Encryption: Strengths and Weaknesses of

Public-key Cryptography
Matt Blumenthal
Department of Computing Sciences
illano!a "ni!ersity# illano!a# P$ %&'()
CSC *&&' + Computing ,esearch -opics
matthe./blumenthal0!illano!a/edu
$bstract
Public key cryptography has become an important means of ensuring confidentiality# notably
through its use of key distribution/ 1t also features digital signatures allo.ing users to sign keys
to !erify their identities/ -his research presents recent inno!ations in the field of public-key
cryptography and analy2es their shortcomings/ We present t.o techni3ues that impro!e upon
these shortcomings# double encryption and mutual authentication/ -hese contributions introduce
ne. le!els of security by combating man-in-the-middle attacks and other hacker scenarios/
%/ 1ntroduction
Public key cryptography has become an important means of ensuring
confidentiality# notably through its use of key distribution/ 4ey distribution is an
approach .here users seeking pri!ate communication e5change encryption keys# .hile
digital signatures allo. users to sign keys to !erify their identities/ -his research
e5plores the strengths and .eaknesses of public key cryptography# e5amining potential
fla.s and methods of correcting them/
6/ Secret-key Cryptography
Secret-key cryptography# also kno.n as symmetric-key cryptography# employs
identical pri!ate keys for users# holding uni3ue public keys/ -he term symmetric-key
refers to the identical pri!ate keys shared by users/ "sers employ public keys for the
encryption of data# .hile the pri!ate keys ser!e a necessary purpose in the decryption of
data/ People .ishing to engage in a secure e5change of information .ill s.ap public
keys and use some method to ensure the e5istence of identical pri!ate keys/ 1n theory#
pri!ate keys .ould be brought into the transaction through either the duplication of an
e5isting key or the creation of t.o identical keys/ 1n modern practice# users utili2e key
generators to create both keys# but the pri!ate keys must still be distributed in a
confidential mode/
6/% Strengths
-he pri!ate keys used in symmetric-key cryptography are robustly resistant to
brute force attacks/ While the one-time pad# .hich combines plainte5t .ith a random
key# holds secure in the face of any attacker regardless of time and computing po.er#
symmetric-key algorithms are generally more difficult to crack than their public-key
counterparts/ $dditionally# secret-key algorithms re3uire less computing po.er to be
created compared to e3ui!alent pri!ate keys in public-key cryptography/ 789
6/6 Weaknesses
-he biggest obstacle in successfully deploying a symmetric-key algorithm is the
necessity for a proper e5change of pri!ate keys/ -his transaction must be completed in a
secure manner/ 1n the past# this .ould often ha!e to be done through some type of face-
to-face meeting# .hich pro!es 3uite impractical in many circumstances .hen taking
distance and time into account/ 1f one assumes that security is a risk to begin .ith due to
the desire for a secret e5change of data in the first place# the e5change of keys becomes
further complicated 7:9/
$nother problem concerns the compromise of a pri!ate key/ 7:9 1n symmetric-
key cryptography# e!ery participant has an identical pri!ate key/ $s the number of
participants in a transaction increases# both the risk of compromise and the conse3uences
of such a compromise increase dramatically/ Each additional user adds another potential
point of .eakness that an attacker could take ad!antage of/ 1f such an attacker succeeds
in gaining control of ;ust one of the pri!ate keys in this .orld# all users# .hether hundreds
or more of them or only a fe.# are completely compromised/
*/ Public-key Encryption
*/% Summary
4<chlin introduces the foundations of public-key encryption and presents ,S$ as
an early method of transmitting secret messages o!er insecure channels 7:9/ -he author
recogni2es that unauthori2ed users can attempt to intercept messages# and de!ises this
public-key method for ensuring that such users .ill not be able to interpret the contents
