 |
|
|
Cellular Networking Perspectives is proud to be able to link you to the anonymous Crypto Answer Man. He will attempt to answer questions of general interest related to wireless security. Due to personal security requirements (and a few unpaid bills) he cannot reveal his identity. Questions that are accepted by our man, will be posted here, along with the answers. Particularly interesting questions and answers will be published in Wireless Security Perspectives.
This question was submitted by davidlw@ncat.edu (North Caroline A&T University in Greensboro, NC)
The Crypto-Answer-Man believes that this inquisitive mind (and wise reader of Cellular Network Perspectives) is really asking, ‘What is the major advantage of public key cryptography over private key cryptography?’ Before answering this question, we first need to briefly define public and private key cryptography. Private key cryptography deals primarily with message secrecy or confidentiality. In a classical system, a single key is used to protect a message from unauthorized disclosure. This single key is used for both encryption and decryption (which is where the term 'symmetric key cryptography' comes from). One of the problems with private key cryptography is key distribution. That is, how do you get the keys to the two or more people or machines that will be communicating so that they can communicate securely if you do not have a secure channel in the first place? Historically, key distribution has been performed by courier or through some out-of-band means. In classical cryptography, once a key is established, Alice communicates securely with Bob by encrypting a message with the key that they share. Bob decrypts the message with that same key. Both he and Alice must keep the private key secret – this is often difficult to accomplish.
Crypto-Answer-Man Notable Note 1: This need to maintain the secrecy of keys is a fundamental tenet of cryptography. The security of the system depends upon it!
In public key cryptography (PKC), there are two keys for each communicant. One of the keys is used for encryption (to ‘lock’ the message) and the other is used for decryption (to ‘unlock’ the message). If Alice wants to communicate with Bob, she encrypts a message using his public key. Bob decrypts the message with his private key. Both must keep their private keys secret. It is not necessary to keep the public keys secret.
With this background, we can list the major advantages of public key cryptography over private key cryptography:
Advantage #1. In PKC, Alice can send an encrypted message to Bob without first communicating a secret key. Hence, PKC solves the ‘key distribution problem.’
Crypto-Answer-Man Notable Note 2: This problem, or more generally, key management, is the most difficult aspect of building a cryptosystem.
Advantage #2. PKC allows for two other security services, integrity and authentication. Integrity is defined as assurance that a message did not change in transit. Authentication, in this context, refers to validating the source of a message.
Crypto-Answer-Man Notable Note 3: Private and public systems are not mutually exclusive. For practical reasons, both types of systems are required to achieve secrecy, integrity and authenticity while easing the burden of key management. In fact, hybrid systems are typically employed today.
Advantage #3. PKC permits the non-repudiation security service via the use of digital signatures. Non-repudiation means that a sender of a message cannot falsely and successfully deny later that he sent a message.
Crypto-Answer-Man Notable Note 4: Digital signatures used in PKC can be verified by ‘anyone’ not just the intended recipient.
© – Copyright