Public Key Cryptography and Information Security: A Literature Review

Public Key Cryptography and Information Security Maurice Kabeireho

Public Key Cryptography and Information Security: A Literature

Review

Maurice Kabeireho

TS8004

IT Research and Practice

Capella University

10 Reler Ln. # M

Somerset, NJ 08873

Tel: (732) 763 8230

Email: [email protected]

Instructor: Dr. Dani Babb

1


Abstract

Information is a valuable asset and must be kept confidential,

have integrity and be available in order to be worth its name and

be credible. Therefore in a bid to ensure this, strong

mathematical algorithms, that involve the use of a pair of keys

which are different from one another (public and private) like

the ones that are used by RSA and CISCO to mention but a few,

are employed and used in the processes of data encryption and

decryption. This system of using two keys, one public and the

other private that are different but mathematically related, to

secure information has given rise to the concept of Public Key

Cryptography; a concept that attempts to use key management in

ensuring the security of information and data against hacker’s

attacks while both in storage and moving over the internet from

one place to another. This paper thus, sets out to analyze the

working of the public key cryptography and find ways in which it

can be improved to give better information security.

2


Public Key Cryptography and Information Security

Introduction

In today’s world that is characterized with the rapid rise

in the number of hacking cases and more especially using more

sophisticated methods, it is prudent that most IT research be

geared towards finding solutions to the rising threats to the

internet platform, including the network itself and information

and the data that it stores and carries from one place to

another. The use of Cryptography and in particular Public key

3

Public Key Cryptography and Information Security Maurice Kabeirehocryptography has played a crucial role in curbing down most

information threats such as the man in the middle and

eavesdropping attacks that target data and information as it

moves over the internet medium. However, research carried out by

professionals in the field indicates that there could be some

gaps that need to be filled in the area of cryptography so as to

attain a better security of information and data. Such gaps could

be as a result of the current laws governing cryptography, the

culture of people using it as well as society’s expectations

(Callas, 2007). Callas, in his research, for example further

explains the paradox of stronger keys and explains that having

stronger keys does not necessarily mean having a secure system,

especially since the stronger keys will become more chaotic in

chaotic situations/system (Callas, 2007). This argument leads us

to the point that in order to be able to use stronger keys, there

is need for study on how to attain a stable cryptography system

that will ensure no mishaps. In his conclusion, he asserts that

the future of the use of the Public keys and cryptography will

much depend on attaining a strong and reliable key management

system that will ensure that only the right people get the keys

4

Public Key Cryptography and Information Security Maurice Kabeirehowhile at the same time ensuring that the keys never fall in the

hands of the wrong people (Callas, 2007).

This paper thus, proposes Public Key cryptography as an area

that will be analyzed and its application in information security

and seeks to find ways to make improvements by proposing measures

that would increase its overall efficiency in the protection of

information and data.

Problem Definition

The need to use the Public Key cryptography (Asymmetric

encryption) was developed as a result of the weakness in the

Private Key encryption (symmetric encryption) that had security

flaws and questions in how the secret keys would be shared

between the users without being eavesdropped on or being subject

to attacks such as the man in middle attack. As a result

therefore, one of the most popular and stronger Public Key

cryptographic system, the RSA, was developed in 1977 by three

researchers namely, Rivest, R., Sahmir, A. and Adelman, L. from

5

Public Key Cryptography and Information Security Maurice Kabeirehothe Massachusetts Institute of Technology (MIT) (Robinson, June

2008).

The use of the cryptography has been in existence as early

as the Second World War when it was used to in military

operations to ensure that their communications were safe from

that of the enemy lines. During this time however, only private

cryptography was in use. Public Key cryptography became more

popular in the 1970s with the development of the Diffie-Hellman

concept of key agreement in 1975 together with the key transport

and digital signing schemes that was proposed by Rivest, Shamir

and Adleman (RSA) in 1977 and this marked the beginning of a new

era in the concept of cryptography (Certicom, 2008).

