Asymmetric Key Cryptography: Part 2

Technology by Adam on 2005-04-21 02:26

Asymmetric key crypto solves the increasingly relevant dual problems of identity and privacy. There numerous places where this technology should be used, but (for some unfathomable reason) has not yet made its way into common usage.

Let’s start with a simple but very enlightening example: physical access control to a location. Put another way: how do you lock and unlock your door? For most of us, myself included, the answer is “with a physical key.” Although functional, this solution has many downsides. Loosing the key is easy, and damage to the key is a possibility. The mechanism for copying physical keys is inconvenient (such as getting a copy late at night for your friend coming into town) and insecure (a thief could potentially swipe your key, make a copy, and bring it back before you know it’s gone). Once given, a key cannot be revoked other than by demanding that they return to to you. Physical keys are also rarely unique. (Most lock & key sets that you can buy have a few hundred variations on the key, so in fact there are thousands of people across the country whose key will open your door.) And, if you’re like me, your keyring is unwieldy due to the large numbers of nearly-identical looking keys you have to carry.

Enter public key crypto, which solves all these problems and more.

Here’s how it would work as a physical key replacement. Everyone carries a small USB device called a token, such as this one. This device is about the same size and weight as a standard door key, and costs less than $40. It has a tiny amount of flash memory inside which is used to store your private key. Now here’s the trick: when you plug it into to a USB port on a computer or other device, it does not allow the device to access the private key directly. Instead, the receiving device can pass a block of data to the token. The token encrypts this data with your private key, and passes back the encrypted block. The device can confirm that the private key is valid by decrypting the returned data with your public key, which it may have stored locally, or which it may pull down from a public key server. If the decrypted block matches the original data it passed in, the receiving device can be certain that the token is yours.

So now, your door would no longer have a single key. Instead it has a list - called an access control list - of public keys belonging to people who are allowed to unlock the door. This list is specified by the property’s owner or resident (i.e., you). So you would certainly have your own key and your roommate’s key on the list, but you might also add your friend’s key when they come into town to stay with you for a few days. In that case, however, you would specify a time period for which it is valid - say, from the day they are scheduled to arrive until the day after they are scheduled to leave. You can safely grant them access to your home without worrying about them hanging onto the key, losing it, or otherwise doing anything to compromise your long-term security. And you can grant this access remotely (you don’t have to be home to do it), and at any time, for no cost (since you need not go to a key duplicator).

The flexibility of this system solves all sorts of convenience and security problems associated with physical access control. Take gated apartment buildings. It’s always a hassle to deal with call boxes; keys can be lost or copied; and if there is a keypad with a security code, it doesn’t take long for the code to become common knowledge among non-residents. And when a resident invites friends over or has a small party, dealing with the gate often becomes such a hassle that said resident just ends up using a rock to prop open the gate. So much for security!

Asymmetric key crypto to the rescue again. Now, when you send out the invitation email, you can add the public keys of everyone who is invited to the front gate list for that evening. They can get in easily, but no one else can. And the next day, their keys are off the list, so they won’t be able to get in unless invited again. It’s more convenient and more secure.

It doesn’t take a lot of imagination to see how this same approach would work wonders for controlling access to semi-public locations, such as a school or workplace. Or how about a paid-entry location like a movie theater, theme park, or concert? Instead of buying a paper ticket, your purchase would add your public key to the list of attendees. Now when you arrive at the entrance you need only plug in your token to get access. No more worrying about waiting for tickets to come in the mail, or losing them. It’s better for the theater/theme park/concert hall as well, as tickets would be impossible to forge.

Here’s a no-brainer: airline tickets. Given the current level of concern about flight security, and the billions that have gone into it in recent years, you’d think this inexpensive and easy-to-implement solution would have been at the top of this for security improvements. (Oh that’s right, I forgot - they only want to add things that make people feel more secure, not things that actually make them more secure.)

Another area that is just begging for a solution like public key crypto is payment processing. Credit and debit cards are a wonderful method of payment that has transformed commerce. (Online shopping, for example, wouldn’t even be possible without them.) But the current authentication technology pretty much stinks. You’ve got this string of 16 digits (your card number) which uniquely identifies you and your ability to pay. But the problem is, this number (which should, in theory, be kept as private as possible) is extremely easy to copy. You can easily acquire credit card numbers from discarded receipts or mail. Online merchants keep large databases of card numbers around for recurring billing, but often they are very sloppy about protecting it, copying the data over insecure protocols such as email and FTP. The idea that 16 digits (plus a few extra items like the expiration and CVV number) is sufficient for identity authentication is almost laughable.

By now I’m sure you can guess where this is going. Say it with me: asymmetric key crypto! The very same key that you use to unlock your door now becomes your credit card, debit card, and checkbook all rolled into one. When making a purchase either online or in person, the merchant would present you with an electronic invoice/receipt. Plug in your security token and press a button to indicate you wish to digitally sign the receipt. Your token uses your private key to encrypt the receipt, thus digitally signing it. The merchant stores both the encrypted and unencrypted receipt copies, and later presents them to your bank. Your bank can verify that you (and only you) authorized the payment by decrypting the signature with your public key, which they have on file. This is way more convenient and massively more secure than typing in a long string of numbers on a website, or even compared to swiping a plastic card and signing a piece of paper.

