Asymmetric Cryptosystems
Asymmetric cryptosystems are almost new in cryptography (from about 1970), and
they accept abounding absorbing properties, abnormally about affidavit and key
Hash
Function
Hash
Shared key Message
16 Chapter 1: Introduction to Security
distribution. Figure 1-8 represents agee encryption, which is area two different
keys are used—one for encryption and one for decryption.
Figure 1-8 Agee Encryption with Two Adapted Keys
The alone analytic aberration of agee encryption (compared to symmetric encryption)
is that two adapted keys are used. Those keys are the key pair. One key is the clandestine key
and the added one is the accessible key.
A distinct article owns and uses the clandestine key in the system. All added entities use the public
key. Although a algebraic accord exists amid the two keys, it is
computationally acutely difficult to compute the clandestine key from the accessible key—it
would booty centuries for bags of computers.
Asymmetric cryptosystems can be acclimated for
• Acquaintance with the advice of encryption
• Candor and affidavit with the advice of a signature
The best acclimated agee cryptosystem is RSA, which is alleged afterwards its inventors: Rivest,
Shamir, and Adelman. RSA can be acclimated for confidentiality, integrity, and authentication, as
subsequent sections explain.
Confidentiality with Agee Cryptosystems
You can use agee cryptosystems to accommodate bulletin confidentiality. The ambition is that
every article can arise a bulletin to a destination, and alone the advised destination can
actually break and apprehend the transmitted message. In a apocryphal arrangement setting, apparent in
Figure 1-9, Alice, the bulletin originator, uses Bob’s accessible key to ensure that alone Bob,
the advised recipient, can apprehend the message. Because every article has Bob’s accessible key,
they can use it to encrypt the message. Alone Bob has its clandestine key, however, so alone he
can break the blank argument to accept the aboriginal message.
Key for
Encryption
Key for
Decryption
Plaintext:
Hello
Plaintext:
Hello
Encryption Ciphertext: Decryption
%z$*@
Cryptography 17
Figure 1-9 Acquaintance with Agee Cryptosystems
Although this appliance of agee encryption is altogether valid, it suffers from low
performance compared to symmetric-encryption algorithms. It is hardly acclimated to encrypt
bulk messages; instead, it encrypts a aggregate key beatific from Alice to Bob. This aggregate key is
further acclimated to symmetrically encrypt the aggregate of data.
This is a way to accomplish key distribution—for example, TLS uses it.
Integrity and Affidavit with Agee Cryptosystems
Figure 1-10 describes the use of Alice’s clandestine key to ensure that every almsman can
decrypt the message, but additionally to prove that alone Alice could accept originated it. Indeed,
because Alice’s clandestine key is alone endemic by Alice, alone Alice can encrypt the bulletin in
such a way that Alice’s accessible key can break it.
Figure 1-10 Affidavit with Agee Cryptosystems
Because Alice cannot abandon the ciphering (only Alice has her clandestine key), this is
called a signature. This absolutely differs from the symmetric cryptosystems, where
HMAC can be repudiated.
Bob’s
Private
Key
Bob’s
Public
Key
Alice Bob
Plaintext:
Hello
Plaintext:
Hello
Encryption Ciphertext: Decryption
%z$*@
Alice’s
Public
Key
Alice’s
Private
Key
Alice Bob
Plaintext:
Hello
Plaintext:
Hello
Encryption Ciphertext: Decryption
%z$*@
18 Chapter 1: Introduction to Security
Using agee cryptosystems for affidavit is acutely slow. Hence, the full
message is not signed, but the message’s cryptographic assortment is signed. This is abundant faster
for both the artist and the message’s recipient. The almsman can again compute the hash
of the accustomed bulletin and break the accustomed encrypted hash. If both the computed and
the decrypted hashes are identical, there’s reasonable affidavit of
• Authentication. Alone the buyer of the clandestine key, which encrypted the aboriginal hash,
could accept encrypted it. Hence, the artist cannot abandon his message.
• Integrity. If the bulletin itself was adapted afore it accomplished the recipient, the
computed assortment would alter from the decrypted one. This would announce alteration.
Because about-face is detectable, the bulletin is transmitted with integrity.
Key Administration and Certificates
With agee cryptosystems, key administration is easier to secure—only the accessible key
of every article charge be distributed, and these are accessible keys. (Everyone can cautiously access
them after breaching the system.)
The actual affair is to ensure that Bob’s accessible key is absolutely Bob’s accessible key and not a
hacker’s accessible key. Otherwise, Alice encrypts her bulletin to Bob with a hacker’s public
key, and a hacker calmly decrypts Alice’s bulletin with his own clandestine key.
The bounden of the accessible key to its buyer involves appliance agenda certificates. A digital
certificate, about beneath the ITU-T X.509 adaptation 3 format, is a baby allotment of abstracts that
contains Bob’s accessible key and Bob’s name; this allotment of abstracts is added digitally active by
an article trusted by Alice, Bob, and all added entities. This trusted article is alleged the
certification ascendancy (CA), and it’s the issuer of the certificate.
The procedures and protocols about affidavit arising are alleged a public-key
infrastructure (PKI). A PKI handles conspicuously enrollment, renewal, and revocation:
• Enrollment. How can a accountable get a affidavit for its accessible key? This is not alone a
technical problem, but it is mainly a action issue. How can the CA verify that the
subject is who he clams to be?
• Renewal. Agenda certificates accept a authority aeon (like passports and acclaim cards);
hence, they charge be renewed periodically. A archetypal authority aeon is one year.
• Revocation. If a subject’s clandestine key is compromised (for example, by a hacker) or
potentially compromised (for example, it was stored in the NVRAM of a router
shipped to Cisco for replacement, so the key brace ability be compromised during
transportation), the CA charge abjure the key brace and the agenda certificate, and every
other article charge be fabricated acquainted of this revocation. This involves abounding procedures to
prevent the abolishment by a nonauthorized entity.
Cryptography 19
X.509 Certificates and Cisco IOS Routers
The use of X.509 certificates is generally affected to be big-ticket and complex, which is
incorrect. Microsoft Windows servers are alien with a CA, and Active Directory can rely
on certificates for authentication. Group behavior can additionally be acclimated to calmly distribute
certificates to all PCs in a domain.
The aforementioned applies for Cisco IOS routers. Since Cisco IOS 12.3T and 12.4, best routers can
act as a affidavit server. (That is, it can affair and abjure agenda certificates to routers.) This
implementation is abundant for best use of agenda certificates in a network. Additional
organizational procedures should be added about this affidavit server (such as what to
verify afore enrolling a router).
Both Windows CA and the Cisco IOS affidavit server are accessible to administer and are basically
free for centralized use. It is a adapted adventure back the agenda affidavit charge be acclimated outside
of the authoritative area (for example, for a e-commerce web server, which charge be
reachable through all browsers worldwide); this requires the use of a specific basis CA,
which is a CA that all browsers recognize. The basis CAs are usually expensive, but they are
not appropriate for best of the arrangement application.
The use of a aggregate key ability be accessible to deploy, but it is generally added circuitous to maintain
because abacus or removing an article implies alteration the agreement of all entities.