Public key cryptography involves the use of two keys (public

and private keys) that are mathematically related and used

inversely in the encryption and decryption processes of data and

information in a bid to keep it safe, confidential, and maintain

its integrity both in its storage and as it moves from one place

to another. It makes the use of keys that help to verify and

ensure the identity of the users; thus making communication

6

Public Key Cryptography and Information Security Maurice Kabeirehosecure in an otherwise unsecure network (Schmeh, June 2003). The

developers of the system believed that the stronger the keys, the

stronger the security they provide which is to some extent is

correct but not always as will be seen from the analysis.

Ordinarily, a 128 bit key is expected to provide a better

security than a 56 bit key whereas a 256 bit key would be better

that a 128 bit key. This therefore, brings us to the point that

the strength of the encryption keys is a function of their

length; such that that the longer the key, the stronger the

security and the reverse is true. Levy, 2001, in his article,

saving privacy in the digital age; describes how computer geeks

used such stronger keys in applications lie the PGP to out-law

the federal government when it tried to encroach on the privacy

of the people through the use of the clipper chip; a special

microchip that would be used to enable the FBI to listen to any

conversation whether private or public.

The system uses a pair of keys, one public and the other

private that both hinge their validity through the Certificate

Authority (CA), an organization/body that is responsible for

generating the keys and ensuring that they are in the correct 7

Public Key Cryptography and Information Security Maurice Kabeirehohands by the right users, and also reserves the right to issue as

well as revoke them in case of any suspected misappropriation.

Important to note also is the fact that while the public key is

used in the encryption and verification process, the private key

is used in the decryption and creation of signatures. Through the

registration authority (RA), the CA ensures that the digital

certificates that are issued are mapped to the right entities and

thereafter keeps them in a central repository from where they are

monitored and managed (Schmeh, June 2003).

Public key cryptography has been used in various areas of

internet security and by various organizations including the RSA,

CISCO and in many security applications such as email security,

Pretty Good Practice (PGP), IP sec, Transport Layer Security,

Secure Socket Layer (SSL), Secure Shell (SSH) to mention but a

few in providing the security of the information and Data

(Kessler, 2014). It therefore follows that, the use of Public Key

encryption has been very crucial in providing data and

information security to organizations such as financial

institutions, Healthy organizations that store and carry persona

8

Public Key Cryptography and Information Security Maurice Kabeirehoidentifiable data, e-commerce corporations that store business

secrets as well as governments and military organizations.

Analysis and Review

There are a number of Newsgroups and forums that are engaged

in cryptography discussions and follow-ups on the internet such

as the sci.crypt.research, sci.crypt.random-numbers as well as

other credible forums such as the security and cryptography forum

to mention but a few (Stallings, 2011). All these will provide

good literature and a scholarly analysis about the subject. Also

following up on the works of other scholars and researchers in

the field will also provide a good ground for the reviewing the

literature

First and foremost, this cryptographic system is based on

the fact that the there is need for the generation of stronger

key so as to be able to provide a stronger security. Although,

this seems to be important in the achievement of a secure and

stronger Public cryptography, it falls short of mentioning the

need to have a stable crypto-system upon which it would work.

This is because stronger keys in volatile situations can result

9

Public Key Cryptography and Information Security Maurice Kabeirehoin more chaotic systems that will not achieve the goals of the

encryption (Callas, 2007).

Also some of the public key cryptographic systems such as

the Diffie-Hellman derive its security from the hardness of the

discrete logarithm problem such that given p, g, and ga; then one

can find a, which would be the secret key to decrypting the data

(Certicom, 2008). According to (Levy, 2001), the fact that public

key encryption involves the use of randomly chosen numbers and

prime numbers whose products are used in formulating the

encryption keys, it is nearly impossible for anyone trying to

attack the system to find them. However, research carried by

others scholars indicate that despite the hardness of these

problems, the basic cryptographic functions themselves did not

provide sufficient security (Certicom 2008). Therefore, there was

need to design a careful protocol together with a methodology for

defining precisely the security objective and proving that a

protocol met that objective as set (Certicom 2008). These

statements explain the reason behind the need to carry out

further studies so as to understand the key management system and

find out ways on how it can be improved.10


Important to note also is the fact that Public Key

cryptography assumes the fact that digital signatures will be

used as form of non-repudiation such that it will act as proof of

receipt and would not be denied. The fact that the documents or

information has been digitally received by the expected key does

not guarantee that it fell in the right hands, especially in

situations where there is no strong key management system in

place (Callas, 2007). According to callas, therefore, the future

of a better Public key cryptographic system will be dependent on

a strong key management system that will ensure that only the

right people get the keys and not the wrong ones(Callas, 2007).

