July 8, 2011, 4 p.m.

posted by prosto

## PKI BackgroundThus far, we've explored the concepts of symmetric key and asymmetric key encryption as they pertain to IPSec and various IPSec designs. Asymmetric key encryption leverages PKI to reinforce the community of trust within a network of cryptographic endpoints and other cryptographic elements, such as certificate authorities and registration authorities. Now, we will take a deeper look at asymmetric key encryption technology as it pertains to public key infrastructures (PKI). Lenin once said that "trust is good, but control is better"he would have appreciated the need for asymmetric key encryption. Public key cryptography was born from the concept of controlling issues surrounding trust between two cryptographic endpoints that symmetric key encryption itself did not address. Remember that in symmetric key encryption, two cryptographic endpoints must share the same encryption key, since that key is also used for decryption. The integrity of this cryptographic operation relies on the security of the exchange of symmetric keys between the cryptographic endpoints. Therefore, the control of trust in a symmetric key encryption scheme lies on the secure channel over which the keys are exchanged, in addition to the strength of the keys themselves. Public key cryptography shifts the control of trust away from the secure channel of key exchange onto the generation of the asymmetric keypaironly a public key is exchanged freely, while the corresponding private key is not. In 1976, Whitfield Diffie and Martin Hellmann introduced the concept of public key cryptography in their publication entitled "New Concepts in Cryptography." Their concept described an asymmetric cryptographic operation, outlining the use of two keysa public key used only for encryption and a private key used only for decryption. The two keys are mathematically related, but related in a way such that it is computationally infeasible to derive one key from the other. Additionally, information encrypted with a public key can only be decrypted using the corresponding private key. This cryptographic concept moves control over the security of cryptographic keys away from the manner in which they are exchanged and into the derivation of the keys itself. Central to this concept is the fact that the public key of an asymmetric keypair can be freely distributed without compromising the confidentiality or integrity of encrypted communications. Note Although asymmetric cryptography provides a more secure framework for key management and exchange than that of a traditional symmetric key cryptographic operation, there are still trust and authentication issues inherent to pure asymmetric cryptography. We will discuss these issues as they pertain to RSA Encryption and IKE. We will then discuss the RSA Signature method of IKE authentication and how PKIs can be used effectively to address issues of trust and control in asymmetric cryptographic systems. Consider the example in Figure, where Caroline intercepts the public key that James tries to send to Charlie so that Charlie can encrypt messages to James. Because the public key only encrypts information, Caroline cannot use the key to decipher encrypted communication between James and Charlie. Additionally, because James uses strong cryptographic keys, which are refreshed periodically, Caroline is not able to derive James' private key from the public key that she has intercepted. ## What Can Be Done with a Compromised Public Key?Although PKI does eliminate the need for authenticated, confidential distribution of symmetric keys, there must be additional mechanisms to enforce trust amongst cryptographic endpoints. As we have discussed, an attacker cannot do as much damage with a compromised public key as they could do with a compromised symmetric key. They could, however, have an impact in the authenticity of messages within the network. Because of this, there need to be additional measures to ensure that public keys are only exchanged among trusted cryptographic elements. Two measures that we have explored thus far, RSA encryption and Diffie-Hellman key exchange, have these elements of trust built into the cryptographic algorithm itself. Others rely on PKIs that use Certificate Authoritiescentral, trusted, repositories for maintaining keys with authentication and integrity. Consider again the example in which Caroline intercepts a public key en route from James to Charlie. Although Caroline is unable to decrypt information from James and Charlie, she is still capable of using the public key maliciouslyshe could, for example, now use James' public key to encrypt information and send it to James as if she were Charlie. Note An attack scenario in which a malicious party inserts themselves in between two or more communicating partners to manipulate and eavesdrop on data in transit is commonly referred to as a man-in-the-middle attack. Recall that this attack was discussed in the scenario described in Figure in Chapter 2, "IPsec Fundamentals." How can James be certain that the information that he decrypts with is private key is authentic with preserved integrity knowing that his public key was distributed freely and openly? There exists a need for additional methods of data authentication and data integrity that deliver this level of trust, which is what PKI is all about. |

- Comment