Page 240 - DCAP403_Operating System
P. 240
Unit 12: Security Solution
no longer important and can be discarded. Both the public and the private keys are needed for Notes
encryption /decryption but only the owner of a private key ever needs to know it. Using the RSA
system, the private key never needs to be sent across the Internet.
The private key is used to decrypt text that has been encrypted with the public key. Thus, if I
send you a message, I can find out your public key (but not your private key) from a central
administrator and encrypt a message to you using your public key. When you receive it, you
decrypt it with your private key. In addition to encrypting messages (which ensures privacy),
you can authenticate yourself to me (so I know that it is really you who sent the message) by
using your private key to encrypt a digital certificate. When I receive it, I can use your public key
to decrypt it. A table might help us remember this.
To do this Use whose Key
Send an encrypted message Use the receiver’s Public key
Send an encrypted signature Use the sender’s Private key
Decrypt and encrypted message Use the receiver’s private key
Decrypt an encrypted signature (and authenticate the sender) Use the sender’s Public key
12.8 Comparison between Symmetric and Public Key Encryption
12.8.1 Symmetric Key Encryption
Symmetric cryptography involves a single, secret key, which both the message-sender and the
message-recipient must have. It is used by the sender to encrypt the message, and by the recipient
to decrypt it.
Symmetric cryptography provides a means of satisfying the requirement of message content
security, because the content cannot be read without the secret key. There remains a risk exposure,
however, because neither party can be sure that the other party has not exposed the secret key to
a third party (whether accidentally or intentionally).
Symmetric cryptography can also be used to address the integrity and authentication requirements.
The sender creates a summary of the message, or ‘message authentication code (MAC)’ encrypts
it with the secret key, and sends that with the message. The recipient then re-create the MAC,
decrypts the MAC that was sent, and compares the two. If they are identical, then the message
that was received must have been identical with that which was sent.
A major difficulty with symmetric schemes is that the secret key has to be possessed by both
parties, and hence has to be transmitted from whomever creates it to the other party. Moreover, if
the key is compromised, all of the message transmission security measures are undermined. The
steps taken to provide a secure mechanism for creating and passing on the secret key are referred
to as ‘key management’.
The technique does not adequately address the non-repudiation requirement, because both
parties have the same secret key. Hence the other, and a claim by either party not to have sent a
message is credible, because the other may have compromised the key expose each to the risk of
fraudulent falsification of a message.
12.8.2 Public Key Cryptography (Encryption)
Whereas symmetric cryptography has existed, at least in primitive forms, for 2,000 years
asymmetric approaches were only invented in the mid-1970s.
Public key cryptography involves two related keys, referred to as a ‘key-pair’, one of which only
the owner knows (the ‘private key’) and the other which anyone can know (the ‘public key’).
LOVELY PROFESSIONAL UNIVERSITY 233