Conclusion

By and large therefore, looking at the rapid rise and spread

of the internet usage in today’s world in which individuals,

governments and business organizations transact their everyday

business that involve transfer of sensitive data from one place

to another versus the increased role of hacking that has come

with sophisticated methods, it becomes prudent that research into

11

Public Key Cryptography and Information Security Maurice Kabeirehoimproved ways of keeping information and data secure be carried

out so as to help counter such rising threats. Therefore, a

research on public key cryptography (an aspect in cryptography

that uses two inversely related keys in ensuring the security of

data and information), in respect to finding a stronger key

management system, is crucial than ever as this will help to

bring about a stable cryptographic system very necessary for the

achievement of stronger keys that will provide stronger security

to the information and data.

12


References

Callas, J. (2007). The Future of Cryptography. Information Systems

Security. 16(1), 15-22.

Retrieved December 27, 2013, doi:10.1080/10658980601051284

Certicom Corp. (2008). The Origins of Public Key Cryptography and

ECC. Retrieved from

http://www.certicom.com/index.php/component/content/

article/46-cc-volume-2-no-1/527--the-origins-of-public-key-

cryptography-and-ecc

Kessler, C. G. (January 2014). An over view of Cryptography.

Retrieved from

http://www.garykessler.net/library/crypto.html

Levy, S. (2001). Crypto: How the Code Rebels Beat the Government

- Saving Privacy in the

Digital Age. New York: Viking Penguin Publishing.

13


http://www.certicom.com/index.php/component/content/article/46-cc-volume-2-no-1/527--the-origins-of-public-key-cryptography-and-ecc



Public Key Cryptography and Information Security Maurice KabeirehoRobinson, S. (June 2008). Safe and Secure: Data Encryption for

Embedded Systems.

(Coverstory). EDN Europe, 53(6), 24-33. Retrieved December

27, 2013, from Academic Search Premier database.

Sen, J. (2012). Applied Cryptography and Network Security.

Retrieved form

https://www.academia.edu/2579302/

Applied_Cryptography_and_Network_Security

Schmeh, K. (June 2003). Cryptography and Public Key Infrastructure on the

Internet:

John Wiley & Sons Ltd., The Atrium, Southern Gate,

Chichester, West Sussex PO19 8SQ, England.

Stallings, W. (2011). Cryptography and Network Security:

Principles and Practice, 5TH Edition.

Pearson Education, Inc., Prentice Hall

14

https://www.academia.edu/2579302/Applied_Cryptography_and_Network_Security



Annotated Bibliography

This annotated bibliography is prepared for the partial

fulfillment of the requirements for the degree of Doctor of 15

Public Key Cryptography and Information Security Maurice KabeirehoPhilosophy in IT with a specialization in Information Assurance

and Security.

Callas, J. (2007). The Future of Cryptography. Information Systems

Security. 16(1), 15-22.

Retrieved December 27, 2013, doi:10.1080/10658980601051284

This article explains the different scenarios about

cryptography in regard to the myth that is involved such as the

one involving the strength of the keys as a function of the

length and proposes solutions that are necessary to bring about a

stable and stronger crypto-system that will help in achieving

better information security.

The article will be very important to me in my research

towards my degree that covers public key cryptography and

information security. It will also continue to be very useful to

me in my carrier as an information security practitioner.

16

Public Key Cryptography and Information Security Maurice KabeirehoLevy, S. (2001). Crypto: How the Code Rebels Beat the Government

- Saving Privacy in the

Digital Age. New York: Viking Penguin Publishing.

