1.2 Public-key cryptography

Public-key cryptography is a cornerstone of modern network security. It uses two distinct keys - public and private - to enable secure communication and authentication over untrusted networks. This asymmetric approach relies on complex mathematical problems, providing robust security for various applications.

The principles of public-key cryptography play a crucial role in ensuring confidentiality, integrity, and non-repudiation of data. From secure email and web browsing to cryptocurrencies and blockchain technology, this cryptographic method underpins many essential aspects of our digital lives, making it a vital topic in network security and forensics.

Principles of public-key cryptography

• Public-key cryptography, also known as asymmetric cryptography, uses two different keys for encryption and decryption (public and private keys) enabling secure communication and authentication over untrusted networks
• Relies on mathematical problems that are easy to compute in one direction but difficult to reverse (e.g., factoring large prime numbers, discrete logarithm problem) providing a high level of security
• Plays a crucial role in network security and forensics by ensuring confidentiality, integrity, and non-repudiation of data transmitted over networks and stored on devices

Asymmetric key pairs

Public vs private keys

Top images from around the web for Public vs private keys

• 

  Security Mechanisms ; Erik Wilde ; UC Berkeley School of Information View original

  Is this image relevant?

• 

  Public-key cryptography - Wikipedia View original

  Is this image relevant?

• 

  Cryptography/A Basic Public Key Example - Wikibooks, open books for an open world View original

  Is this image relevant?

• 

  Security Mechanisms ; Erik Wilde ; UC Berkeley School of Information View original

  Is this image relevant?

• 

  Public-key cryptography - Wikipedia View original

  Is this image relevant?

1 of 3

Top images from around the web for Public vs private keys

• 

  Security Mechanisms ; Erik Wilde ; UC Berkeley School of Information View original

  Is this image relevant?

• 

  Public-key cryptography - Wikipedia View original

  Is this image relevant?

• 

  Cryptography/A Basic Public Key Example - Wikibooks, open books for an open world View original

  Is this image relevant?

• 

  Security Mechanisms ; Erik Wilde ; UC Berkeley School of Information View original

  Is this image relevant?

• 

  Public-key cryptography - Wikipedia View original

  Is this image relevant?

1 of 3

• Public key is freely distributed and used for encrypting messages or verifying digital signatures while private key is kept secret by the owner and used for decrypting messages or creating digital signatures
• Messages encrypted with the public key can only be decrypted using the corresponding private key and vice versa ensuring secure communication between parties
• Private key must be kept secure at all times to maintain the integrity of the cryptographic system as compromise of private key allows an attacker to impersonate the owner and decrypt confidential messages

Key generation process

• Involves generating a pair of mathematically related keys (public and private) based on a specific algorithm (e.g., RSA, ECC)
• Key generation parameters (e.g., key size, elliptic curve parameters) are carefully chosen to ensure sufficient security against known attacks
• Generated keys are typically stored in a secure format (e.g., PEM, PKCS#12) and protected with a passphrase to prevent unauthorized access

RSA algorithm

RSA encryption process

• Plaintext message is converted into a number $M$ using a padding scheme (e.g., PKCS#1 v1.5, OAEP)
• Ciphertext $C$ is calculated using the formula: $C = M^e \mod n$, where $e$ is the public exponent and $n$ is the modulus (product of two large prime numbers)
• Resulting ciphertext can only be decrypted using the corresponding private key ensuring confidentiality of the message

RSA decryption process

• Ciphertext $C$ is raised to the power of the private exponent $d$ modulo $n$ to recover the original message $M$: $M = C^d \mod n$
• Private exponent $d$ is calculated during key generation process using the extended Euclidean algorithm and kept secret
• Decrypted message is then unpadded to obtain the original plaintext

RSA security considerations

• Security of RSA relies on the difficulty of factoring large numbers (e.g., 2048-bit or larger modulus) making it infeasible for an attacker to determine the private key from the public key
• Proper implementation of RSA is crucial to prevent vulnerabilities such as padding oracle attacks, timing attacks, and key leakage
• Key size should be chosen based on the desired level of security and the expected lifetime of the protected data (e.g., 2048-bit keys for long-term security)

Elliptic curve cryptography (ECC)

