DCOM Explained
by Rosemary Rock-Evans Digital Press ISBN: 1555582168 Pub Date: 09/01/98 |
Previous | Table of Contents | Next |
Clearly, this last point is important. The last thing you want to do is have the secret keys themselves downloaded over the line to the person, as you have no way of protecting them while you are doing this. By using public key encryption, you avoid having to do this and are able to open up access to previously unknown usersif this is what you want to do. This means that a company can, for example, accept orders from customers who have not registered as users with it (but who can be authenticated using a TTP and the persons public key), and those orders can be encrypted as they pass over the network. This means that the person can place credit card information or other sensitive data on the order and know it is being transported confidentially.
There are, however, some problems with public keys. Public key algorithms are slowat least a thousand times slower than the symmetric algorithms used in secret key cryptography and, as we saw, are quite difficult to administer, needing a secure up-to-date Directory accessible by the sender and recipient.
Some well-known public key algorithms in use today include:
Secret key-In this approach each party to the conversation has access to the same secret key, which is used to both encrypt and decrypt the message. A message from a sender is encrypted using the secret key and the encryption algorithm. The message is then decrypted by the receiver using the decryption algorithm and the same secret key. The algorithms are freely available, in that they can be obtained from third-party vendors or standards bodies.
The secret key is thus the most important part of the process, as it is the secret key that the two parties have agreed upon that determines how secure the message actually is. Usually, what determines the degree of security offered is the length of the key. The longer the key, the more difficult it is to crack by an intruderhence the arguments over 40 bit and 56 bit keys. The main symmetric algorithms used today in security products include:
Work is also underway in the U.S. Department of Commerce to produce, through NIST, an Advanced Encryption Standard (AES), which will be a publicly available symmetric block cipher with a key length that can be increased when needed. One of the more interesting pieces of information is that the RC5 algorithm used with a key length of 40 bits has been broken in 3.5 hours, whereas RC5 with a key length of 48 bits was broken after only 13 days. Size in this case clearly matters!
Integrity checking
One of the most frequently used methods of checking integrity is the check sumthe contents are summed using a specific algorithm on sending the message and the check sum is added to the message. On receipt, the message is again summed using the same algorithm to see if the check sum on the message and that obtained is the same.
Another way of checking integrity is to apply a hash function. In this case, a variable length input string (the message) is converted by the hashing algorithm to a fixed length (and smaller!) output string. Both sender and receiver create the hash value. The check on integrity value can be achieved either by sending the hash value with the message (the normal approach) or by the sender and receiver comparing hash values.
You will notice in the table that straightforward integrity checking using these two approaches can be used to ensure the message has not been inadvertently corrupted en route, but to ensure it is not tampered with, both integrity checking and encryption may need to be used. If the hashing total or check sum are passed over the network with the message and the interloper has access to the hashing or check sum algorithm, he or she can tamper with the message and then recompute the check sum or hash figure. If, however, both message and check sum are encrypted, the interloper cannot tamper with the messageas he or she is unable to decipher it.
Two commonly used hashing algorithms are MD4 and MD5 (Message Digest), which produce 128 bit hashes of the input message. These are supplied by RSA Data security. Another well-known hashing algorithm is SHA (Secure Hashing Algorithm), which comes in various versions. SHA-1, for example, uses 160 bit hashes of data.
Previous | Table of Contents | Next |