of the message 7:9/ -he author=s public-key method consists of separate encryption and
decryption keys# .ith users only being able to decrypt an encrypted message if they ha!e
the appropriate decryption key 7:9/ "sers .ill ha!e to e5change public keys> this
transaction does not need to be done in a secure manner because the release of public
keys does not threaten the security of any pri!ate information/ $fter this s.ap# someone
.ho .ishes to send pri!ate information to another user .ill encrypt the data .ith the
intended recipient=s public key and then pass along the encrypted message/ -he recipient#
.ho .ill keep his or her pri!ate key secure under any circumstance# can use the pri!ate
key to decrypt the encoded message/ 4<chlin introduces separate algorithms for
generating encryption and decryption keys as .ell as an algorithm for encryption and
decryption key pairs 7:9/
*/6 Strengths
-he asymmetric nature of public-key cryptography allo.s it a si2able ad!antage
o!er symmetric-key algorithms/ -he uni3ue pri!ate and public keys pro!ided to each
user allo. them to conduct secure e5changes of information .ithout first needing to
de!ise some .ay to secretly s.ap keys/ -his glaring .eakness of secret-key
cryptography becomes a crucial strength of public-key encryption 7:9/
*/* Weaknesses
4eys in public-key cryptography# due to their uni3ue nature# are more
computationally costly than their counterparts in secret-key cryptography/ $symmetric
keys must be many times longer compared to keys in secret-cryptography in order to
ensure e3ui!alent security 7:9/ 4eys in asymmetric cryptography are also more
!ulnerable to brute force attacks than in secret-key cryptography/ -here e5ist algorithms
for public-key cryptography that allo. attackers to crack pri!ate keys faster than a brute
force method .ould re3uire/ -he .idely used and pioneering ,S$ algorithm is indeed
susceptible to attacks in less than brute force time 789/ While generating longer keys in
other algorithms .ill usually pre!ent a brute force attack from succeeding in any
meaningful length of time# these computations become more intensi!e/ -hese longer
keys can still !ary in effecti!eness# depending on the computing po.er a!ailable to an
attacker/
Public-key cryptography is also !ulnerable to !arious attacks# such as the man-in-
the-middle attack 789/ 1n this situation# a malicious third party intercepts a public key on
its .ay to one of the parties in!ol!ed/ -he third party can then instead pass along his or
her o.n public key .ith a message claiming to be from the original sender/ $n attacker
can use this process at e!ery step of an e5change in order to successfully impersonate
each member of the con!ersation .ithout any other parties becoming a.are of this
deception/ 789
8/ Digital Signatures
Digital signatures act as a !erifiable seal or signature to confirm the authenticity
of the sender and the integrity of the message/ "sers .ho .ish to !erify their identity
.hen sending a protected message can encrypt the information .ith their pri!ate key/
-he recipient can then decrypt the message .ith the sender=s public key in order to
confirm the sender=s identity and the integrity of the message 7%9/
8/% Strengths
Digitally signing a message protects the message in that e!en if someone
intercepted the message before it reached the intended destination and modified it# the
digital seal .ould be broken and the recipient .ould ha!e this reali2ation after attempting
to !erify the seal .ith the sender=s public key/ -he digital signature pro!es the identity of
the sender because only the true sender .ould ha!e been able to sign the message .ith
his or her pri!ate key# e5cept in the e!ent of a compromise/ 7%9
8/6 Weaknesses
-he most serious problems .ith digital signatures stem from their lack of inherent
time stamping/ 1f an unauthori2ed entity gains access to someone=s pri!ate key# he or she
could send an array of fake messages and sign them .ith someone else=s pri!ate key#
successfully posing as that other person/ -he indi!idual .hose pri!ate key .as stolen is
unable to repudiate the false messages .ithout ha!ing to start o!er and generate a ne.
