Understanding the Public Key Infrastructure

Richard Sinn

This article introduces the concepts of Internet security, secret key and public key encryption, digital signatures, the Public Key Infrastructure (PKI), and certificate definition. Then, an API example is provided to show how developers can obtain a Web certificate using a program.

Internet security

A lot of e-business functions can now be done online. Many users have set up accounts to check their credit card statements, shop, or pay various bills online. For most of us, as long as the Web sites are brand names and we have a user ID and password, we log in and do our online transactions. But how secure are Internet transactions?

Almost all communication over the Internet today uses Transmission Control Protocol/Internet Protocol (TCP/IP). TCP/IP is based on the traditional seven-layer Open Systems Interconnection (OSI) model, but provides a more flexible and easier to use framework to create a connection from one computer to another by routing the transactions through a variety of intermediate computing devices in separate networks. TCP/IP is the worldwide standard for basic Internet and intranet communications protocol.

The flexibility of TCP/IP, which allows data to pass through intermediate computing devices such as routers, computers, and bridges, makes it possible for a third party to interfere with Internet communications. The following are some of the common Internet security issues:

• Data eavesdropping
  In this case, a device can be placed between two computers where a TCP/IP connection is established. Data thus remains intact, but privacy is compromised. Credit card, social security, and account numbers can be stolen through eavesdropping.
  
  
• Data tampering
  A device is placed to intercept the data in transit. Data is then altered or replaced before it is sent to the recipient. For example, someone can alter the transfer amount to and from a bank account.
  
  
• Entity repudiation
  Data is passed to a person who poses as the intended recipient. TCP/IP spoofing is a common trick where someone replaces the intended recipient computer with a different machine that has the same TCP/IP configuration. Thus, all data is sent to this newly configured machine.

A set of well-established techniques and standards known as public key cryptography helps avoid the Internet security complications mentioned above.

Cryptography overview

Before we go into detail about what PKI is, let's understand the basic core of cryptography. To communicate data confidentially between two persons, one of the common ways is to perform transformation of data to gibberish-encryption. The intended recipient must be able to transform the gibberish back to its original form (decrypt) to read the sender's data. Anyone eavesdropping on the data would not be able to understand the gibberish. There are two kinds of encryption: secret key (symmetric) encryption and public key (asymmetric) encryption.

1. Secret key encryption

Secret key encryption is also called symmetric key encryption. In this encryption method, a shared secret (the secret key) is given to both the sender and the recipient before the data transit. The secret key specifies exactly how the transformation to and from gibberish is to be accomplished. The transformation to gibberish is called encryption and the transformation back to the original text is called decryption. The entire encryption and decryption algorithm is called a cipher, and the encryption and decryption process uses the same secret key. Figure 1 shows the secret key process.

2. Public key encryption

Although symmetric ciphers have advantages such as a small implementation size and fast encryption and decryption speeds, they suffer from significant drawbacks in the Internet environment. They are as follow:

• The need for secret key exchange for unknown entities
  
  Symmetric ciphers rely completely on the fact that both the sender and the recipient have the same secret key. Thus, the secret key has to be shared before the secure Internet communication happens. This additional step can be extremely difficult or highly inconvenient in most Internet environments. For example, how do business to consumer (B2C) Web sites exchange a secret key for the first-time consumer (two previously unknown entities)? As a matter of fact, this additional step of sharing a secret key poses the main barrier for Internet communication between two unknown entities.
  
  
• Security scalability
  
  In a community of 100 symmetric cipher users, each individual has to keep 100 secret keys to communicate with all the users. (Ninety-nine keys are for decryption from other users; one key is for the individual to encrypt data.) Thus, the whole community has to keep (100*100)/2 = 5,000 secret keys. To be proved by induction, a community of n users requires up to n*n/2 unique secret keys. In other words, we have to keep track of a lot of keys when using symmetric cipher for communication.

Fortunately, there is a technology called public key encryption (also called asymmetric encryption) that can solve both of these problems. Public key encryption involves a pair of keys (a public and a private key) associated with an entity that needs to authenticate its identity electronically or to sign or encrypt data. In the Internet model, a browser, such as Microsoft® Internet Explorer or Netscape® Communicator, generates the public and private key pair. The public key is published, and the corresponding private key is kept secret somewhere in your computer. Microsoft stores it in the Windows registry, and Netscape stores the key in its certificate store. Data encrypted with your public key can be decrypted only with your private key and vice versa.

Figure 2 demonstrates that you can freely distribute a public key. Only you, with the private key, are able to read data encrypted using the corresponding public key. In general, to send encrypted data over the Internet, you perform the following steps:

1. Sender downloads the recipient's public key from some repository, such as a certificate database.
2. Sender encrypts the data with that recipient's public key.
3. The recipient receiving the encrypted data decrypts it with the recipient's corresponding private key.

Using these guidelines, you can send secret data to individuals on the Internet without exchanging anything before the transaction.

Public key encryption is great, but it still has its own shortcoming. Compared with symmetric key encryption, public key encryption is based on algorithms created by RSA Data Security, which require a lot more computation and might not be appropriate for transferring large amounts of data. So, how do we take the advantages of both the symmetric key and the public key encryption? The Secure Socket Layer (SSL) protocol approach is to use the slower public key encryption to send a symmetric key (a small piece of data) between two communication parties; the parties then use the symmetric key (a faster way) to encrypt additional data that flows between them.

