There are
four methods of public key distribution: Public announcement of Public Keys,
Publicly Available Directory, Public Key Authority and Public Key
Certificates.
Public Announcement
of Public Keys
In a public key cryptography, such as RSA, any user can send his/her key to any other user or broadcast it to the group as shown in figure.
Figure: Public Announcement of Public Keys |
This type of approach is having a biggest drawback. Any user can pretend to be a user A and send a public to another user or broadcast it. Until user A has got this thing and alerts to other user, a pretender is able to read all encrypted message of other users.
Publicly
Available Directory
A dynamic publicly available directory is used to achieve the security. Maintenance and distribution of public directory is controlled by a trust entity. This technique is explained as follows and shown in figure.
Figure: Publicly Available Directory |
A trusted
entity maintains a directory for each user as <name, public key>
Each user
has to register a public key with the directory.
A user
can replace the existing key with a new one at any time for any particular
reason.
It is more secure than public announcement but still having some weakness. A hacker can obtain the private key of directory or temper with the information kept by directory.
Public-Key
Authority
It gives stronger security. As shown in figure a central authority keeps a dynamic directory of public keys of all users. Additionally, each user knows the public key of authority.
Figure: Publlic Key Authority |
Step – 1: A sends
a time stamped message to the public-key authority containing a request for the
current public key of B.
Step – 2: The
authority responds with a message that is encrypted using the authority’s
private key, PRauth. Thus, A is able to decrypt the message using
the authority’s public key. Therefore, A is assured that the message originated
with the authority.
The
message includes the following: B’s public key, PUb, which A can use
to encrypt messages destined for B. The original request used to enable A to
match this response with the corresponding earlier request and to verify that
the original request was not altered before reception by the authority. The
original timestamp given so A can determine that this is not an old message
from the authority containing a key other than B’s current public key.
Step – 3: A stores
B’s public key and also uses it to encrypt a message to B containing an
identifier of A (IDA) and a nonce (N1), which is used to
identify this transaction uniquely.
Step – 4
& 5: B retrieves A’s public key from the authority in the same
manner as A retrieved B’s public key.
Step – 6: B sends
a message to A encrypted with PUa and containing A’s nonce (N1)
as well as a new nonce generated by B (N2). Because only B could
have decrypted message (3), the presence of in message (6) assures A that the
correspondent is B.
Step – 7: A returns N2, which is encrypted using B’s public key, to assure B that its correspondent is A.
Public-Key
Certificates
The directory of names and public keys maintained by the authority is vulnerable to tampering. An alternative approach, first suggested by Kohn Felder, is to use certificates. In essence, a certificate consists of a public key, an identifier of the key owner, and the whole block signed by a trusted third party. Typically, the third party is a certificate authority, such as a government agency or a financial institution that is trusted by the user community. A user can present his or her public key to the authority in a secure manner and obtain a certificate. The user can then publish the certificate. Anyone needing this user’s public key can obtain the certificate and verify that it is valid by way of the attached trusted signature. A participant can also convey its key information to another by transmitting its certificate. Other participants can verify that the certificate was created by the authority. Below diagram shows the distribution of public keys using public key certificates.
Figure: Public Key certificates |
We can
place the following requirements on this scheme:
Step – 1: Any
participant can read a certificate to determine the name and public key of the
certificate’s owner.
Step – 2: Any
participant can verify that the certificate originated from the certificate
authority and is not counterfeit.
Step – 3: Only the
certificate authority can create and update certificates.
Step – 4: Any participant can verify the certificate.
To learn more about Public Key Distribution, Click here
Watch more videos click here.
No comments:
Post a Comment