This article explains the role of a stronger public key

encryption as a means of protecting individual’s privacy from

other entities including the government. It stresses that the use

of the very large numbers in combination with chosen prime

numbers in formulating the encryption key make it almost

impossible for the hackers to know the original numbers used.

It will particularly be very important to me in

understanding the role of prime numbers and the lager digits in

the attaining a better information security.

Sen, J. (2012). Applied Cryptography and Network Security.

Retrieved form

https://www.academia.edu/2579302/

Applied_Cryptography_and_Network_Security

17




This article is published by a professional researcher and a

faculty member of the National institute of science and

technology, Computer Science and Engineering. The article

stresses the role of cryptography in finding new security

solutions as the security vulnerabilities change every day.

The article proposes several ways in which security can be

improved through research and will therefore be important to me

in my research journey in public key cryptography. The article

will also be useful for reference in my future carrier as an

information security consultant.

Schmeh, K. (June 2003). Cryptography and Public Key Infrastructure on the

Internet:

John Wiley & Sons Ltd., The Atrium, Southern Gate,

Chichester, West Sussex PO19 8SQ, England.

This article was published by a professional and researcher

in the field of Information Technology who has authored other

publications in the same field. The article talks about the

18

Public Key Cryptography and Information Security Maurice KabeirehoPublic Key Cryptography in detail and explains all the scenarios

surrounding the concept.

It will be very useful as a source of reference in my

research now as a scholar and as a future professional in the

same field. The author is reliable since it has been reviewed and

the author has a very good experience in the subject.

Stallings, W. (2011). Cryptography and Network Security:

Principles and Practice, 5TH Edition.

Pearson Education, Inc., Prentice Hall.

This article is published by an experienced author and is

peer reviewed as well. It explains the principles and practices

surrounding the role of cryptography and network security. It is

very important to me as it will be a good source of reference for

my final research paper as well my future works in the field of

information security.

19

Public Key Cryptography and Information Security Maurice KabeirehoRobinson, S. (June 2008). Safe and Secure: Data Encryption for

Embedded Systems.

(Coverstory). EDN Europe, 53(6), 24-33. Retrieved December

27, 2013, from Academic Search Premier database.

This article explains how data encryption by use of the

public key cryptography for Embedded Systems helps to keep

information and data safe and thus improving the overall security

of information.

The article will be important to me in further understanding

the role of public key encryption in attaining a better

information and data security.

Kessler, C. G. (January 2014). An over view of Cryptography.

Retrieved from


The article gives a clear overview of public cryptography,

including the areas of its application and the gives relevant

examples in real world about the subject. The article in

20


Public Key Cryptography and Information Security Maurice Kabeirehoreference also explains several concepts that are used in

cryptography today.

It is very useful to me in adding to my knowledge about the

subject and will also act as reference to the most recent

literature about cryptography. The author is a credible

researcher in the field of cryptography and published several

other articles about the same subject.

Certicom Corp. (2008). The Origins of Public Key Cryptography and

ECC. Retrieved from

http://www.certicom.com/index.php/component/content/

article/46-cc-volume-2-no-1/527--the-origins-of-public-key-

cryptography-and-ecc

This article explains very well and in detail the origins of

Public Key Cryptography, giving the various stages it has gone

through up to the current state. The organization employs

numerous authors who are well qualified and experienced

publishers about the subject.

21




Public Key Cryptography and Information Security Maurice KabeirehoI will therefore use this article, as my reference to the history

of Public Key Cryptography in my paper today and in future

studies.

Acknowledgements

I would like to thank, with great honor all those who helped me

in one way or the other in making my final paper a success.

In this regard, I would like to extend my gratitude to my peers

who reviewed my work and gave me back a very constructive

feedback.

I also would like to recognize all the authors, whose works I

used to demonstrate and support my ideas.

Last but not least, I would like to thank my supervisor and

instructor, who guided me all the way until the end.

May God bless you all.

22


23

Public Key Cryptography and Information Security: A Literature Review

Documents

Transcript of Public Key Cryptography and Information Security: A Literature Review