![[Graphic: Behind the Screens]](/computing/windows/graphics/Behind_the_screensB.gif)
Encryption, or information scrambling, technology is an important security tool. Properly applied, it can provide a secure communication channel even when the underlying system and network infrastructure is not secure. This is particularly important when data passes through shared systems or network segments where multiple people may have access to the information. In these situations, sensitive data--and especially passwords--should be encrypted in order to protect it from unintended disclosure or modification.
Encryption is a procedure that involves a mathematical transformation of information into scrambled gobbledygook, called "cipher text." The computational process (an algorithm) uses a key--actually just a big number associated with a password or pass phrase--to compute or convert plain text into cipher text with numbers or strings of characters. The resulting encrypted text is decipherable only by the holder of the corresponding key. This deciphering process is also called decryption.
Several approaches to encryption are being explored at the UW. However, substantial barriers to widespread deployment remain. For one thing, there are many different and incompatible encryption techniques available, and not all the software we need to use implements a common approach. In the long run, effective use of encryption will require vendors to agree on which methods and standards to follow.
![[Graphic: The STAR Online Web site's sign-on screen.]](/computing/windows/issue22/graphics/star.gif)
STAR Online (an extension of the Student Telephone Assisted Registration) uses SSL public-key technology to provide a secure communication channel in which UW students authenticate themselves before doing tasks such as changing their address, or checking their grades or tuition balance, that they are authorized to do. |
One of the most common uses of public-key technology is to provide a secure communication channel between computer programs, although private-key techniques can be used for this, too. A prime example of public-key technology is the SSL protocol (see STAR Online screen), often used to protect information sent between Web browsers and Web servers. Public-key cryptography also provides the foundation for secure email, discussed at the end of this article.
When using a public-key system for personal authentication or secure messaging, you keep one key secret. The second (public) key can then be distributed to anyone. Some people put their public key on their personal Web page; it might also be stored on a public-key server.
The secret (or private) key in a public-key cryptographic system is never transmitted or shared. For example, when using this method for client-side authentication, the server sends some data to your client program. The client uses your private key to encrypt that data. Using your public key, the server will attempt to decrypt the returned data, and, if successful, know that it has established communication with "the real you."
Providing a way to authenticate yourself to a computer system without sending your password "in the clear" is an important security goal. Passwords sent without encryption may be discoverable by others if sent through or to insecure network segments or systems. Several approaches are being used to avoid the clear-text password problem:
In this last category, there are two contenders: the Kerberos authentication system (based on private-key cryptography), and personal certificates (based on public-key cryptography). Each requires significant resources to support it campuswide.
Another challenge for the UW will be to set policy on when and how institutional information is encrypted. In addition, public records requests and subpoenas will need to be honored regardless of whether or not records are encrypted.
![[Graphic:
Certificate properties Web screen.]](/computing/windows/issue22/graphics/cert.gif)
A certificate is issued by a certificate authority, in this case Thawte Consulting. |
Without establishing this kind of trust relationship, a criminal could attempt to steal your identity by distributing his or her own public key and asserting that it was yours. A digital certificate binds you to your public key.
You obtain a certificate by applying to a certificate authority (CA). Once the CA verifies you are who you say you are, it creates a certificate--a digital document--for you. The certificate contains:
Trust plays an important role in any public-key technology. How much weight a certificate carries depends on the type of authentication information that was required by the CA before issuing the certificate.
Certificates are used by many Web sites to authenticate their Web server to your browser. They can also be used to authenticate the client to the server.
Web browsers are shipped with a list of trusted CAs. These include companies like Thawte Consulting (see certificate properties screen above; www.thawte.com/) and VeriSign, Inc. (www.verisign.com/).
The challenge. In order for the UW to manage certificates to be used with applications, we will have to take care of:
If the UW became a certificate-issuing authority, we would have to deal with additional issues such as:
Certificates may be used to establish the identity of an individual, or of a computer. The UW is currently using certificates for central Web servers so that they can establish secure communication links with Web clients.
How client, or personal, certificates will fit into the university's future security infrastructure remains to be seen. While there are a small number of Web servers, and therefore a modest certificate management task for them, deployment of personal certificates for everyone at the UW would be a much bigger challenge, with lots of new policy questions.
Secure messaging is the principal driver for using personal certificates. Other alternatives can be used to address security problems in online systems, including Web-based transaction systems. However, the technical, policy, and management issues mentioned previously must be resolved before any widescale deployment of a public-key infrastructure is reasonable.
Protecting a document's integrity is done by giving the recipient a way to determine whether or not the document has been modified since it was digitally signed. Doing this involves two cryptographic techniques: message digest algorithms and public-key encryption.
To allow a document's integrity to be verified, a mathematical function is applied to the bits that make up the digital document. The resulting number is called the "message digest." It has the property that if the document is altered, applying the same function would result in a different message digest. If a message digest computed at the time the document was signed can be compared with one computed at a later time, it is possible to know whether the document was--either accidentally or intentionally--modified at some point in between.
The diagram that follows illustrates how digital signatures can be applied to email, though the same ideas apply regardless of how a document is transmitted electronically, and regardless of whether it is thousands of pages of human-readable text or a short computer-to-computer message such as a public-key certificate.
