Public key infrastructure
Public Key Infrastructure (PKI) is a framework that enables integration of various services that are related to cryptography.
The aim of PKI is to provide confidentiality, integrity, access control, authentication, and most importantly, non-repudiation.
Non-repudiation is a concept, or a way, to ensure that the sender or receiver of a message cannot deny either sending or receiving such a message in future. One of the important audit checks for non-repudiation is a time stamp. The time stamp is an audit trail that provides information of the time the message is sent by the sender and the time the message is received by the receiver.
Encryption and decryption, digital signature, and key exchange are the three primary functions of a PKI.
RSS and elliptic curve algorithms provide all of the three primary functions: encryption and decryption, digital signatures, and key exchanges. Diffie-Hellmen algorithm supports key exchanges, while Digital Signature Standard (DSS) is used in digital signatures.
Public Key Encryption is the encryption methodology used in PKI and was initially proposed by Diffie and Hellman in 1976. The algorithm is based on mathematical functions and uses asymmetric cryptography, that is, uses a pair of keys.
The image above represents a simple document-signing function. In PKI, every user will have two keys known as “pair of keys”. One key is known as a private key and the other is known as a public key. The private key is never revealed and is kept with the owner, and the public key is accessible by every one and is stored in a key repository.
A key can be used to encrypt as well as to decrypt a message. Most importantly, a message that is encrypted with a private key can only be decrypted with a corresponding public key. Similarly, a message that is encrypted with a public key can only be decrypted with the corresponding private key.
In the example image above, Bob wants to send a confidential document to Alice electronically. Bob has four issues to address before this electronic transmission can occur:
- Ensuring the contents of the document are encrypted such that the document is kept confidential.
- Ensuring the document is not altered during transmission.
- Since Alice does not know Bob, he has to somehow prove that the document is indeed sent by him.
- Ensuring Alice receives the document and that she cannot deny receiving it in future.
PKI supports all the above four requirements with methods such as secure messaging, message digests, digital signatures, and non-repudiation services.
To ensure that the document is protected from eavesdropping and not altered during the transmission, Bob will first encrypt the document using Alice’s public key. This ensures two things: one, that the document is encrypted, and two, only Alice can open it as the document requires the private key of Alice to open it. To summarize, encryption is accomplished using the public key of the receiver and the receiver decrypts with his or her private key. In this method, Bob could ensure that the document is encrypted and only the intended receiver (Alice) can open it. However, Bob cannot ensure whether the contents are altered (Integrity) during transmission by document encryption alone.
In order to ensure that the document is not altered during transmission, Bob performs a hash function on the document. The hash value is a computational value based on the contents of the document. This hash value is known as the message digest. By performing the same hash function on the decrypted document the message, the digest can be obtained by Alice and she can compare it with the one sent by Bob to ensure that the contents are not altered.
This process will ensure the integrity requirement.
In order to prove that the document is sent by Bob to Alice, Bob needs to use a digital signature. Using a digital signature means applying the sender’s private key to the message, or document, or to the message digest. This process is known as as signing. Only by using the sender’s public key can the message be decrypted.
Bob will encrypt the message digest with his private key to create a digital signature. In the scenario illustrated in the image above, Bob will encrypt the document using Alice’s public key and sign it using his digital signature. This ensures that Alice can verify that the document is sent by Bob, by verifying the digital signature (Bob’s private key) using Bob’s public key. Remember a private key and the corresponding public key are linked, albeit mathematically. Alice can also verify that the document is not altered by validating the message digest, and also can open the encrypted document using her private key.
Message authentication is an authenticity verification procedure that facilitates the verification of the integrity of the message as well as the authenticity of the source from which the message is received.
By digitally signing the document, Bob has assured that the document is sent by him to Alice. However, he has not yet proved that he is Bob. To prove this, Bob needs to use a digital certificate.
A digital certificate is an electronic identity issued to a person, system, or an organization by a competent authority after verifying the credentials of the entity. A digital certificate is a public key that is unique for each entity. A certification authority issues digital certificates.
In PKI, digital certificates are used for authenticity verification of an entity. An entity can be an individual, system, or an organization.
An organization that is involved in issuing, distributing, and revoking digital certificates is known as a Certification Authority (CA). A CA acts as a notary by verifying an entity’s identity.
One of the important PKI standards pertaining to digital certificates is X.509. It is a standard published by the International Telecommunication Union (ITU) that specifies the standard format for digital certificates.
