Read an Excerpt
Chapter 11: Cryptography and the Web
Encryption is the fundamental technology that protects information as it travels over the Internet. Although strong host security can prevent people from breaking into your computer-or at least prevent them from doing much damage once they have broken in-there is no way to safely transport the information that resides on your computer to another computer over a public network without using encryption.
But as the last chapter explained, there is not merely one cryptographic technology: there are many of them, each addressing a different need. In some cases, the differences between encryption systems represent technical differences-after all, no one solution can answer every problem. Other times, the differences are the result of restrictions resulting from patents or trade secrets. And finally, restrictions on cryptography sometimes result from political decisions.
Cryptography and Web Security
Security professionals have identified four keywords that are used to describe all "I" of the different functions that encryption plays in modem information systems. The different functions are these:
Confidentiality Encryption is used to scramble information sent over the Internet and stored on servers so that eavesdroppers cannot access the data's content. Some people call this quality "privacy," but most professionals reserve that word to refer to the protection of personal information (whether confidential or not) from aggregation and improper use.
Authentication Digital signatures are used to identify the author of a message; people who receive the message can verify the identity of the person who signed them. They can be used in conjunction with passwords or as an alternative to them.
Integrity Methods are used to verify that a message has not been modified while in transit. Often, this is done with digitally signed message digest codes.
Nonrepudiation Cryptographic receipts are created so that an author of a message cannot falsely deny sending a message.
Strictly speaking, there is some overlap among these areas. For example, when the DES encryption algorithm is used to provide confidentiality, it frequently provides integrity as a byproduct. That's because if an encrypted message is altered, it will not decrypt properly. In practice, however, it is better engineering to use different algorithms that are specifically designed to assure integrity for this purpose, rather than relying on the byproduct of other algorithms. That way, if the user decides to not include one aspect (such as encryption) because of efficiency or legal reasons, the user will still have a standard algorithm to use for the other system requirements.
What Cryptography Can't Do
Cryptography plays such an important role in web security that many people use the phrase secure web server when they really mean cryptographically enabled web server. indeed, it is difficult to imagine securing data and transactions sent over the Internet without the use of cryptography.
Nevertheless, encryption isn't all-powerful. You can use the best cryptography that's theoretically possible, but if you're not careful, you'll still be vulnerable to having your confidential documents and messages published on the front page of the San Jose Mercury News if an authorized recipient of the message faxes a copy to one of the reporters. Likewise, cryptography isn't an appropriate solution for many problems, including the following:
Cryptography can't protect your unencrypted documents. Even if you set up your web server so that it only sends files to people using 1024-bit SSL, remember that the unencrypted originals still reside on your web server. Unless you separately encrypt them, those files are vulnerable. Somebody breaking into the computer on which your server is located will have access to the data.
Cryptography can't protect against stolen encryption keys. The whole point of using encryption is to make it possible for people who have your encryption keys to decrypt your files or messages. Thus, any attacker who can steal or purchase your keys can decrypt your files and messages. That's important to remember when using SSL, because SSL keeps copies of the server's secret key on the computer's hard disk. (Normally it's encrypted, but it doesn't have to be.)
Cryptography can't protect against denial-of-service attacks. Cryptographic protocols such as SSL are great for protecting information from eavesdropping. Unfortunately, attackers can have goals other than eavesdropping. In banking and related fields, an attacker can cause great amounts of damage and lost funds by simply disrupting your communications or deleting your encrypted files.
Cryptography can't protect you against the record of a message or the fact that a message was sent. Suppose that you send an encrypted message to Blake Johnson, and Blake murders your lover's spouse, and then Blake sends you an encrypted message back. A reasonable person might suspect that you have some involvement in the murder, even if that person can't read the contents of your messages. Or suppose there is a record of your sending large, encrypted messages from work to your competitor. If there is a mysterious deposit to your bank account two days after each transmission, an investigator is likely to draw some conclusions from this behavior.
Cryptography can't protect against a booby-trapped encryption program. Someone can modify your encryption program to make it worse than worthless. For example, an attacker could modify your copy of Netscape Navigator so that it always uses the same encryption key. (This is one of the attacks that was developed at the University of California at Berkeley.)
Fundamentally, unless you write all of the programs that run on your computer, there is no way to completely eliminate these possibilities. They exist whether you are using encryption or not. However, you can minimize the risks by getting your cryptographic programs through trusted channels and minimizing the opportunity for your program to be modified. You can also use digital signatures and techniques like code signing to detect changes to your encryption programs.
