|
Page 9 of 19 Hybrid Encryption MethodsPublic Key CryptographyPublic key cryptography is a fundamental and widely used technology around the world, and is the approach which underlies such Internet standards as Transport Layer Security (TLS) (successor to SSL), PGP and GPG.
In order to solve the key management problem, Whitfield Diffie and Martin Hellman introduced the concept of public-key cryptography in 1976. Public-key cryptosystems have two primary uses, encryption and digital signatures. In their system, each person gets a pair of keys, one called the public key and the other called the private key. The public key is published, while the private key is kept secret.
In a public-key cryptosystem, the private key is always linked mathematically to the public key. Therefore, it is always possible to attack a public-key system by deriving the private key from the public key. Typically, the defense against this is to make the problem of deriving the private key from the public key as difficult as possible.
EncryptionWhen Alice wishes to send a secret message to Bob, she looks up Bob's public key in a directory, uses it to encrypt the message and sends it off. Bob then uses his private key to decrypt the message and read it. No one listening in can decrypt the message. Anyone can send an encrypted message to Bob, but only Bob can read it (because only Bob knows Bob's private key).
Digital SignaturesTo sign a message, Alice does a computation involving both her private key and the message itself. The output is called a digital signature and is attached to the message. To verify the signature, Bob does a computation involving the message, the purported signature, and Alice's public key. If the result is correct according to a simple, prescribed mathematical relation, the signature is verified to be genuine; otherwise, the signature is fraudulent, or the message may have been altered. Diffie-Hellman Key ExchangeIt is a protocol for establishing a shared secret (key) over an insecure communications channel. This shared secret (key) can be used to encrypt subsequent communications using a symmetric-key cipher. Synonyms of Diffie-Hellman key exchange include: - Diffie-Hellman key agreement
- Diffie-Hellman key establishment
- Diffie-Hellman key negotiation
- Exponential key exchange
The scheme was first published publicly by Whitfield Diffie and Martin Hellman in 1976. Original Diffie-Hellman key agreement itself is an anonymous (non-authenticated) key-agreement protocol and is thus susceptible to a man-in-the-middle attack. However, D-H provides the basis for a variety of authenticated protocols, and is used to provide perfect forward secrecy in Transport Layer Security's short-lived modes. Examples of authenticated protocols based on D-H protocols include STS (Station to Station), MQV (Menezes-Qu-Vanstone) and IKE (Internet Key Exchange). Session keysA session key is a single-use symmetric key used for encrypting all messages in one communication session. Session keys introduce complication in a crypto system, normally an undesirable end. However, they also help with some real problems. There are two primary reasons for session keys: - Several cryptanalytic attacks are made easier as more material encrypted with a specific key is available. By limiting the material processed using a particular key, those attacks are made more difficult.
- Asymmetric encryption is too slow for general purpose use; while, symmetric encryption algorithms require an out of band secure key distribution mechanism. Using session Key, it is possible to improve considerably overall system performance and security. Asymmetric encryption is normally used to distribute secret session key, to be subsequently used by a faster symmetric algorithm.
|
Tabulated comparisons of the two cryptography, really help to remeber...
thanx
keep up the good work