Introduction to Public Key Infrastructure (PKI)
Public Key Infrastructure (PKI)
Public Key Infrastructure (PKI) uses mathematical structures and operators. Cryptography and cryptanalysis functions are used in modern software development. Data confidentiality is a critical need, particularly in software, so cryptography is a vital to safeguarding data, and by extension the software. Understanding cryptography means understanding key terms, like algorithms, cipher text, or plain text. Plain text is just that, plain. It’s the message in regular language that needs encryption. Cipher text is the seemingly random mix of text that is unreadable. Specific algorithms are used to convert plain text to cipher text.
The conversion process of moving from plain text to cipher text is, of course, call encryption. And moving from cipher text to plain text is called decryption. The algorithm, which is a mathematical formula, is used to make the conversions. For the cryptosystem to work, it requires keys. In cryptography, keys are bits of data that lock and unlock the text. The sender and the receiver have similar but not exact keys. The longer the key, the better the encryption.
Encryption comes in two types, symmetric and asymmetric. Symmetric encryption uses similar but different versions of the same key. The problem with that is the key has to be distributed and must be kept secret. It’s a bit like putting a house key in the fake-looking rock next to the bush and hoping no one notices. Symmetric encryption is fast and easy though so it does get used and at the very least it fulfills a need for confidentiality. The DES (Data Encryption Standard) is one example of symmetric encryptions. Asymmetric encryption uses one public key and one private key. The keys are related but not similar so even though the encrypting key is public it’s unlikely that anyone could figure out the decrypting key just by looking at the encryption key. Asymmetric encryption satisfies the needs for non-repudiation and authentication. Non-repudiation means that the validity of the data can’t be denied. What is, is what is. Asymmetric encryption is slow though, compared to symmetric. One example of asymmetric encryption is AES (Advanced Encryption Standard). Feistel Networks allow decryption and encryption to be performed by the same algorithm. This cryptographic structure works by using keys in specific but differently ordered rounds. Chip designers love Feistel Networks because they cut the work in half, using the same operators for both encryption and decryption. For this same reason, feistel networks are favored when cryptographic algorithms are used on hardware.
Cryptoanalysis and PKI
Cryptography is used in a plethora of applications, including technologies we all use every day. These applications include Public Key Infrastructure (PKI). PKI is the wingman of digital certificates, laying down a smooth path of trust that won’t be broken. Digitally signed email and https wouldn’t be possible without PKI keeping it all together. Most data on a network is encrypted by protocols SSL and TSL. They use symmetric and asymmetric cryptography in concert to minimize eavesdropping. Virtual Private Networks (VPNs) are like the chunnel. They provide a safe way to connect the client and the server in public but without the extreme risk of being battered by the turbulent English Channel.
Secure Credential Management has been used to protect authentication info on websites by verifying user identities. Recent breaches of Content Management Systems (CMS) have shown that secure credential management isn’t as secure as previously thought. Full-disk encryption uses symmetric cryptography on electronic devices. That way if devices are no longer with the original user, either through theft, discard, or just being lost, they are still secure. Blockchain Technology is heavy and slow because it uses asymmetric encryption and hash functions. It’s meant to replace trust in centralized organizations using cryptographic algorithms but many find the technology lacking.
The success of applied cryptanalysis is contingent upon competent developers who know the math and can create a complicated algorithm correctly. If they do their job right trying to crack effective cryptography is a waste of time. Many people, though, don’t actually use effective cryptography. They often obfuscate the data using Base64 encoding but they are far easier to break. The irony of cryptography is it remains so obscure because people are afraid to understand the complexity. With proper training in applied cryptography and cryptanalysis, both developers and hackers can certainly understand how to break or develop a cryptographic system.