three primary functions: encryption and decryption, digital signatures, and key exchanges. Diffie-Hellmen algorithm supports key exchanges, while Digital Signature Standard (DSS) is used in digital signatures.
Public Key Encryption is the encryption methodology used in PKI and was initially proposed by Diffie and Hellman in 1976. The algorithm is based on mathematical functions and uses asymmetric cryptography, that is, uses a pair of keys.
The image above represents a simple document-signing function. In PKI, every user will have two keys known as "pair of keys". One key is known as a private key and the other is known as a public key. The private key is never revealed and is kept with the owner, and the public key is accessible by every one and is stored in a key repository.
A key can be used to encrypt as well as to decrypt a message. Most importantly, a message that is encrypted with a private key can only be decrypted with a corresponding public key. Similarly, a message that is encrypted with a public key can only be decrypted with the corresponding private key.
In the example image above, Bob wants to send a confidential document to Alice electronically. Bob has four issues to address before this electronic transmission can occur:
- Ensuring the contents of the document are encrypted such that the document is kept confidential.
- Ensuring the document is not altered during transmission.
- Since Alice does not know Bob, he has to somehow prove that the document is indeed sent by him.
- Ensuring Alice receives the document and that she cannot deny receiving it in future.
PKI supports all the above four requirements with methods such as secure messaging, message digests, digital signatures, and non-repudiation services.
To ensure that the document is protected from eavesdropping and not altered during the transmission, Bob will first encrypt the document using Alice's public key. This ensures two things: one, that the document is encrypted, and two, only Alice can open it as the document requires the private key of Alice to open it. To summarize, encryption is accomplished using the public key of the receiver and the receiver decrypts with his or her private key. In this method, Bob could ensure that the document is encrypted and only the intended receiver (Alice) can open it. However, Bob cannot ensure whether the contents are altered (Integrity) during transmission by document encryption alone.
In order to ensure that the document is not altered during transmission, Bob performs a hash function on the document. The hash value is a computational value based on the contents of the document. This hash value is known as the message digest. By performing the same hash function on the decrypted document the message, the digest can be obtained by Alice and she can compare it with the one sent by Bob to ensure that the contents are not altered.
This process will ensure the integrity requirement.
In order to prove that the document is sent by Bob to Alice, Bob needs to use a digital signature. Using a digital signature means applying the sender's private key to the message, or document, or to the message digest. This process is known as as signing. Only by using the sender's public key can the message be decrypted.
Bob will encrypt the message digest with his private key to create a digital signature. In the scenario illustrated in the image above, Bob will encrypt the document using Alice's public key and sign it using his digital signature. This ensures that Alice can verify that the document is sent by Bob, by verifying the digital signature (Bob's private key) using Bob's public key. Remember a private key and the corresponding public key are linked, albeit mathematically. Alice can also verify that the document is not altered by validating the message digest, and also can open the encrypted document using her private key.
Message authentication is an authenticity verification procedure that facilitates the verification of the integrity of the message as well as the authenticity of the source from which the message is received.
By digitally signing the document, Bob has assured that the document is sent by him to Alice. However, he has not yet proved that he is Bob. To prove this, Bob needs to use a digital certificate.
A digital certificate is an electronic identity issued to a person, system, or an organization by a competent authority after verifying the credentials of the entity. A digital certificate is a public key that is unique for each entity. A certification authority issues digital certificates.
In PKI, digital certificates are used for authenticity verification of an entity. An entity can be an individual, system, or an organization.
An organization that is involved in issuing, distributing, and revoking digital certificates is known as a Certification Authority (CA). A CA acts as a notary by verifying an entity's identity.
One of the important PKI standards pertaining to digital certificates is X.509. It is a standard published by the International Telecommunication Union (ITU) that specifies the standard format for digital certificates.
PKI also provides key exchange functionality that facilitates the secure exchange of public keys such that the authenticity of the parties can be verified.
Key management procedures
Key management consists of four essential procedures concerning public and private keys. They are as follows:
- Secure generation of keys—Ensures that private and public keys are generated in a secure manner.
- Secure storage of keys—Ensures that keys are stored securely.
- Secure distribution of keys—Ensures that keys are not lost or modified during distribution.
- Secure destruction of keys—Ensures that keys are destroyed completely once the useful life of the key is over.
Type of keys
NIST Special Publication 800-57 titled Recommendation for Key Management - Part 1: General specifies the following nineteen types of keys:
- Private signature key—It is a private key of public key pairs and is used to generate digital signatures. It is also used to provide authentication, integrity, and non-repudiation.
- Public signature verification key—It is the public key of the asymmetric (public) key pair. It is used to verify the digital signature.
- Symmetric authentication key—It is used with symmetric key algorithms to provide assurance of the integrity and source of the messages.
