Public Key Cryptography and Information Security: A Literature Review
Transcript of Public Key Cryptography and Information Security: A Literature Review
Public Key Cryptography and Information Security Maurice Kabeireho
Public Key Cryptography and Information Security: A Literature
Review
Maurice Kabeireho
TS8004
IT Research and Practice
Capella University
10 Reler Ln. # M
Somerset, NJ 08873
Tel: (732) 763 8230
Email: [email protected]
Instructor: Dr. Dani Babb
1
Public Key Cryptography and Information Security Maurice Kabeireho
Abstract
Information is a valuable asset and must be kept confidential,
have integrity and be available in order to be worth its name and
be credible. Therefore in a bid to ensure this, strong
mathematical algorithms, that involve the use of a pair of keys
which are different from one another (public and private) like
the ones that are used by RSA and CISCO to mention but a few,
are employed and used in the processes of data encryption and
decryption. This system of using two keys, one public and the
other private that are different but mathematically related, to
secure information has given rise to the concept of Public Key
Cryptography; a concept that attempts to use key management in
ensuring the security of information and data against hacker’s
attacks while both in storage and moving over the internet from
one place to another. This paper thus, sets out to analyze the
working of the public key cryptography and find ways in which it
can be improved to give better information security.
2
Public Key Cryptography and Information Security Maurice Kabeireho
Public Key Cryptography and Information Security
Introduction
In today’s world that is characterized with the rapid rise
in the number of hacking cases and more especially using more
sophisticated methods, it is prudent that most IT research be
geared towards finding solutions to the rising threats to the
internet platform, including the network itself and information
and the data that it stores and carries from one place to
another. The use of Cryptography and in particular Public key
3
Public Key Cryptography and Information Security Maurice Kabeirehocryptography has played a crucial role in curbing down most
information threats such as the man in the middle and
eavesdropping attacks that target data and information as it
moves over the internet medium. However, research carried out by
professionals in the field indicates that there could be some
gaps that need to be filled in the area of cryptography so as to
attain a better security of information and data. Such gaps could
be as a result of the current laws governing cryptography, the
culture of people using it as well as society’s expectations
(Callas, 2007). Callas, in his research, for example further
explains the paradox of stronger keys and explains that having
stronger keys does not necessarily mean having a secure system,
especially since the stronger keys will become more chaotic in
chaotic situations/system (Callas, 2007). This argument leads us
to the point that in order to be able to use stronger keys, there
is need for study on how to attain a stable cryptography system
that will ensure no mishaps. In his conclusion, he asserts that
the future of the use of the Public keys and cryptography will
much depend on attaining a strong and reliable key management
system that will ensure that only the right people get the keys
4
Public Key Cryptography and Information Security Maurice Kabeirehowhile at the same time ensuring that the keys never fall in the
hands of the wrong people (Callas, 2007).
This paper thus, proposes Public Key cryptography as an area
that will be analyzed and its application in information security
and seeks to find ways to make improvements by proposing measures
that would increase its overall efficiency in the protection of
information and data.
Problem Definition
The need to use the Public Key cryptography (Asymmetric
encryption) was developed as a result of the weakness in the
Private Key encryption (symmetric encryption) that had security
flaws and questions in how the secret keys would be shared
between the users without being eavesdropped on or being subject
to attacks such as the man in middle attack. As a result
therefore, one of the most popular and stronger Public Key
cryptographic system, the RSA, was developed in 1977 by three
researchers namely, Rivest, R., Sahmir, A. and Adelman, L. from
5
Public Key Cryptography and Information Security Maurice Kabeirehothe Massachusetts Institute of Technology (MIT) (Robinson, June
2008).
The use of the cryptography has been in existence as early
as the Second World War when it was used to in military
operations to ensure that their communications were safe from
that of the enemy lines. During this time however, only private
cryptography was in use. Public Key cryptography became more
popular in the 1970s with the development of the Diffie-Hellman
concept of key agreement in 1975 together with the key transport
and digital signing schemes that was proposed by Rivest, Shamir
and Adleman (RSA) in 1977 and this marked the beginning of a new
era in the concept of cryptography (Certicom, 2008).