With credit card fraud costing banks, merchants, and consumers billions of dollars each year, you’d think they would be pretty motivated to switch to this method of payment authentication. Alas, the financial industry tends to be very slow to adopt new technologies. (I worked in the credit card processing business for a few years, so I know this all too well.)

The last few examples I want to cover are so obvious they almost aren’t worth mentioning. Luckily, these are also areas where some progress has been made and people are currently making use of public key crypto for real-life transactions. These areas are email, software installation, and login access.

Email is the most prevalent use of asymmetric key crypto today. If you’ve ever traded emails with an ubergeek you may have seen an attachment (usually called signature.asc) which, if you open it, contains a block of seemingly random characters. This is their digital signature. If you are using an email client that supports encryption and digital signing (most do, except for Outlook) then you can add their public key and verify that the message came from them.

Additionally, you can use their public key to send them an encrypted email. No one other than the recipient - not even you - will be able to read the message once it is encrypted. Email is an inherently insecure protocol, as the message contents are transmitted in plaintext over the public Internet. Anything you put it in it can potentially be read by network sniffers or prying sysadmins. That’s what it’s generally a bad idea to email passwords, credit card numbers, or other sensitive information. (Although the sheer volume of information flowing over the net all the time means that you are somewhat protected by anonymity. Kind of like announcing your credit card number at a crowded party where everyone else is talking at the same time - your voice will usually be lost in the noise.)

Identity verification is actually the more interesting part of email crypto usage. The spam problem largely revolves around the lack of sender authentication in the SMTP protocol. Anyone can send an email claiming to be anyone and there is no way to verify their claim without using a digital signature. If everyone started using digital signing by default with their emails, spam would basically disappear overnight. (There’s more to it than this, but I’m keeping it simple to avoid excessive digression.)

Another place where you have seen digital signatures in use is software installation. Linux has had digital packaging signing for many years, and both Mac OS X and Windows also introduced support for it more recently. This can also use something called certificate authorities, which is sort of cascading method of digital signatures whereby a trusted third party signs the key of the software creator, allowing them to sign packages they create and allow for an extra layer of verification. This method of chaining keys is also used for SSL certificates on secure websites.

The last place where asymmetric key crypto makes perfect sense is login access. In this context the electronic token is often referred to as a smart card, and instead of typing in a password you swipe your card or plug in your token. Then when you’re done you remove your token to log out. It’s easier (no passwords to remember) and more secure (most people use short, easy-to-guess passwords anyway). A similar approach can be used to store all the passwords for remote sites you access, like your online banking site, LiveJournal, PayPal, etc. I use an open source application called KWallet which utilizes public key crypto to securely store website login information. (Traditional “save password in browser” options in most browsers do not use strong encryption.)

So there you have it. Next time you hear someone complain about losing a key, receiving spam email, or fraudulent charges on their credit card, you can nod your head sagely and say: “This could have been prevented with asymmetric key cryptography.”

13 comments per 'Asymmetric Key Cryptography: Part 2'

  1. Robert Earl Hazelett says:

    Hmmmmm . . . Well, here I am at number two. I enjoed it. But I’m sleepy now so I will log your address into my computer and come back tomorrow.

    Bob Hazelett

  2. Danylle Miller says:

    This was a great two part artical. What I haven’t seen is the down side to public key encription. There as got to be a down side, even if it is a small one.

  3. Adam says:

    The only downside that I am aware of is that the concept is so complex and abstract that very few individuals understand it, and therefore are able to recognize its benefits.

    Over the long term this won’t matter; not that many people understand Maxwell’s equasions, but that doesn’t prevent them from listening to the radio or using a cell phone. It’s up to technology providers to turn abstract mathematical theories into technologies with concrete and comprehensible benefits for use by the masses.

  4. Anon says:

    How about for software licensing too, instead of activation or easily stolen CD keys?

  5. Adam says:

    Yep, it would work great for software licensing. Certificate authorities (that is, signing someone else’s key) would probably be the way to go.

    Although, this assumes that you believe in intellectual property in general, which I don’t. :)

  6. multi payment finance loans in sc says:

    multi payment finance loans in sc

    other Jacobson plaid tumultuous!Paraguayans lockings

  7. computers casino downloading advisors says:

    computers casino downloading advisors

    Biltmore gaped slammed

  8. mp3 says:

    http://mp3novosti.ru/ mp3

  9. nutrobion says:

    Adam,

    Thank you for this helpful article. What happens when a person loses his token? Could someone finding a lost token use it to pay for items at the store?

  10. Door Access control kit says:

    Door Access control kit

    Adam @ Dusk » Asymmetric Key Cryptography: Part 2

  11. click to find out more says:

    click to find out more

    Adam @ Dusk » Asymmetric Key Cryptography: Part 2

  12. http://forum.communitiesandlandscapes.org/viewtopic.php?Id=290292 says:

    http://forum.communitiesandlandscapes.org/viewtopic.php?Id=290292

    Adam @ Dusk » Asymmetric Key Cryptography: Part 2

  13. Osswaldundosswald.Com says:

    Osswaldundosswald.Com

    Adam @ Dusk » Asymmetric Key Cryptography: Part 2

Post a comment

Enter your comment (some HTML allowed)