ECC vs RSA

• ECC uses algebraic structure of elliptic curves over finite fields to create public-key cryptographic systems offering similar security to RSA with smaller key sizes
• Smaller key sizes in ECC (e.g., 256-bit) provide faster key generation, encryption, and decryption compared to RSA making it suitable for resource-constrained devices (smartphones, IoT devices)
• ECC is considered more secure than RSA for a given key size due to the difficulty of solving the elliptic curve discrete logarithm problem (ECDLP)

ECC key generation

• Involves selecting an appropriate elliptic curve (e.g., NIST P-256, Curve25519) and a base point $G$ on the curve
• Private key is a randomly selected integer $d$ while public key is calculated as $Q = dG$ (point multiplication of base point $G$ by private key $d$)
• Domain parameters (elliptic curve, base point, order of base point) are shared between communicating parties to ensure interoperability

ECC encryption & decryption

• Plaintext message is first encoded as a point $M$ on the elliptic curve
• Encryption involves generating a random integer $k$, calculating the points $C_1 = kG$ and $C_2 = M + kQ$ (where $Q$ is the recipient's public key), and sending the pair $(C_1, C_2)$ as the ciphertext
• Decryption is performed by calculating $M = C_2 - dC_1$ (where $d$ is the recipient's private key) to recover the original message point $M$, which is then decoded back into the plaintext

Digital signatures

Digital signature creation

• Signer first hashes the message using a secure hash function (e.g., SHA-256) to create a fixed-size digest
• Hash digest is then encrypted using the signer's private key to create the digital signature
• Digital signature is attached to the original message and sent to the recipient providing authentication and integrity of the message

Digital signature verification

• Recipient first hashes the received message using the same hash function used by the signer
• Signature is decrypted using the signer's public key to obtain the hash digest calculated by the signer
• Calculated hash digest is compared with the decrypted hash digest and if they match, the signature is considered valid indicating the message has not been tampered with and originated from the claimed signer

Non-repudiation of digital signatures

• Digital signatures provide non-repudiation, meaning the signer cannot deny having signed the message as the signature can only be created with the signer's private key
• Non-repudiation is crucial in legal and financial contexts (e-contracts, online transactions) to prevent parties from denying their actions
• Digital signatures, when combined with trusted timestamping, can also provide evidence of the time at which the signature was created

Public key infrastructure (PKI)

Role of certificate authorities

• Certificate authorities (CAs) are trusted third parties responsible for issuing, managing, and revoking digital certificates that bind public keys to the identities of their owners
• CAs verify the identity of the certificate requestor (individual, organization, device) before issuing a certificate to ensure the authenticity of the public key
• Root CAs are at the top of the trust hierarchy and are trusted by default by operating systems and browsers while intermediate CAs are certified by root CAs or other intermediate CAs forming a chain of trust

X.509 certificate format

• X.509 is a standard format for digital certificates used in PKI to bind public keys to identities
• Certificates include information such as the subject's identity (e.g., name, email, domain), public key, issuer's identity, validity period, and digital signature of the issuing CA
• Extensions can be added to X.509 certificates to include additional information (e.g., key usage, subject alternative names, certificate policies)

Certificate revocation lists (CRLs)

• CRLs are lists of certificates that have been revoked by the issuing CA before their scheduled expiration date due to reasons such as key compromise, change in subject's identity, or violation of certificate policies
• CAs periodically publish updated CRLs to allow relying parties to check the revocation status of a certificate
• Online Certificate Status Protocol (OCSP) is an alternative to CRLs that provides real-time revocation status information for individual certificates

Key management

Secure key storage

• Private keys must be stored securely to prevent unauthorized access and ensure the integrity of the cryptographic system
• Storage options include hardware security modules (HSMs), smart cards, and encrypted key files protected with strong passphrases
• Access to private keys should be limited to authorized individuals and applications based on the principle of least privilege

Key backup & recovery

• Regular backups of private keys are essential to ensure continuity of operations in case of key loss or corruption
• Backups should be stored in a secure off-site location and protected with strong encryption and access controls
• Key recovery procedures should be established and tested to allow timely restoration of keys in case of emergencies

