Key authentication
Encyclopedia
Key authentication is a problem that arises when using public key cryptography. It is the process of assuring that the public key of "person A" held by "person B" does in fact belong to "person A".
In traditional symmetric key cryptography, this problem wasn't an issue as it was implicitly assumed that some "secure" method of key distribution guaranteed key authenticity. Of course, this merely moved the issue back a level, to that of security of key distribution. Crypto systems using asymmetric key algorithms do not evade a related problem. That a public key can be known by all without compromising the security of an encryption algorithm (for some such algorithms, though not for all) is certainly useful, but does not prevent some kinds of attacks. For example, a spoofing attack in which public key A is claimed publicly to be that of user Alice, but is in fact a private key belonging to attacker Mallory, is easily possible. No public key is inherently bound to any particular user, and any user relying on a defective binding (including Alice herself when she sends herself protected messages) will have trouble.
The simplest solution for this problem is for the two users concerned to meet face-to-face and exchange keys, However, for systems in which there are a large number of users or in which the users do not personally know each other (eg, Internet shopping) this is not practicable.
The most common solution to this problem is the use of key certificate
s and certificate authorities for them in a public key infrastructure
system, The certificate authority
acts as a 'trusted third party' for the communicating users and, using cryptographic binding methods (eg, digital signature
s) represents to both parties involved that the public keys each holds which allegedly belong to the other, actually do so. A digital notary
service, if you will. Such CAs can be private organizations providing such assurances, or government agencies, or some combination of the two. However, in a significant sense, this merely moves the key authentication problem back one level for any CA may make a good faith certification of some key but, through error or malice, be mistaken. Any reliance on a defective key certificate 'authenticating' a public key will cause problems. As a result, many people find all PKI designs unacceptably insecure.
Accordingly, key authentication methods are being actively researched.
In traditional symmetric key cryptography, this problem wasn't an issue as it was implicitly assumed that some "secure" method of key distribution guaranteed key authenticity. Of course, this merely moved the issue back a level, to that of security of key distribution. Crypto systems using asymmetric key algorithms do not evade a related problem. That a public key can be known by all without compromising the security of an encryption algorithm (for some such algorithms, though not for all) is certainly useful, but does not prevent some kinds of attacks. For example, a spoofing attack in which public key A is claimed publicly to be that of user Alice, but is in fact a private key belonging to attacker Mallory, is easily possible. No public key is inherently bound to any particular user, and any user relying on a defective binding (including Alice herself when she sends herself protected messages) will have trouble.
The simplest solution for this problem is for the two users concerned to meet face-to-face and exchange keys, However, for systems in which there are a large number of users or in which the users do not personally know each other (eg, Internet shopping) this is not practicable.
The most common solution to this problem is the use of key certificate
Public key certificate
In cryptography, a public key certificate is an electronic document which uses a digital signature to bind a public key with an identity — information such as the name of a person or an organization, their address, and so forth...
s and certificate authorities for them in a public key infrastructure
Public key infrastructure
Public Key Infrastructure is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates. In cryptography, a PKI is an arrangement that binds public keys with respective user identities by means of a certificate...
system, The certificate authority
Certificate authority
In cryptography, a certificate authority, or certification authority, is an entity that issues digital certificates. The digital certificate certifies the ownership of a public key by the named subject of the certificate...
acts as a 'trusted third party' for the communicating users and, using cryptographic binding methods (eg, digital signature
Digital signature
A digital signature or digital signature scheme is a mathematical scheme for demonstrating the authenticity of a digital message or document. A valid digital signature gives a recipient reason to believe that the message was created by a known sender, and that it was not altered in transit...
s) represents to both parties involved that the public keys each holds which allegedly belong to the other, actually do so. A digital notary
Notary public
A notary public in the common law world is a public officer constituted by law to serve the public in non-contentious matters usually concerned with estates, deeds, powers-of-attorney, and foreign and international business...
service, if you will. Such CAs can be private organizations providing such assurances, or government agencies, or some combination of the two. However, in a significant sense, this merely moves the key authentication problem back one level for any CA may make a good faith certification of some key but, through error or malice, be mistaken. Any reliance on a defective key certificate 'authenticating' a public key will cause problems. As a result, many people find all PKI designs unacceptably insecure.
Accordingly, key authentication methods are being actively researched.