Posts Tagged public key
Our CTK also supports traditional asymmetric (public-key) cryptographic signatures as yet
another possible technique for address authentication. Note that, unlike in the traditional
signature methods mentioned in the introduction, there is no need to bind the key to a
real-world identity – the key needs only to be bound to an email address the user has
already established a trusting relationship with. The creation of this trusting
relationship could take place in many different waysout of band, using a trust/risk
security framework as described in the next section, or using a CTK bootstrapping protocol
using C/R, which this time can be based on a cryptographic nonce challenge signed by the
receiver’s private key. The response must be signed by the sender’s private key and once
the bootstrapping is completed, it may be sufficient to rely on local checks of shared
hashes of past messages and not use challenge/response each time an email is received.
The extended sequence is described in Fig. 1.
Claim Tool Kit(CTK)
Fig. 1. Extended Newcomer Bootstrapping Sequence
By using a suitable trust-establishment protocol, effectively the requirement is changed
from the need to authenticate a realworld identity to the ability to recognise a
triggering entity for whom trust information can then be accessed. To allow for dynamic
enrolment of strangers and unknown entities (as it is required in the standard email system),
we have proposed an entity recognition (ER) process.
The ER process consists of four steps:
1. Triggering of the recognition mechanism.
2. Detective Work to recognize the entity using the available recognition scheme(s).
3. Discriminative Retention of information relevant for possible recall or recognition.
4. Upper-level Actions based on the outcome of recognition with a level of confidence in recognition.
Generally, in order to increase the level of confidence in whether it is a spoofing attack
or not, challenge/response, check of common hashes and signature verification as well as other
recognition/authentication schemes may be combined.
Before exploring quantum key distribution, it is important to understand the state
of modern cryptography and how quantum cryptography may address current
digital cryptography limitations. Since public key cryptography involves complex
calculations that are relatively slow, they are employed to exchange keys rather
than for the encryption of voluminous amounts of date. For example, widely
deployed solutions, such as the RSA and the Diffie-Hellman key negotiation
schemes, are typically used to distribute symmetric keys among remote parties.
However, because asymmetric encryption is significantly slower than symmetric
encryption, a hybrid approach is preferred by many institutions to take advantage
of the speed of a shared key system and the security of a public key system for
the initial exchange of the symmetric key. Thus, this approach exploits the speed
and performance of a symmetric key system while leveraging the scalability of a
public key infrastructure.
However, public key cryptosystems such as RSA and Diffie-Hellman are not
based on concrete mathematical proofs. Rather, these algorithms are
considered to be reasonably secure based on years of public scrutiny over the
fundamental process of factoring large integers into their primes, which is said to
be “intractable”. In other words, by the time the encryption algorithm could be
defeated, the information being protected would have already lost all of its value.
Thus, the power of these algorithms is based on the fact that there is no known
mathematical operation for quickly factoring very large numbers given today’s
computer processing power.
Secondly, there is uncertainty whether a theorem may be developed in the future
or perhaps already available that can factor large numbers into their primes in a
timely manner. At present, there is no existing proof stating that it is impossible
to develop such a factoring theorem. As a result, public key systems are thus
vulnerable to the uncertainty regarding the future creation of such a theorem,
which would have a significant affect on the algorithm being mathematical
intractable. This uncertainty provides potential risk to areas of national security
and intellectual property which require perfect security.
In sum, modern cryptography is vulnerable to both technological progress of
computing power and evolution in mathematics to quickly reverse one way
functions such as that of factoring large integers. If a factoring theorem were
publicized or computing became powerful enough to defeat public cryptography,
then business, governments, militaries and other affected institutions would have
to spend significant resources to research the risk of damage and potentially
deploy a new and costly cryptography system quickly.