Key expiration & rotation

• Cryptographic keys have a limited lifetime and should be regularly rotated (replaced with new keys) to limit the impact of key compromise and comply with security best practices
• Expiration dates are set for keys based on factors such as the sensitivity of the protected data, the strength of the keys, and the risk of key compromise
• Key rotation involves generating new key pairs, securely distributing the new public keys, and revoking the old keys to ensure a smooth transition

Applications of public-key cryptography

Secure email with S/MIME

• Secure/Multipurpose Internet Mail Extensions (S/MIME) is a standard for encrypting and signing email messages using public-key cryptography
• S/MIME allows users to encrypt email contents and attachments using the recipient's public key ensuring confidentiality of the message
• Digital signatures can be added to S/MIME messages using the sender's private key providing authentication, integrity, and non-repudiation

Secure web browsing with SSL/TLS

• Secure Sockets Layer (SSL) and its successor Transport Layer Security (TLS) are cryptographic protocols used to establish secure communication channels over the internet
• SSL/TLS uses public-key cryptography (e.g., RSA, ECC) for authentication and key exchange and symmetric-key cryptography (e.g., AES) for bulk data encryption
• Websites using SSL/TLS have URLs starting with "https" and display a padlock icon in the browser indicating a secure connection

Cryptocurrencies & blockchain

• Public-key cryptography is a fundamental component of cryptocurrencies (e.g., Bitcoin, Ethereum) and blockchain technology
• Cryptocurrency transactions are signed using the sender's private key and verified using the corresponding public key ensuring the authenticity and integrity of the transaction
• Blockchain uses public-key cryptography to create a tamper-evident and decentralized ledger of transactions enabling secure and transparent record-keeping without the need for a trusted third party

Attacks on public-key systems

Brute force attacks

• Involve systematically trying all possible private keys until the correct one is found allowing the attacker to decrypt messages or forge signatures
• Feasibility of brute force attacks depends on the key size and the computational resources available to the attacker
• Larger key sizes (e.g., 2048-bit RSA, 256-bit ECC) and proper key management practices can effectively mitigate the risk of brute force attacks

Man-in-the-middle attacks

• Occur when an attacker intercepts the communication between two parties and impersonates each party to the other allowing the attacker to eavesdrop on or modify the exchanged messages
• Public-key cryptography is vulnerable to man-in-the-middle attacks if the authenticity of the public keys is not properly verified (e.g., using digital certificates)
• Countermeasures include using trusted certificate authorities, implementing certificate pinning, and using secure communication protocols (e.g., SSL/TLS, SSH) with proper authentication

Side-channel attacks

• Exploit information leakage from the physical implementation of a cryptographic system (e.g., timing, power consumption, electromagnetic emissions) to deduce the private key or other sensitive information
• Examples include timing attacks on RSA implementations, power analysis attacks on smart cards, and cache-based attacks on software implementations
• Mitigation techniques involve using constant-time algorithms, implementing physical security measures (e.g., shielding, tamper detection), and applying algorithmic countermeasures (e.g., blinding, randomization)

Future of public-key cryptography

Post-quantum cryptography

• Refers to cryptographic algorithms that are believed to be secure against attacks by quantum computers
• Quantum computers, when available with sufficient scale and reliability, could break many current public-key cryptosystems (e.g., RSA, ECC) by efficiently solving the underlying mathematical problems
• Post-quantum cryptographic schemes (e.g., lattice-based, code-based, multivariate) are being developed and standardized to ensure the long-term security of sensitive data and communications

Homomorphic encryption

• Allows computations to be performed on encrypted data without decrypting it first enabling secure data processing in untrusted environments (e.g., cloud computing)
• Fully homomorphic encryption (FHE) schemes enable arbitrary computations on encrypted data but are currently impractical due to high computational overhead
• Partially homomorphic encryption (PHE) schemes support specific types of computations (e.g., addition, multiplication) and are more efficient but have limited applications

Advancements in quantum computing

• Quantum computers leverage principles of quantum mechanics (e.g., superposition, entanglement) to perform certain computations much faster than classical computers
• Development of large-scale, fault-tolerant quantum computers could have significant implications for public-key cryptography rendering many current algorithms insecure
• Quantum-safe cryptographic solutions, such as post-quantum algorithms and quantum key distribution (QKD), are being actively researched to address the potential threats posed by quantum computing