pri!ate key/ -o complicate matters# it is impossible to intrinsically separate the fake
messages from real ones sent before the compromise because of the absence of time
stamping in digital signatures/ 7%9
8/* Proposals
Booth e5amines a proposed encryption method using double encryption# in .hich
a user .ho .ishes to send an encrypted message to another user .ill encrypt the message
.ith his or her o.n pri!ate key and .ith the user=s public key 7%9/ -he recei!er .ill then
decrypt the message using his or her o.n pri!ate key and the sender=s public key 7%9/
-his article reali2es the problem posed by compromised keys# as either user=s pri!ate key
falling into the .rong hands can lead to disaster/ 1t proposes a central authentication
ser!er# .hich .ill recei!e encrypted messages directly from users# !erify that the
message has been signed .ith the sender=s current pri!ate key# and then attach the
recei!er=s public key and for.ard the message to its intended destination 7%9/ -his
authentication method supercedes the need for an authentication ser!er .ith a net.ork
clock or an archi!e of compromised keys because as long as it recei!es notice of all
compromises# pre!ious messages .ill ha!e already been !alidated 7%9/
)/ Certificate $uthorities
Certificate authorities act as trusted third parties that !erify the identity of the
sender of an encrypted message and issue digital certificates as e!idence of authori2ation/
-hese digital certificates contain the public key of the sender# .hich is then passed along
to the intended recipient/
)/% Strengths
-he issuing of digital certificates allo.s certificate authorities to play an
important role in pre!enting man-in-the-middle attacks/ 789 Certificate authorities ha!e
been implemented in the online en!ironment in protocols such as Secure Socket ?ayer
@SS?A and its successor -ransport ?ayer Security @-?SA# .hich ha!e been impro!ed
security in .eb bro.sing# email# and other methods of data e5change/
)/6 Weaknesses
While certificate authorities aid greatly in the realm of security# they also ser!e as
another potential point of attack/ Certificate authorities can be !ulnerable to attackers in
certain scenarios# and .hen compromised# can be forced to issue false certificates/ Man-
in-the-middle attackers .ho succeed in compromising a certificate authority can use
these false certificates to discreetly impersonate each member of the information
e5change/ "sers .ho are decei!ed .ill be e!en less likely to suspect anything than in a
normal man-in-the-middle attack# gi!en the assumed security of the certificate authority/
789
)/* Proposals
Bale!i and 4ra.c2yk e5plore an asymmetric case .here an authentication ser!er
holds pri!ate keys .hile users use only pass.ords as authentication 789/ -hey define a
pass.ord-based authentication protocol .here the ser!er uses its o.n public key to
authenticate the user=s pass.ord# rather than using the user=s pass.ord as a key to the
cryptographic function# .hich .ould be a !ulnerable and ineffecti!e solution 789/ -hey
also look at a similar approach that uses mutual authentication in .hich the ser!er
possesses both public and pri!ate keys# and the user and ser!er authenticate each other/
-he authors pro!e that such systems could still be susceptible to a typical man-in-
the-middle approach# .here a hacker intercepts messages and replaces them .ith his o.n
in order to gain an ad!antage# or other online hacker scenarios 789/ While these systems
ha!e fla.s# hackers .ould gain no added ad!antage from using an offline pass.ord
guessing approach that uses computational po.er to find meaningful pattern 789/ Such an
attack can be a more effecti!e approach than online attacks against some other security
methods 789/
Boyarsky analy2es Bale!i and 4ra.c2yk=s paper and disco!ers that their proposal
of an asymmetric user-ser!er relationship using ser!er keys and a public pass.ord can
become insecure .hen multiple users are introduced to the user-ser!er scenario# .ith
impersonation becoming a real possibility 769/ Boyarsky e5amines the break in the