PKI also provides key exchange functionality that facilitates the secure exchange of public keys such that the authenticity of the parties can be verified.
Key management procedures
Key management consists of four essential procedures concerning public and private keys. They are as follows:
- Secure generation of keys—Ensures that private and public keys are generated in a secure manner.
- Secure storage of keys—Ensures that keys are stored securely.
- Secure distribution of keys—Ensures that keys are not lost or modified during distribution.
- Secure destruction of keys—Ensures that keys are destroyed completely once the useful life of the key is over.
Type of keys
NIST Special Publication 800-57 titled Recommendation for Key Management – Part 1: General specifies the following nineteen types of keys:
- Private signature key—It is a private key of public key pairs and is used to generate digital signatures. It is also used to provide authentication, integrity, and non-repudiation.
- Public signature verification key—It is the public key of the asymmetric (public) key pair. It is used to verify the digital signature.
- Symmetric authentication key—It is used with symmetric key algorithms to provide assurance of the integrity and source of the messages.
- Private authentication key—It is the private key of the asymmetric (public) key pair. It is used to provide assurance of the integrity of information.
- Public authentication key—Public key of an asymmetric (public) pair that is used to determine the integrity of information and to authenticate the identity of entities.
- Symmetric data encryption key—It is used to apply confidentiality protection to information.
- Symmetric key wrapping key—It is a key-encryptin key that is used to encrypt the other symmetric keys.
- Symmetric and asymmetric random number generation keys—They are used to generate random numbers.
- Symmetric master key—It is a master key that is used to derive other symmetric keys.
- Private key transport key—They are the private keys of asymmetric (public) key pairs, which are used to decrypt keys that have been encrypted with the associated public key.
- Public key transport key—They are the public keys of asymmetric (public) key pairs that are used to decrypt keys that have been encrypted with the associated public key.
- Symmetric agreement key—It is used to establish keys such as key wrapping keys and data encryption keys using a symmetric key agreement algorithm.
- Private static key agreement key—It is a private key of asymmetric (public) key pairs that is used to establish keys such as key wrapping keys and data encryption keys.
- Public static key agreement key— It is a public key of asymmetric (public) key pairs that is used to establish keys such as key wrapping keys and data encryption keys.
- Private ephemeral key agreement key—It is a private key of asymmetric (public) key pairs used only once to establish one or more keys such as key wrapping keys and data encryption keys.
- Public ephemeral key agreement key—It is a public key of asymmetric (public) key pairs that is used in a single key establishment transaction to establish one or more keys.
- Symmetric authorization key—This key is used to provide privileges to an entity using symmetric cryptographic method.
- Private authorization key—It is a private key of an asymmetric (public) key pair that is used to provide privileges to an entity.
- Public authorization key—It is a public key of an asymmetric (public) key pair that is used to verify privileges for an entity that knows the associated private authorization key.
Key management best practices
Key Usage refers to using a key for a cryptographic process, and should be limited to using a single key for only one cryptographic process. This is to ensure that the strength of the security provided by the key is not weakened.
When a specific key is authorized for use by legitimate entities for a period of time, or the effect of a specific key for a given system is for a specific period, then the time span is known as a cryptoperiod. The purpose of defining a cryptoperiod is to limit a successful cryptanalysis by a malicious entity.
Cryptanalysis is the science of analyzing and deciphering code and ciphers.
The following assurance requirements are part of the key management process:
- Integrity protection—Assuring the source and format of the keying material by verification
- Domain parameter validity—Assuring parameters used by some public key algorithms during the generation of key pairs and digital signatures, and the generation of shared secrets that are subsequently used to derive keying material
- Public key validity—Assuring that the public key is arithmetically correct
- Private key possession—Assuring that the possession of the private key is obtained before using the public key
Cryptographic algorithm and key size selection are the two important key management parameters that provide adequate protection to the system and the data throughout their expected lifetime.
A cryptographic key goes through different states from its generation to destruction. These states are defined as key states. The movement of a cryptographic key from one state to another is known as a key transition.
NIST SP800-57 defines the following six key states:
- Pre-activation state—The key has been generated, but not yet authorized for use
- Active state—The key may used to cryptographically protect information
- Deactivated state—The cryptoperiod of the key is expired, but the key is still needed to perform cryptographic operations
- Destroyed state—The key is destroyed
- Compromised state—The key is released or determined by an unauthorized entity
- Destroyed compromised state—The key is destroyed after a compromise or the comprise is found after the key is destroyed