- Private authentication key—It is the private key of the asymmetric (public) key pair. It is used to provide assurance of the integrity of information.
- Public authentication key—Public key of an asymmetric (public) pair that is used to determine the integrity of information and to authenticate the identity of entities.
- Symmetric data encryption key—It is used to apply confidentiality protection to information.
- Symmetric key wrapping key—It is a key-encryptin key that is used to encrypt the other symmetric keys.
- Symmetric and asymmetric random number generation keys—They are used to generate random numbers.
- Symmetric master key—It is a master key that is used to derive other symmetric keys.
- Private key transport key—They are the private keys of asymmetric (public) key pairs, which are used to decrypt keys that have been encrypted with the associated public key.
- Public key transport key—They are the public keys of asymmetric (public) key pairs that are used to decrypt keys that have been encrypted with the associated public key.
- Symmetric agreement key—It is used to establish keys such as key wrapping keys and data encryption keys using a symmetric key agreement algorithm.
- Private static key agreement key—It is a private key of asymmetric (public) key pairs that is used to establish keys such as key wrapping keys and data encryption keys.
- Public static key agreement key— It is a public key of asymmetric (public) key pairs that is used to establish keys such as key wrapping keys and data encryption keys.
- Private ephemeral key agreement key—It is a private key of asymmetric (public) key pairs used only once to establish one or more keys such as key wrapping keys and data encryption keys.
- Public ephemeral key agreement key—It is a public key of asymmetric (public) key pairs that is used in a single key establishment transaction to establish one or more keys.
- Symmetric authorization key—This key is used to provide privileges to an entity using symmetric cryptographic method.
- Private authorization key—It is a private key of an asymmetric (public) key pair that is used to provide privileges to an entity.
- Public authorization key—It is a public key of an asymmetric (public) key pair that is used to verify privileges for an entity that knows the associated private authorization key.
Key management best practices
Key Usage refers to using a key for a cryptographic process, and should be limited to using a single key for only one cryptographic process. This is to ensure that the strength of the security provided by the key is not weakened.
When a specific key is authorized for use by legitimate entities for a period of time, or the effect of a specific key for a given system is for a specific period, then the time span is known as a cryptoperiod. The purpose of defining a cryptoperiod is to limit a successful cryptanalysis by a malicious entity.
Cryptanalysis is the science of analyzing and deciphering code and ciphers.
The following assurance requirements are part of the key management process:
- Integrity protection—Assuring the source and format of the keying material by verification
- Domain parameter validity—Assuring parameters used by some public key algorithms during the generation of key pairs and digital signatures, and the generation of shared secrets that are subsequently used to derive keying material
- Public key validity—Assuring that the public key is arithmetically correct
- Private key possession—Assuring that the possession of the private key is obtained before using the public key
Cryptographic algorithm and key size selection are the two important key management parameters that provide adequate protection to the system and the data throughout their expected lifetime.
A cryptographic key goes through different states from its generation to destruction. These states are defined as key states. The movement of a cryptographic key from one state to another is known as a key transition.
NIST SP800-57 defines the following six key states:
- Pre-activation state—The key has been generated, but not yet authorized for use
- Active state—The key may used to cryptographically protect information
- Deactivated state—The cryptoperiod of the key is expired, but the key is still needed to perform cryptographic operations
- Destroyed state—The key is destroyed
- Compromised state—The key is released or determined by an unauthorized entity
- Destroyed compromised state—The key is destroyed after a compromise or the comprise is found after the key is destroyed
Key management phases
The key states, or transitions, can be grouped under four key management phases. They are as follows
- Pre-operational phase—The keying material is not yet available for normal cryptographic operations
- Operational phase—The keying material is available for normal cryptographic operations and is in use
- Post-operational phase—The keying material is no longer in use, but access to the material is possible
- Destroyed phase—The keys are no longer available
Methods of cryptanalytic attacks
Cryptanalytic attacks are keys that have been compromised by decipherment to find out the keys. The goal of cryptanalysis is to decipher the private key or secret key. The amount of information provided to the analyst, as well as the type of information provided, determines the type of attacks possible. The following are six possible attack scenarios. Candidates are advised to understand the key difference between the different types of attacks.
- Ciphertext only attack: This type of attack refers to the availability of the ciphertext (encrypted text) to the cryptanalyst. With large ciphertext data, it may be possible to decipher the ciphertext by analyzing the pattern.
- Known-plaintext attack: This type of attack happens when a cryptanalyst obtains a ciphertext as well as the corresponding plaintext. In this scenario, even if the data is small, it is possible to understand the algorithm.
- Chosen-plaintext attack: This type of attack refers to the availability of a corresponding ciphertext to the block of plaintext chosen by the analyst.
- Adaptive-chosen-plaintext attack: This type of cryptanalytic attack is known as an adaptive-chosen-plaintext attack if the cryptanalyst can choose the samples of the plaintext based on the results of previous encryptions in a dynamic passion.