Cryptography can't protect you against a traitor or a mistake. Humans are the weakest link in your system. Your cryptography system can't protect you if your correspondent is taking your messages and sending them to the newspapers after legitimately decrypting them. Your system also may not protect against one of your system administrators being tricked into revealing a password by a phone call purporting to be from the FBI.
Thus, while cryptography is an important element of web security, it is not the only part. Cryptography can't guarantee the security of your computer if people can break into it through other means. But cryptography will shield your data, which should help to minimize the impact of a penetration if it does occur. Today's Working Encryption Systems
Although encryption is a technology that will be widespread in the future, it is already hard at work on the World Wide Web today. In recent years, more than a dozen cryptographic systems have been developed and fielded on the Internet.
Working cryptographic systems can be divided into two categories. The first group are programs and protocols that are used for encryption of email messages. These programs take a plaintext message, encrypt it, and either store the ciphertext or transmit it to another user on the Internet. Such programs can also be used to encrypt files that are stored on computers to give these files added protection. Some popular systems that fall into this category include the following:
The second category of cryptographic systems are network protocols used for providing confidentiality, authentication, integrity, and nonrepudiation in a networked environment. Such systems require real-time interplay between a client and a server to work properly. Some popular systems that fall into this category include the following:
- SET and CyberCash
- IPsec and IPv6
All of these systems are summarized in Table 11-1 and are described in the sections that follow. For detailed instructions on using these systems, please refer to the references listed in the Appendixes.
One of the first widespread public key encryption programs was Pretty Good Privacy (PGP), written by Phil Zimmermann and released on the Internet in June 1991. PGP is a complete working system for the cryptographic protection of electronic mail and files. PGP is also a set of standards that describe the formats for encrypted messages, keys, and digital signatures.
PGP is a hybrid encryption system, using RSA public key encryption for key management and the IDEA symmetric cipher for the bulk encryption of data.
Referring to the encryption checklist at the beginning of this chapter, PGP offers confidentiality, through the use of the IDEA encryption algorithm; integrity, through the use of the MD5 cryptographic hash function; authentication, through the use of public key certificates; and nonrepudiation, through the use of cryptographically signed messages.
PGP is available in two ways, as a standalone application and as an integrated email program available from PGP, Inc. The standalone program runs on many more platforms than the integrated system but is more difficult to use. PGP, Inc., is also developing plug-ins for popular email systems to allow them to send and receive PGP-encrypted messages.
A problem with PGP is the management and certification of public keys. PGP keys never expire: instead, when the keys are compromised, it is up to the keyholder to distribute a special PGP key revocation certificate to everyone with whom he or she communicates. Correspondents who do not learn of a compromised key and use it weeks, months, or years later to send an encrypted message do so at their own risk. As a side effect, if you create and distribute a PGP public key, you must hold onto the secret key for all time because the key never expires.
PGP public keys are validated by a web of trust. Each PGP user can certify any key that he or she wishes, meaning that the user believes the key actually belongs to the person named in the key certificate. But PGP also allows users to say that they trust particular individuals to vouch for the authenticity of still more keys. PGP users sign each other's keys, vouching for the authenticity of the key's apparent holder.
The web of trust works for small communities of users, but not large ones. For example, one way that PGP users sign each other's keys is by holding ritualistic key signing parties. Users gather, exchange floppy disks containing public keys, show each other their driver's licenses, whip out their private keys, and then have an orgy of public key encryptions as their private keys are pressed against each other. It's a lot of fun, especially in mixed company. Key signings are a great way to meet people, as they are usually followed by trips to establishments involving the consumption of large amounts of alcohol, pizza, and/or chocolate. Unfortunately, this is not a practical way to create a national infrastructure of public keys.
Another way that PGP public keys are distributed is by the PGP public key servers located on the Internet. Any user on the Internet can submit a public key to the server, and the server will dutifully hold the key, send a copy of the key to all of the other servers, and give out the key to anybody who wishes it. Although there are many legitimate keys in the key server, there are also many keys that are clearly fictitious. Although the key servers work as advertised, in practice they are ignored by most PGP users. Instead of putting their keys on the key servers, most PGP users distribute their public keys on their own personal web pages. PGP's ability to certify identity reliably is severely hampered by the lack of a public key infrastructure....