We won't get very far in our security discussions without bumping into shared key and public key technologies. They, in turn, stem from cryptography. We will briefly introduce these concepts here so that we can apply them where needed throughout the rest of the book.Cryptography
Cryptology is the branch of mathematics focused on designing algorithms to keep information (data) secret. Cryptography is the work of applying these algorithms to secure systems, protocols, applications, and messages (Footnote 4).
The first and most important area of cryptography to discuss is encryption. Encryption is the basis for XML Encryption and also for XML Signature, which encrypts a digested form of a message. The message digest encrypted in a digital signature is created using another important cryptographic algorithm called a hash function, which is a special class of one-way function that creates a fixed-size (small) output that is unique for all input messages and that is not, in practice, reversible. In the Web services arena, you will find common uses for both shared key (Footnote 5) and public key encryption.
A message that is completely readable and is in no way scrambled or disguised is called plaintext. Plaintext is unencrypted data. Encryption is the process of scrambling or disguising plaintext by applying a cryptographic algorithm to produce ciphertext. Ciphertext is encrypted data. Decryption reverses the encryption process and turns ciphertext back into its original plaintext form. These concepts are shown in Figure 1.2.
Figure 1.2 The relationships between plaintext and ciphertext, and the encryption and decryption processes that transform them.
The goal of encryption—and therein the way to achieve confidentiality—is to create ciphertext from plaintext that is undecipherable to anyone except the intended recipient. A special cryptographic algorithm that creates seemingly random permutations on the message, but which in fact are reversible under the right circumstances, performs the encryption process.
The algorithms for encryption and decryption require a key, which is a special numeric value that is required as a parameter for the algorithm to perform its task. The wrong key will get garbage out, not the correct output.
Shared key algorithms use the same key performing encryption and decryption symmetrically and are relatively fast. Public key encryption uses different but mathematically related (a public and private pair) keys performing encryption and decryption asymmetrically and is primarily used for secure shared key distribution and digital signatures.
Throughout this book, we will use the term shared key when we refer to symmetric encryption and public key when we refer to asymmetric encryption. We will use the term subject to refer to the holder of a key. A subject may be an individual or an entity (computer).
The magic is in the keys. But what is a key, and what does it have to do with encryption?Keys
A key is a set of bits that acts as an input parameter to a crypto-algorithm. Think of the crypto-algorithm like the lock on your house door. That lock is standard, and so is your door. Lots of other people have doors and locks that are outwardly exactly the same as yours. But inside the lock on your door are some unique (or almost (Footnote 6)) settings of tumblers that exactly match your and only your key.
Algorithms for encryption and decryption do not need to be and normally are not kept secret. It is the key that is kept secret. It is an important fundamental principle of cryptography that the algorithms be public, standard, and widely distributed and carefully scrutinized. This principle ensures that all the world's cryptographers fully shake out the algorithms for any security flaws.
The key is the variable that makes the algorithm result unique and secret. For some crypto-algorithms, the key may be a random number. For others, such as public key algorithms, it must be carefully chosen—a complex, time-consuming mathematical operation by itself. The key space needs to be large, so a large number of possible keys is available to prevent guessing attacks. Different algorithms require different key lengths for good security. Most keys today are typically 200 bits or larger.Shared Key Cryptography
Shared key cryptography uses the same key to encrypt and decrypt the data. This requires that both communicating parties share the same key and, vitally important, keep it secret from the rest of the world. As shown in Figure 1.3, plaintext is encrypted into ciphertext by the sender using the shared secret key. The ciphertext is then decrypted by the receiver using the same shared secret key.
Figure 1.3 The shared key (symmetric) encryption process.
The advantage of shared key encryption/decryption is that the algorithms are fast and can operate on arbitrarily sized messages. The disadvantage is that this approach creates great difficulties managing a shared key that must be kept secret across a network between message sender and recipient. Within Web services security, you will run into shared key cryptography as the basis of Secure Socket Layer (SSL) security and as the foundation for XML Encryption. Much effort has been put into XML Encryption to take care of most of its details for you. But you will be exposed at the minimum to choices you will have to make about algorithms, key information, and the like, so it is important you gain a foundation in these concepts.Public Key Cryptography
Public key cryptography uses a key pair called a private and public key. Whichever one is used to encrypt the data is not the one used to decrypt the data; only the other half of the pair can decrypt the data. Of vital importance is that the private keys are never shared. Only the public key can be, and it is widely distributed to others. We repeat that it is an absolute tenet of public key cryptography that each subject keeps his private key confidential, never sharing it with anyone.
Either key can be used to encrypt, but only the matching key from the pair can then be used to decrypt. In Figure 1.4, the sender uses the public key of the recipient to encrypt her plaintext message into ciphertext. The resulting ciphertext is sent to the recipient who uses her private key to decrypt the ciphertext back into the original plaintext message.
Figure 1.4 The public key (asymmetric) encryption process.
If you want to make sure only the recipient can read your message, use that person's public key to encrypt, and then he and only he using his private key can decrypt. If you want everyone who gets your message to know it came from you and only you, use your private key to encrypt and then the recipients can use your public key to decrypt. Because you keep your private key highly secure, the message could have been encrypted only by you.
Now that you have a basic understanding of encryption and digital signature, we can establish working definitions for critical security concepts that will be used throughout this book.
blog comments powered by Disqus