A Cryptography Primer

Because cryptographic concepts are used throughout the remaining sections of this chapter, a few definitions will be helpful. Cryptography can be used to provide confidentiality, integrity, authenticity, and nonrepudiation. To begin with, cryptography relies on encryption to provide confidentiality of data. A secret key is used to encrypt the data according to some algorithm. The concerned party assumes that the details of the cryptographic algorithm are publicly known. Therefore, confidentiality is maintained only if the secret is not divulged or discovered and if the algorithm is sufficiently strong to resist attacks. More specifically, the algorithm must be such that decryption without the secret key is computationally infeasbile and that discovery of the key is equally difficult even if the attacker is given significant amounts of cleartext and ciphertext.

A distinction is made between symmetric cryptography and asymmetric cryptography. The same secret key is used for both encryption and decryption in symmetric cryptography. Different keys are used for encryption and decryption in asymmetric cryptography. Thus, symmetric cryptography requires that the communicating parties share a secret key; whereas asymmetric cryptography requires at least one key pair for successful communication.

Many popular symmetric encryption algorithms are used, although DES is the most widely known and deployed. RSA public-key cryptography based on work done by Rivest, Shamir, and Adleman (1977) is the famous example of asymmetric cryptography. A recurring and difficult problem in cryptography is distribution of the initial shared secret. With symmetric cryptography, the complexity of the problem increases as the number of communicating parties grows. Public-key cryptography partially eliminates this problem because the keys used in the key pair have interesting mathematical properities. One member of the key pair, the public key, can be broadcast to a broad audience in any desired fashion. The other half of the pair, the private key, is kept secret by its owner. The keys are mathematically related so that if one key is used for encryption, the corresponding key can be used for decryption using the RSA algorithms. Also, it is computationally infeasbile to derive one key given the other.

To communicate with a stranger in a secure fashion, you would first obtain this person’s public key, encrypt the message, and forward the message using any preferred means including unsecure networks. The recipient decrypts the message using the private key. A message sent from the stranger is encrypted with your public key and decrypted by you with your private key when it arrives.

Because no key pairs are alike, you can first encrypt a message with your private key and then encrypt the result with the sender’s public key. The doubly encrypted message after being delivered to the addressee is first decrypted with the private key of the recipient and then decrypted with your public key. In addition to other benefits, this protocol can be used to assert that no one other than you could have possibly sent the original message (nonrepudiation). Cryptography also is used to provide digital signatures using this technique. That is, if you sign a message using your private key and a cryptographic hash function, or if you encrypt a message with your private key, you cannot later disclaim the results.

Because public-key algorithms are not as fast as symmetric algorithms, both approaches are often employed in communications protocols. Public-key techniques are used to deliver a limited secret key that is then used for the communication session. Depending on the amount of secrecy required, you can even change the key on each message exchange to obtain one-time password support.

An interesting post to the Internet suggests that the U.S. and U.K. governments were working on public-key techniques in 1970 and possibly earlier (www.cesg.gov.uk/ellisint.htm).

Kerberos

Kerberos is a centralized server for authenticating entities and for enabling secure communications between entities in the network. To accomplish this, Kerberos provides an Key Distribution Center (KDC) that fulfills two roles. First, the KDC contains hashed password values that are used to authenticate users during login. Next, the KDC also distributes a shared secret to communicating parties when a secure session is needed. The secret is used for encryption or message integrity computations when the parties exchange messages. The Kerberos server is assumed to be running on a physically secure server in the network. To prevent password cracking attempts, information stored in the server’s database is encrypted using a secret chosen at installation time. Remember that this type of encryption was one of the recommendations for improving the security of reusable passwords.

Kerberos relies on reusable passwords to initially authenticate entities such as users in the network. When a user completes the login process, though, the password is no longer needed. Instead, the KDC generates a unique session key that is the shared secret between communicating entities. A given session key might encrypt several different messages between the two ends of the communication channel. However, when the last message is sent, and the session is terminated, the session key can be discarded. This process is more secure than relying on the same secret for each communication session between two endpoints. Also, the Kerberos server “forgets” any session keys it has generated for other entities to use.

Unlike NIS, which is really just a different data store for the same information found in /etc/passwd or /etc/group, Kerberos is an alternative I&A repository that introduces its own notions of subjects and objects. The authoritative scope of a Kerberos authentication server is called its realm. The subject in Kerberos is called a principal. More than one instance of a given principal can exist, so the pair {principal, instance} uniquely defines a subject in a Kerberos realm. Principals are identified using a string name, just like the username in UNIX or NT. The KDC server shares a master key secret with each principal in the realm. For simplicity and without loss of generality, the remaining discussions assume that a single instance of each principal is in the realm. By introducing its own notions of subjects and objects, Kerberos is adding a new security model to your site. For this reason, you will want to critically examine how Kerberos works and how it is integrated into your site.