Page 247 - DCAP311_DCAP607_WIRELESS_NETWORKS
P. 247
Unit 14: Authentication
different key with each individual person. As long as the private key remains secret, the public key Notes
can be given to any number of people and used securely. The ability to use a single key pair with
many people represents a major breakthrough in cryptography because it makes cryptography
substantially more usable by significantly lowering the key management requirements. A user
can share one key pair with any number of people rather than having to establish a single secret
key with each person.
14.4.2 Putting Public Key Cryptography Together with Message Security
Public key cryptography is a fundamental element of message security. Without public key
cryptography, it is doubtful that there would be practical message security solutions, due to
the fact that key management before public key cryptography was cumbersome. With an
understanding of the basic concepts of public key cryptography, the next step is to learn how
those concepts work to make message security possible.
14.4.3 Public Key Cryptography and Digital Signatures
The reciprocal nature of the relationship of the key pair makes this unique identification possible
through public key cryptography.
Because the private key in a key pair belongs to only one party, any time that it is shown that
the private key has been used, it can be concluded that only the owner of that key has used it.
In this way, the use of the private key is like a signature on a paper because only the owner of a
signature can actually make it. The signature confirms its owner's presence just as the use of the
private key confirms its owner's presence.
If a key pair is successfully used in an encryption and decryption operation, the pair's private key
must have been used for one part of the operation. Because a public key is tied to only one private
key, the corresponding public key can be used to identify its related private key and only its
related private key. If a particular public key is used successfully in an encryption and decryption
operation, it can be inferred that the corresponding private key was used for one part of the
operation. Because only the key owner can use the private key, this means that the key owner
and only the key owner could have performed part of the encryption and decryption operation.
Using a private key to establish identity shows that the full encryption and decryption operation
was accomplished successfully. Showing a full operation means that plaintext would have to
be encrypted to ciphertext using a private key and then decrypted back to plaintext using the
corresponding public key. If this operation is successfully shown, the use of the private key, and
only the private key, is demonstrated.
To show a successful encryption and decryption operation, the plaintext before the encryption and
decryption operations must match the plaintext after the encryption and decryption operation.
Both sets of plaintext must be compared directly and shown to match absolutely. There must be
a control that is used for comparison and validation.
In e-mail, this control is the actual message. Because the message is available to both the sender
and the recipient, it is a convenient control element.
To be used in this comparison operation, the message is converted into a "hash," which is a
numerical representation of the complete text. Identical message text will yield identical hash
values.
By taking the hash value of the message and combining it with the private key at the time of
sending, the owner of the private key proves that he or she, and only he or she, sent the message.
Combining the message with the private key is accomplished by encrypting the hash value
with the sender's private key, which creates the actual digital signature. Depending on how
LOVELY PROFESSIONAL UNIVERSITY 241