![[Graphic: Diagram of a man-in-the-middle attack to alter an email
message and how the author can safeguard it.]](/computing/windows/issue22/graphics/encryption.gif)
(A) The author's message is altered by the man-in-the-middle attack and
the recipient is not aware that the message has been changed.
(B) The author uses a message digest (MD). The recipient recalculates the
MD and, because the two MDs do not match, he knows the message was
altered.
(C) The man in the middle recalculates and replaces the MD on the altered
message before sending it. The recipient will be fooled.
(D) The author creates her digital signature by encrypting the MD with her
private signing key. The man in the middle does not have the author's
private key with which to alter the original MD, so the MDs do not match.
|
Digital signatures work this way: The author of the document calculates a message digest by putting the data through a one-way mathematical hashing process (represented by "#" in the diagram). This binary representation ("7012" in the diagram) is like a fingerprint that can be produced only from the original message using the same hashing algorithm.
The message digest is sent along with the document so that the recipient can recalculate the message digest from the document and compare it with the digest received with the document ("B" in the diagram). If the digests are the same, then the message sent and the message received are exactly the same.
The challenge. Message digests alone are not a complete solution for ensuring that a document has not been modified. Someone might intercept a message and its digest, modify the message, recalculate a new digest, and send both on to the recipient ("C" in the diagram). This is called a "man-in-the-middle" attack.
Thus, a digital signature must be more than just a message digest value for the signed document. A digital signature wouldn't be worth its salt if it could be easily modified along with the document. So the message digest itself must somehow be protected from modification.
This is where the second cryptographic technique comes in. The message digest is encrypted using the private key of the document's author ("D" in the diagram). The recipient may then decrypt the message digest using the public key of the originator and, assuming they used the correct public key, have assurance that the message digest they decrypted has not been modified since the document was signed.
Thus, using a digital signature makes a man-in-the-middle attack more difficult to carry out because the process of digitally signing a document includes calculating the message digest and then encrypting it.
If, for example, you wish to digitally sign a document being sent to Tom, the message digest would be encrypted using your private signing key. Tom would then verify your digital signature by using your public key (the other half of your signing key pair).
|
What Does a Digital Signature Look Like?
A digital signature is not a graphical representation of a handwritten signature (a "John Hancock"). It is data created by encrypting a message digest with a private signing key to identify and authenticate the sender and the message. If compatible encryption software is installed on the recipient's computer, it will automatically try to verify the signature. The State of Washington provides this example:
-------BEGIN SIGNATURE------ IQB1AwUBMVSiA5QYCuMfgNYjAQFAKgL/ ZkBfbeNEsbthba4BlrcnjaqbcKgNv+a5kr4537y8RCd+RHm 75yYh5xxA1ojELwNhhb7cltrp2V7LlOnAelws4S87UX80cL BtBcN6AACf11qymC2h+Rb2j5SSU+rmXWru+=QFMx -------END SIGNATURE------ |
A public-key infrastructure that enables personal certificates for authentication, digital signatures for protecting document integrity and identity, and encryption for privacy, will undoubtedly require managing multiple key pairs for everyone using these capabilities. Different service providers may require different certificates and keys, and different functions call for using different keys.
In particular, a digital signature key pair should not be the same key pair used for encrypting messages. Digital signature keys and encryption keys need to be managed differently:
The challenge. Although digital signature technology is available today, very difficult management and policy issues stand in the way of widespread deployment. Secure messaging is the primary place we would use digital signatures, and is the application that would drive deployment of a public-key infrastructure for personal certificates.
Further, by using your own private key, you can also digitally sign the message, either in addition to encrypting it, or in lieu of encryption (in cases where the content does not require privacy protection, but authentication and integrity are needed).
As previously described, the digital signature is created by encrypting a message digest with your private signing key. This digital signature is then sent along with your message. However, signing and encrypting messages is easier said than done. The program you use to send signed and/or encrypted messages must have access to all of your recipients' public keys, to your encryption key, and to your signing key.
As mentioned, secure email is one of the few applications that requires use of a public-key cryptography infrastructure (PKI). Managing keys for a PKI is difficult to do on the scale necessary for an institution such as the UW. Some of the challenges relating to managing a PKI, for digital signatures in particular, include:
Key management is even more difficult when you would like to use your private keys from more than one computer. Almost all applications using PKI assume that your private key exists on the local hard disk of a single computer. In the future, use of "smart cards" to store these keys may mitigate this problem, but there are other challenges to deploying a public-key infrastructure that are either unique to or exacerbated by secure messaging:
There are a number of incompatible methods of doing secure messaging. The two most common are S/MIME and PGP. S/MIME has the advantage that it is supported "out of the box" by Netscape's and Microsoft's email programs, though many have found it challenging to follow all the steps necessary to obtain the requisite keys and certificates.
S/MIME's leading competitor is PGP (Pretty Good Privacy). PGP is not directly supported by either Netscape or Microsoft, but add-on software is available to use it with those and many other mail programs.
More information about PGP and cryptography is available at www.pgpi.com/overview/ and, about S/MIME, at www.rsasecurity.com/standards/smime/faq.html
Although widespread deployment of a public-key infrastructure to support secure email is still a ways off at the UW, a few individuals here are successfully using secure email on a small-scale basis. This involves acquiring suitable software, because all correspondents must have a compatible encryption package, and then exchanging public keys or publishing them on public-key servers.