Public key cryptography involves the use of two keys (public
and private keys) that are mathematically related and used
inversely in the encryption and decryption processes of data and
information in a bid to keep it safe, confidential, and maintain
its integrity both in its storage and as it moves from one place
to another. It makes the use of keys that help to verify and
ensure the identity of the users; thus making communication
6
Public Key Cryptography and Information Security Maurice Kabeirehosecure in an otherwise unsecure network (Schmeh, June 2003). The
developers of the system believed that the stronger the keys, the
stronger the security they provide which is to some extent is
correct but not always as will be seen from the analysis.
Ordinarily, a 128 bit key is expected to provide a better
security than a 56 bit key whereas a 256 bit key would be better
that a 128 bit key. This therefore, brings us to the point that
the strength of the encryption keys is a function of their
length; such that that the longer the key, the stronger the
security and the reverse is true. Levy, 2001, in his article,
saving privacy in the digital age; describes how computer geeks
used such stronger keys in applications lie the PGP to out-law
the federal government when it tried to encroach on the privacy
of the people through the use of the clipper chip; a special
microchip that would be used to enable the FBI to listen to any
conversation whether private or public.
The system uses a pair of keys, one public and the other
private that both hinge their validity through the Certificate
Authority (CA), an organization/body that is responsible for
generating the keys and ensuring that they are in the correct 7
Public Key Cryptography and Information Security Maurice Kabeirehohands by the right users, and also reserves the right to issue as
well as revoke them in case of any suspected misappropriation.
Important to note also is the fact that while the public key is
used in the encryption and verification process, the private key
is used in the decryption and creation of signatures. Through the
registration authority (RA), the CA ensures that the digital
certificates that are issued are mapped to the right entities and
thereafter keeps them in a central repository from where they are
monitored and managed (Schmeh, June 2003).
Public key cryptography has been used in various areas of
internet security and by various organizations including the RSA,
CISCO and in many security applications such as email security,
Pretty Good Practice (PGP), IP sec, Transport Layer Security,
Secure Socket Layer (SSL), Secure Shell (SSH) to mention but a
few in providing the security of the information and Data
(Kessler, 2014). It therefore follows that, the use of Public Key
encryption has been very crucial in providing data and
information security to organizations such as financial
institutions, Healthy organizations that store and carry persona
8
Public Key Cryptography and Information Security Maurice Kabeirehoidentifiable data, e-commerce corporations that store business
secrets as well as governments and military organizations.
Analysis and Review
There are a number of Newsgroups and forums that are engaged
in cryptography discussions and follow-ups on the internet such
as the sci.crypt.research, sci.crypt.random-numbers as well as
other credible forums such as the security and cryptography forum
to mention but a few (Stallings, 2011). All these will provide
good literature and a scholarly analysis about the subject. Also
following up on the works of other scholars and researchers in
the field will also provide a good ground for the reviewing the
literature
First and foremost, this cryptographic system is based on
the fact that the there is need for the generation of stronger
key so as to be able to provide a stronger security. Although,
this seems to be important in the achievement of a secure and
stronger Public cryptography, it falls short of mentioning the
need to have a stable crypto-system upon which it would work.
This is because stronger keys in volatile situations can result
9
Public Key Cryptography and Information Security Maurice Kabeirehoin more chaotic systems that will not achieve the goals of the
encryption (Callas, 2007).