- Chosen-ciphertext attack: This type of attack is used to obtain the plaintext by choosing a sample of ciphertext by the cryptanalyst.
- Adaptive-chosen-ciphertext attack: This type of attack is similar to the chosen-ciphertext attack, but the samples of ciphertext are dynamically selected by the cryptanalyst and the selection can be based on the previous results as well.
Cryptography standards are related to the following:
- Digital signatures
- Public Key Infrastructure
- Federal standards
In this section of the article we'll cover the wireless standards and the Federal standard FIPS-140 for cryptographic modules.
Wireless cryptographic standards
Wireless protocols and services are predominantly governed by IEEE 802.11 standards. These standards are basically for Wireless Local Area Network (WLAN) computer communications.
The following are some of the cryptographic standards that are used in WLAN:
Wired Equivalent Privacy (WEP) is an algorithm that uses stream cipher RC4 encryption standard for confidentiality protection and CRC-32 for integrity assurance. This algorithm is now deprecated as it is easily breached.
Wi-Fi Protected Access (WPA) is a security protocol developed by the Wi-Fi alliance that replaces WEP. This protocol implements the majority of the advanced requirements in the IEEE802.11i standard released in 2004. WPA is backward compatible with WEP.
WPA2 is an advanced protocol certified by the Wi-Fi alliance. This protocol fulfills the mandatory requirements of the IEE 822.11i standard and uses the AES algorithm for encryption.
IEEE 802.11 is a set of standards that govern wireless networking transmission methods. IEEE 802.11a, IEEE 802.11b, and 802.11g are different standards based on the throughput or bandwidth and the frequency band. IEEE 802.11i is an amendment to the original 802.11 standards.
The Wi-Fi alliance is a non-profit organization that supports IEEE wireless standards. The following is information about the Wi-Fi alliance as published on their web site: "The Wi-Fi Alliance is a global, non-profit industry association of more than 300 member companies devoted to promoting the growth of (WLANs). With the aim of enhancing the user experience for wireless portable, mobile, and home entertainment devices, the Wi-Fi Alliance's testing and certification programs help ensure the interoperability of WLAN products based on the IEEE 802.11 specification."
Bluetooth is a wireless protocol for short-range communications for fixed or portable computers and mobile devices. It uses the 2.4GHz short-range radio frequency bandwidth for communication between mobile devices, computers, printers, GPS, and more. Bluetooth uses custom block ciphers for confidentiality and authentication.
Federal information processing standard
We'll cover one of the most important federal standards titled Security Requirements for Cryptographic Modules FIPS-140 series in the following section:
As per the published information: The Federal Information Processing Standards Publication Series of the NIST is the official series of publications relating to standards and guidelines adopted and promulgated under the provisions of Section 111(d) of the Federal Property and Administrative Services Act of 1949 as amended by the Computer Security Act of 1987, Public Law 100-235. These mandates have given the Secretary of Commerce and NIST important responsibilities for improving the utilization and management of computer and related telecommunication systems in the Federal Government. The NIST, through its Computer Systems Laboratory, provides leadership, technical guidance, and coordination of Government efforts in the development of standards and guidelines in these areas.
The core structure of FIPS140 recommends four security levels for cryptographic modules that protect sensitive information in the federal systems. These systems include computer and telecommunication systems that include voice system as well. The levels are qualitative in the increasing order, Level 1 being the lowest and Level 4 the highest.
The following are brief descriptions of the FIPS140 levels:
- FIPS140 Security Level 1—It is the basic or lowest level of security that prescribes basic security requirements for a cryptographic module, such as using at least one approved cryptographic algorithm. This level does not emphasize physical security.
- FIPS140 Security Level 2—Tamper evidence mechanisms is a requirement in this level. This enhances the physical security of the device. Tamper-evident seals or coatings should be used to physically protect the device or storage that contains the cryptographic module. This level also emphasizes the implementation of role-based authentication as a minimum.
- FIPS140 Security Level 3—The primary requirement is preventing an intruder from gaining access to the cryptographic modules and the Critical Security Parameters (CSP) contained within. This level prescribes high probability of detection and response mechanisms for physical attacks. This level emphasizes identity-based authentication.
- FIPS140 Security Level 4—This is the highest level and the physical security mechanisms. A complete envelope of protection around the cryptographic module with the intent of detecting and responding to all unauthorized attempts at physical access is provided. This level requires a two-factor authentication. This level also requires the control of environmental conditions such as preventing damage to cryptographic modules due to temperature, heat, and voltage.
In this article, we have reviewed some of the important concepts in the PKI systems. We have also discussed some of the cryptanalytic attacks that could be perpetrated on cryptographic systems and the federal standard FIPS140 that prescribes security levels for cryptographic modules that protect sensitive information.