Thursday, April 3, 2008

Computers and Privacy Part 2

The New Standard: AES

AES is the name given to the encryption algorithm that was selected by NIST as the new standard for encryption. NIST set the requirements necessary for this new standard, and many candidates submitted algorithms hoping to qualify. The selection that was made is called Rijndael, a block cipher developed by Joan Daemen and Vincent Rijmen from Belgium. This encryption algorithm makes use of

variable-length blocks of data and key lengths to encrypt the data. Currently, key lengths of 128, 192, and 256 bits can be used to encrypt blocks of data, also of variable lengths, of 128, 192, or 256 bits. However, the algorithm is extensible, allowing for larger key sizes in multiples of 32 bits. How long this new AES standard will be considered "unbreakable" remains to be seen. However, the longer the key length, the more computational time it will take to break the code because each additional bit adds tremendously to the possible permutations of numbers that can be created using the key.

In December 2001, AES was adopted by the U.S. government as the encryption standard to be used for unclassified documents. The U.S. military uses other, secret encryption technologies for classified documents and communications.

The Problem with Single-Key Encryption

No matter how strong the encryption algorithm used with a single-key encryption method, one thorny problem remains. You still have to find a way to transfer the single known key to the recipient of the message, or establish some method for using an alternating set of seemingly random key selections. If someone trying to intercept your data can determine the single key, it's a simple matter to decrypt the data. However, because most people don't expect their communications to be intercepted and decrypted, sometimes perfection isn't necessary. It's enough to use the best available method and hope that you don't have a hacker (or the government) trying to look into your affairs.

Internet 2010

The problem with key transfer, however, exists with AES, DES, or any single-key encryption algorithm. For a large corporation, the exchange of a secret key might involve sending a courier from one location to another to deliver the key. This can be expensive. Of course, if your company is a large financial institution, the cost is miniscule when compared to the value of the data that is encrypted using the secret key. For smaller entities, and for individual users on the Internet, exchanging secret keys in this manner is not a consideration.

To overcome this limitation, another solution was developed, called public-key encryption. Public-key encryption is subject to the same brute-force attack method of trying every possible key that a single- key encryption method is; however, it makes distributing keys much simpler. The difference between single-key encryption, also called symmetric encryption, and public-key encryption is very subtle.

Public-Key Encryption

Whitfield Diffie and Martin Hellman invented public-key cryptography in 1975. Public-key cryptography uses two keys, called a key pair, that are mathematically related. One key is used to encrypt the data, and the other to decrypt the data. At first glance, this might seem rather innocuous. In fact, instead of protecting the encryption key and keeping it a secret, the opposite is true. The key used to encrypt the data is the public key that can be shared with many people. You can post your public key on certain places on the Internet so that it's available to anyone who wants to send you a message in encrypted format. It also is common now for users to attach a copy of their public key to emails they send out so that the recipient of the message can use it to encrypt a response to the email. The term key ring is used to describe a file that you use to store a set of public keys for others with whom you communicate. Products such as Pretty Good Privacy (PGP) use key rings for just this purpose.

This form of encryption usually is referred to as asymmetric encryption, because more than one key is used. To put it simply, if you want someone to send you a message in encrypted format, you just give her (or anyone else) your public key. Anyone who wants to send you a message encrypts the message using this public key. The difference between symmetric encryption and asymmetric encryption is that the public key that encrypts the data cannot be used to perform the reverse process of decrypting the data that it was used to encode. Instead, a pair of keys is used: the public key that you can distribute freely and a secret key that only you possess. Both keys are mathematically related so that only the secret key can be used to decrypt the message that was encrypted using your public key.

This solves the problem of having to distribute a secret key, because you don't have to. Instead, you can freely publish your public key so that anyone in the world (or on the Internet) can use it. Because this key can be used only to encrypt a message, and can't be used to unlock the message, you don't have to worry about keeping the public key a secret. Instead, you only need to keep secret the other half of this key pair, and because it is under your control, that should be much easier to do.

Yet, this brings up another question. How can you be sure that the person who has sent you a message is the person he or she claims to be? Because anyone can potentially gain access to your public key—remember, there are places on the Internet where you can publish your public key—how can you be sure, when you receive an encrypted message, that it comes from the person whom the message claims it is from?

Enter, stage left, the digital signature. The person who sends you the message can use her own secret key to digitally sign the message. You then can use her public key to verify that the message most likely did originate from that person. Unless the sender's secret key has become compromised, you can be fairly sure that you've received a message from the person the message claims to be from in encrypted format that can be decrypted only by your own secret key. Throughout this entire process, it's never necessary to exchange either party's secret key. The public keys can be known by anyone; as long as the secret keys remain a secret, it's possible to be reasonably sure that you've received an encrypted message from the person you think it's from.

One drawback to public-key encryption is that, due to the mathematical relationship between the key pair, the size of the keys is a lot larger than one traditionally used in secret key, or symmetric, encryption. However, the flexibility that public-key encryption provides, and the uses to which it has been put (such as digital signatures), more than makes up for the larger key size. Does it really matter if it takes a few seconds longer to decrypt a message using public-key cryptography when you consider the problems associated with trying to distribute a secret key, and keep it a secret?

Because public-key encryption techniques eliminate the need to share a secret key, a public-key encryption system also could be combined with a secret-key encryption system. That is, a public key could be used to encrypt a secret key for transmission across a network, where it is recovered using the private key at the end of the communication path. From then on, the secret key itself could be used for further encrypted communications. Because secret-key encryption typically uses shorter key lengths than public keys, it's much faster to encrypt or decrypt text using a secret key. Thus, public- key encryption can be used both as a method of encrypted communication and as a method for exchanging secret keys for even faster encrypted communications. To make things even more secure, it's common to change the secret key frequently during the transmission of data, making it even more difficult for anyone who intercepts the data to discover any of the keys. As a general rule, the more data that the interceptor has to work with, the easier it is to use a computer to look for patterns and try to decrypt the data. If the secret key changes frequently (transmitted using public-key technology), the interceptor has less data encrypted with the same key to work with, and the job becomes much more difficult.

No comments:

Internet Blogosphere