Digital signatures

Encryption and decryption address the problem of data eavesdropping that we mentioned before. Digital signatures can be used to address entity repudiation and data tampering.

A digital signature is analogous to a handwritten signature because a single entity can sign some data with its private key, but any number of entities can read the signature and verify its accuracy using the signer's public key. Digital signature is based on one-way hash, which is a mathematical function that provides the following properties:

• The hashed data provides a unique value. Any change in the original data (even one character) results in a different hash value.
• The content of the hashed data cannot be deduced from the hash. Thus, the hashing procedure is "one-way" only.

Using one-way hash, producing a digital signature is a two-step process:

1. The signer one-way hashes the data to a fixed-size value.
2. The signer then subjects the hashed value to a private key encryption.

Verification is a similar process:

1. The verifier uses the same one-way hash algorithm on the transmitted data to generate a fixed-size hash value.
2. The verifier uses the signer's public key to decrypt the digital signature that accompanies the transmitted data to get the decrypted hash value.
3. If the two hash values in step 1 and 2 match, signature verification is successful. If they do not match, signature verification fails.

PKI advantages

An infrastructure is a foundation or underpinning for a large environment. One good example is the electric power infrastructure. The power plant, power grid, wiring, and other devices form the electric power infrastructure that enables a user to just plug in electronic equipment to get the voltage and current needed for operation. Thus, the principle is that the infrastructure provides services so that entities can simply tap into and use it on an as-needed basis.

PKI is an infrastructure built using public key cryptography that allows users to tap in and take advantage of the security PKI offers. PKI provides three primary services:

• Authentication - The assurance to the recipient that the sender is who the sender claims to be. This is achieved by means of digital signature.
• Integrity - The assurance to the recipient that data has not been altered during Internet communication. This is achieved by means of digital signature.
• Confidentiality - The assurance to a sender and recipient that no one can read a particular piece of data except the intended recipient. This is achieved by means of encryption.

What is a Web certificate?

A Web certificate is an electronic document used to identify an individual, a company, or any other entity. Like a passport, a certificate provides generally recognized proof of an entity's identity. In the Internet world, most certificates follow the X.509 standard. An X.509 certificate binds a public key to a subject identity. A trusted third party called Certificate Authority (CA) issues certificates. A Web certificate is digitally signed by the issuer (CA) and is valid for a certain period (mostly one year). Figures 3 and 4 show what a certificate looks like using Windows graphical interfaces.

PKI uses certificates to address the problem of entity repudiation (impersonation). Certificates help prevent the use of fake public keys for impersonation. Only the public key associated and certified by the certificate works with the corresponding private key possessed by the entity identified by the certificate. The CA's digital signature enables the certificate to function as a "letter of introduction" for users who trust the CA but don't recognize the entity identified by the certificate.

Developing a program to get a certificate

So, now we know what PKI and Web certificates are. How do we get one? First, we have to find a CA that issues certificates. In the Internet model, we have to find a public CA, instead of one that only works in a private network. VeriSign is a popular vendor for providing PKI certificates (also called digital IDs) for the Internet.

Once registered with VeriSign, developers can use the VeriSign APIs to obtain a certificate through a program. Listing 1 shows C++ pseudocode on how to obtain a Web certificate using VeriSign's APIs. Visit http://www.verisign.com/enterprise/library/index.html for the full API documentation.

Listing 1: C++ pseudocode for obtaining a certificate

//
// Getting a certificate from CA and save to a file in C++
//

//
// Read all the certificate name and value pairs from a text file.
//
ReadNameValuePair(...);

//
// Sign the pairs we read in
//
// In this API, given a list of name and value pairs,
// it returns a signed and encrypted CRS PKCSReq message 
// in PKCS10 format. This is the request for a certificate.
//
VSAA_EncodePKCSReq(...);

//
// Network call to CA for certificate request
//
// This API sends CRS request messages to crs.exe 
// and receives a returned CRS response from crs.exe. 
//
VSAA_ExchangeMsg(...);

//
// This API decodes the response from the CA and verifies the input
// data using the signing tool. The output will be in PKCS7 format.
//
VSAA_DecodeCertRep(...);

//
// This API extracts the certificate from the PKCS7 construct.
//
VSAA_ExtractCert(...);

Conclusion

PKI in e-business is becoming one of the hottest fields. This article gives an introduction to different technologies used in PKI and some pointers on where to look for additional information.

For more information

• VeriSign for CA information
• Oblix for certificate-based authentication information
• RSA for various Web security information, including the Public Key Cryptography Standards (PWCS)
• The International PGP Home Page
• DeveloperToolbox article, "Exploiting SSL in Java"
• DeveloperToolbox article, "Certification paths: Weaving a web of trust for e-business"

Meet the author

Richard Sinn is a Senior Software Engineer with Oblix Inc, a Silicon Valley e-business infrastructure start-up company. He is also a lecturer at San Jose State University and a freelance writer for different magazines, books, and journals. Richard was an adjunct Professor at the University of Minnesota while he worked at IBM Rochester and IBM Silicon Valley Laboratory. He can be reached at webmaster@openloop.com or at his Web site.