pre!ious solution# identifying the break as an attacker possibly simulating successful user
logins and using this ability to learn the secret pass.ord 769/ Boyarsky proposes a
method that uses the ser!er=s public key for signing a user=s session key/ -his system
.ould employ one-time keys# .ith both the ser!er and user choosing fresh pri!ate and
public keys for the e5change# .hose security relies on the user=s pass.ord 769/ -his
approach e5pands on Bale!i and 4ra.c2yk=s method# con3uering the .eakness through
the additional key e5change/
:/ Cuture Work
Ber2berg# et al/ reali2e the problems presented by the necessity of keeping a
pri!ate key used in public-key cryptography secret for a long time# and present proacti!e
public key systems that re3uires more successful hacker attacks in a shorter period of
time in order to obtain the pri!ate key 7)9/ -heir method builds on threshold
cryptography# .hich they introduce as a method .here many users recei!e parts of the
key in order to protect against any single failure point# but they understand that attackers
.ill still ha!e plenty of time to break the system in certain cases 7)9/ -he paper presents
a proacti!e system that updates the shares periodically in such a .ay that they are
rene.ed but their shared secret does not change 7)9/ -his robust system meaningfully
protects the key# but it does so by transferring the emphasis on security to e5ternal hosts/
1t assumes the security on the ser!ers in .hich the shares are stored is sufficient# .hich in
a large scale operation is usually sufficient/ Cor more typical users# ho.e!er# ha!ing
robust security in se!eral places is a more difficult re3uirement to meet/
Cuture .ork .ill be done on Ber2berg et al/=s idea concerning proacti!e public
key systems/ ,esearch in this area .ill be performed to assess the idea=s practicality/
-heir research holds numerous optimistic positions that .ould correct the problems
surrounding a third party relationship/ Canetti# et al/ borro.ed from Ber2berg# et al/=s
proacti!e method by introducing a for.ard secure scheme 7*9/ -his proposal suggests the
generation of ne. secret keys at certain inter!als# resulting in the protection of data
encrypted at pre!ious inter!als 7*9/ Canetti# et al/=s suggestion relies on more practical
methods than Ber2berg# et al/=s# and could be more easily implemented on a smaller
scale/
D/ Conclusions
Public-key cryptography has e!ol!ed from early models such as 4<chlin=s to
more sophisticated systems that guarantee the pri!acy and data security that .e need in
the modern .orld/ Secret-key cryptography lags behind asymmetric cryptography/
Combinations of the t.o can be implemented for impro!ed security# as secret-key
cryptography by itself pro!es insecure against man-in-the-middle attacks/ $symmetric
cryptography has been the foundation for secure data e5change o!er net.orks# and .hile
it still has its shortcomings# ne. ideas still come forth as the field continues to e!ol!e/
,eferences
7%9 4ellogg S/ Booth# E$uthentication of signatures using public key encryption#F
Communications of the $CM# pp/ DD6-DD8# Go!ember %&(%/
769 Mauri2io 4liban Boyarsky# EPublic-key cryptography and pass.ord protocols: the
multi-user case#F Proceedings of the :th $CM conference on Computer and
communications security CCS H&&# pp/ :*-D6# Go!ember %&&&/
7*9 ,an Canetti# Shai Bale!i# Ionathan 4at2# E$ Cor.ard-Secure Public-4ey Encryption
Scheme#F $d!ances in Cryptology - Eurocrypt 6''*: 1nternational Conference on
the -heory and $pplications of Cryptographic -echni3ues# pp/ 6))-6)(# 6''*/
789 Shai Bale!i and Bugo 4ra.c2yk# EPublic-key cryptography and pass.ord protocols#F
$CM -ransactions on 1nformation and System Security# pp/ 6*'-6:(# $ugust %&&&/
7)9 $mir Ber2berg# Markus Iakobsson# StanislJa. Iarecki# Bugo 4ra.c2yk# Moti Kung#
EProacti!e public keys and signature systems#F Conference on Computer and
Communications Security# pp/ %''-%%'# %&&D/
7:9 W/ 4<chlin# EPublic key encryption#F $CM S1LS$M Bulletin# pp/ :&-D*# $ugust
%&(D/