Also some of the public key cryptographic systems such as
the Diffie-Hellman derive its security from the hardness of the
discrete logarithm problem such that given p, g, and ga; then one
can find a, which would be the secret key to decrypting the data
(Certicom, 2008). According to (Levy, 2001), the fact that public
key encryption involves the use of randomly chosen numbers and
prime numbers whose products are used in formulating the
encryption keys, it is nearly impossible for anyone trying to
attack the system to find them. However, research carried by
others scholars indicate that despite the hardness of these
problems, the basic cryptographic functions themselves did not
provide sufficient security (Certicom 2008). Therefore, there was
need to design a careful protocol together with a methodology for
defining precisely the security objective and proving that a
protocol met that objective as set (Certicom 2008). These
statements explain the reason behind the need to carry out
further studies so as to understand the key management system and
find out ways on how it can be improved.10
Public Key Cryptography and Information Security Maurice Kabeireho
Important to note also is the fact that Public Key
cryptography assumes the fact that digital signatures will be
used as form of non-repudiation such that it will act as proof of
receipt and would not be denied. The fact that the documents or
information has been digitally received by the expected key does
not guarantee that it fell in the right hands, especially in
situations where there is no strong key management system in
place (Callas, 2007). According to callas, therefore, the future
of a better Public key cryptographic system will be dependent on
a strong key management system that will ensure that only the
right people get the keys and not the wrong ones(Callas, 2007).
Conclusion
By and large therefore, looking at the rapid rise and spread
of the internet usage in today’s world in which individuals,
governments and business organizations transact their everyday
business that involve transfer of sensitive data from one place
to another versus the increased role of hacking that has come
with sophisticated methods, it becomes prudent that research into
11
Public Key Cryptography and Information Security Maurice Kabeirehoimproved ways of keeping information and data secure be carried
out so as to help counter such rising threats. Therefore, a
research on public key cryptography (an aspect in cryptography
that uses two inversely related keys in ensuring the security of
data and information), in respect to finding a stronger key
management system, is crucial than ever as this will help to
bring about a stable cryptographic system very necessary for the
achievement of stronger keys that will provide stronger security
to the information and data.
12
Public Key Cryptography and Information Security Maurice Kabeireho
References
Callas, J. (2007). The Future of Cryptography. Information Systems
Security. 16(1), 15-22.
Retrieved December 27, 2013, doi:10.1080/10658980601051284
Certicom Corp. (2008). The Origins of Public Key Cryptography and
ECC. Retrieved from
http://www.certicom.com/index.php/component/content/
article/46-cc-volume-2-no-1/527--the-origins-of-public-key-
cryptography-and-ecc
Kessler, C. G. (January 2014). An over view of Cryptography.
Retrieved from
http://www.garykessler.net/library/crypto.html
Levy, S. (2001). Crypto: How the Code Rebels Beat the Government
- Saving Privacy in the
Digital Age. New York: Viking Penguin Publishing.
13
Public Key Cryptography and Information Security Maurice KabeirehoRobinson, S. (June 2008). Safe and Secure: Data Encryption for
Embedded Systems.
(Coverstory). EDN Europe, 53(6), 24-33. Retrieved December
27, 2013, from Academic Search Premier database.
Sen, J. (2012). Applied Cryptography and Network Security.
Retrieved form
https://www.academia.edu/2579302/
Applied_Cryptography_and_Network_Security
Schmeh, K. (June 2003). Cryptography and Public Key Infrastructure on the
Internet:
John Wiley & Sons Ltd., The Atrium, Southern Gate,
Chichester, West Sussex PO19 8SQ, England.
Stallings, W. (2011). Cryptography and Network Security:
Principles and Practice, 5TH Edition.
Pearson Education, Inc., Prentice Hall
14
Public Key Cryptography and Information Security Maurice Kabeireho
Annotated Bibliography
This annotated bibliography is prepared for the partial
fulfillment of the requirements for the degree of Doctor of 15
Public Key Cryptography and Information Security Maurice KabeirehoPhilosophy in IT with a specialization in Information Assurance
and Security.
Callas, J. (2007). The Future of Cryptography. Information Systems
Security. 16(1), 15-22.
Retrieved December 27, 2013, doi:10.1080/10658980601051284
This article explains the different scenarios about
cryptography in regard to the myth that is involved such as the
one involving the strength of the keys as a function of the
length and proposes solutions that are necessary to bring about a
stable and stronger crypto-system that will help in achieving
better information security.
The article will be very important to me in my research
towards my degree that covers public key cryptography and
information security. It will also continue to be very useful to
me in my carrier as an information security practitioner.
16
Public Key Cryptography and Information Security Maurice KabeirehoLevy, S. (2001). Crypto: How the Code Rebels Beat the Government
- Saving Privacy in the
Digital Age. New York: Viking Penguin Publishing.
