Cryptography Reference
In-Depth Information
6.2.1 Security Mechanisms
As shown in the previous section, public-key schemes can be used for encryption of
data. It turns out that we can do many other, previously unimaginable, things with
public-key cryptography. The main functions that they can provide are listed below:
Main Security Mechanisms of Public-Key Algorithms:
Key Establishment
There are protocols for establishing secret keys over
an insecure channel. Examples for such protocols include the Diffie-
Hellman key exchange (DHKE) or RSA key transport protocols.
Nonrepudiation
Providing nonrepudiation and message integrity can be
realized with digital signature algorithms, e.g., RSA, DSA or ECDSA.
Identification
We can identify entities using challenge-and-response pro-
tocols together with digital signatures, e.g., in applications such as smart
cards for banking or for mobile phones.
Encryption
We can encrypt messages using algorithms such as RSA or
Elgamal.
We note that identification and encryption can also be achieved with symmetric
ciphers, but they typically require much more effort with key management. It looks
as though public-key schemes can provide all functions required by modern security
protocols. Even though this is true, the major drawback in practice is that encryption
of data is very computationally intensive — or more colloquially: extremely slow —
with public-key algorithms. Many block and stream ciphers can encrypt about one
hundred to one thousand times faster than public-key algorithms. Thus, somewhat
ironically, public-key cryptography is rarely used for the actual encryption of data.
On the other hand, symmetric algorithms are poor at providing nonrepudiation and
key establishment functionality. In order to use the best of both worlds, most practi-
cal protocols are
hybrid protocols
which incorporate both symmetric and public-key
algorithms. Examples include the SSL/TLS potocol that is commonly used for se-
cure Web connections, or IPsec, the security part of the Internet communication
protocol.
6.2.2 The Remaining Problem: Authenticity of Public Keys
From the discussion so far we've seen that a major advantage of asymmetric
schemes is that we can freely distribute public keys, as shown in the protocols in
Figs. 6.4 and 6.5. However, in practice, things are a bit more tricky because we still
have to assure the
authenticity
of public keys. In other words: Do we really know
that a certain public key belongs to a certain person? In practice, this issue is often
