Management of Public and Private Asymmetric Keys for Electronic Commerce and EDI over the Internet
- Use of public-key cryptography simplifies the management of symmetric encryption
keys
Problems Created by Use of Public Key Cryptography to Manage Symmetric Encryption Keys
- protecting the private key
- binding a trading partner's identity to his public key
Protecting the Private Key
secrecy of the private key is important and unauthorized access to
the key can lead to revocation of the corresponding public key
software can generate, encrypt, and store a random private key
user accesses private key indirectly, through access to the software
access to the software is controlled by a password, pass-phrase, and/or access
tights
Use of Public Keys
originating trading partner uses to encrypt a symmetric key
receiving trading partner to verify authenticity of originator
Mathematics of Public Key Cryptography
involves complicated mathematical manipulations of large numeric
numbers
RSA public keys are generated by multiplying large prime numbers together. This size
of the product is called the modulus
deriving the private key from the known public key is based on the difficulty in
factoring large numbers. RSA private keys are derived from factoring the product of the
two large prime numbers.
Basis for Security
RSA asymmetric encryption algorithm security is based on the size
of the number that needs to be factored.
computing power required to use fast factoring algorithms to factor any given size
number can be estimated, allowing time and cost factors for factoring to be estimated, allowing accurate estimates for the breaking of any private key
Measuring Security
a 1 MIP computer operating for 1 year is called a MIP year
100 digit number (~332 bits) would take 74 MIP years to factor
150 digit number (~500 bits) would take 1,000,000 MIP years to factor
200 digit number (~664 bits) would take 4,000,000,000 MIP years to factor
350 digit number (~1162 bits) would take 10 to the 16th power MIP years to factor
Configurable Security
Given a large enough modulus, it becomes impossible to derive a
private key from a public key
RSA key length is configurable
When using RSA encryption algorithm to encrypt symmetric keys, support of 512 bit to
1024 bit variable key lengths is REQUIRED.
Projected Costs for Breaking Asymmetric Private Keys
cost of computing power is decreasing
assuming a decrease in computing costs by a factor of 10 every 5 years, then in the
year 2030 it will cost only $10 to derive a 512 the private key from a 512 bit public
key
Equivalence of Security - Symmetric vs Asymmetric
asymmetric algorithms require longer keys to provide the same
level of security as symmetric keys
512 bit RSA public key is equivalent to a 64 bit symmetric key
768 bit RSA public key is equivalent to an 89 bit symmetric key
Recommended Public Key Lengths for Internet Security
RSA encryption for protecting symmetric encryption keys (session
keys) - at least a 768 bit public key is RECOMMENDED
RSA encryption for protecting very high value transactions - at least a 1024 bit or
higher key SHOULD be used
Trust and Public Keys
how can one trading partner be sure that the public key of another
trading partner is bound to that trading partner, and is valid?
trading partners must exchange public keys or be able to access each other’s public
keys in a manner that is acceptable to each
public key certificates is one method for exchanging public information between
trading partners
Public Key Certificates
come in many different formats and the trust models on which they
are based come with different underlying assumptions
public key certificates based on X.509 standards are becoming prevalent
X.509 Certificates
binds an entity's distinguished name (X.500 terminology for a
formal way of identifying someone in the X.500 world) to a public key
certificate contains: digital signature of the issuer of the certificate, identity of
the issuer of the certificate, and issuer specific serial number, information to verify the
issuer's digital signature
Certificate Authorities (CA)
certificate issuers are called certificate authorities
must be trusted by both trading partners
in essence, a CA is a digital notary and the certificate is a digitally notarized binding of a trading partner to its public key
What is Needed?
adoption of a trust model or the use of CAs for issuing commercial grade/class 3 certificates
trading partners may self certify one another or use a CA that is acceptable to their other trading partners
What Else is Needed?
formats and protocols for requesting, revoking, and exchanging certificates and certificate revocation lists between CAs and trading partners as well as between the trading partners themselves need to be agreed to and standardized<
/LI>
Issues
lack of wide-spread use of certification authorities in real world commercial applications
need to do more profiling of X.509v3 certificates and standards for requesting, revoking, and exchanging certificates and certificate revocation lists
Recommended Near Term Approach
trading partners who have already established a trust relationship should self-certify each other if an agreed upon CA is not used.
near term self-certification means that the exchange of public keys and certification of these keys must be handled as part of the process of establishing a trading partnership
Recommended Near Term Approach (cont)
the UA and/or EDI application interface must maintain a database of public keys used for encryption and authentication
UA and/or EDI application interface must map between the EDI trading partner ID and the RFC822 e-mail address
Best Near Term Approach
trading partners acquire a X.509v3 certificate from a CA trusted by both parties
trading partners exchange certificates using formats and protocols specified for S/MIME or PGP/MIME
Recommended Long Term Approach
Public Key Infrastructure (PKI)
standards for establishing a trading partner relationship will be developed to simplify the process of acquisition, revocation, exchange, and third party authentication of certificates
Conclusions
asymmetric public keys should be used to encrypt symmetric keys which are used for bulk encryption
PKI will be the long term solution for the management of asymmetric public keys
near term solutions that should be used are either self-certification between trading partners or trading partner agreement on use of a CA