This article explains the role of a stronger public key
encryption as a means of protecting individual’s privacy from
other entities including the government. It stresses that the use
of the very large numbers in combination with chosen prime
numbers in formulating the encryption key make it almost
impossible for the hackers to know the original numbers used.
It will particularly be very important to me in
understanding the role of prime numbers and the lager digits in
the attaining a better information security.
Sen, J. (2012). Applied Cryptography and Network Security.
Retrieved form
https://www.academia.edu/2579302/
Applied_Cryptography_and_Network_Security
17
Public Key Cryptography and Information Security Maurice Kabeireho
This article is published by a professional researcher and a
faculty member of the National institute of science and
technology, Computer Science and Engineering. The article
stresses the role of cryptography in finding new security
solutions as the security vulnerabilities change every day.
The article proposes several ways in which security can be
improved through research and will therefore be important to me
in my research journey in public key cryptography. The article
will also be useful for reference in my future carrier as an
information security consultant.
Schmeh, K. (June 2003). Cryptography and Public Key Infrastructure on the
Internet:
John Wiley & Sons Ltd., The Atrium, Southern Gate,
Chichester, West Sussex PO19 8SQ, England.
This article was published by a professional and researcher
in the field of Information Technology who has authored other
publications in the same field. The article talks about the
18
Public Key Cryptography and Information Security Maurice KabeirehoPublic Key Cryptography in detail and explains all the scenarios
surrounding the concept.
It will be very useful as a source of reference in my
research now as a scholar and as a future professional in the
same field. The author is reliable since it has been reviewed and
the author has a very good experience in the subject.
Stallings, W. (2011). Cryptography and Network Security:
Principles and Practice, 5TH Edition.
Pearson Education, Inc., Prentice Hall.
This article is published by an experienced author and is
peer reviewed as well. It explains the principles and practices
surrounding the role of cryptography and network security. It is
very important to me as it will be a good source of reference for
my final research paper as well my future works in the field of
information security.
19
Public Key Cryptography and Information Security Maurice KabeirehoRobinson, S. (June 2008). Safe and Secure: Data Encryption for
Embedded Systems.
(Coverstory). EDN Europe, 53(6), 24-33. Retrieved December
27, 2013, from Academic Search Premier database.
This article explains how data encryption by use of the
public key cryptography for Embedded Systems helps to keep
information and data safe and thus improving the overall security
of information.
The article will be important to me in further understanding
the role of public key encryption in attaining a better
information and data security.
Kessler, C. G. (January 2014). An over view of Cryptography.
Retrieved from
http://www.garykessler.net/library/crypto.html
The article gives a clear overview of public cryptography,
including the areas of its application and the gives relevant
examples in real world about the subject. The article in
20
Public Key Cryptography and Information Security Maurice Kabeirehoreference also explains several concepts that are used in
cryptography today.
It is very useful to me in adding to my knowledge about the
subject and will also act as reference to the most recent
literature about cryptography. The author is a credible
researcher in the field of cryptography and published several
other articles about the same subject.
Certicom Corp. (2008). The Origins of Public Key Cryptography and
ECC. Retrieved from
http://www.certicom.com/index.php/component/content/
article/46-cc-volume-2-no-1/527--the-origins-of-public-key-
cryptography-and-ecc
This article explains very well and in detail the origins of
Public Key Cryptography, giving the various stages it has gone
through up to the current state. The organization employs
numerous authors who are well qualified and experienced
publishers about the subject.
21
Public Key Cryptography and Information Security Maurice KabeirehoI will therefore use this article, as my reference to the history
of Public Key Cryptography in my paper today and in future
studies.
Acknowledgements
I would like to thank, with great honor all those who helped me
in one way or the other in making my final paper a success.
In this regard, I would like to extend my gratitude to my peers
who reviewed my work and gave me back a very constructive
feedback.
I also would like to recognize all the authors, whose works I
used to demonstrate and support my ideas.
Last but not least, I would like to thank my supervisor and
instructor, who guided me all the way until the end.
May God bless you all.
22