Safe online
transactions (Part 1)
We rely on SSL and TLS every day, but
what are they and how do they work, asks Julian Bucknall
Let me introduce some people who will
help me talk about cryptography and SSL/TLS. First we have Alice and Bob. They
live far apart and love communicating with each other, hut because they want to
keep their conversations secret, they encrypt all their messages. Eve is
fascinated by these two and is continually eavesdropping on them, hut that’s
all she does: listen in, trying to work out what they’re talking about. Then
there’s Mallory. lie not only listens and tries to work out what they’re up to,
hut he’s malevolent as well. He will alter their messages, delete them and
substitute his messages for Alice’s or Bob’s, trying to fool them both that his
messages originate from the partner. He is known as the man in the middle.
Back in the old days, Alice and Bob
would use a shared key and an agreed-upon symmetric encryption algorithm. In
1981, the Data Encryption Standard (DES) was published publicly as a symmetric
algorithm (that is, you encrypt and decrypt with the same key). Despite using
what we might now think is a small key (only 56 bits), it took off and started
the whole field of cryptanalysis.
Alice and Bob took to DES with
abandon, but they ran into a problem: they needed a 56-bit key (preferably
randomly generated) that they could share, but keep secret. Once the key was
agreed on, all of their communications would be opaque to Eve and Mallory There
was just one problem- how could they agree on a key? Alice couldn’t send a key
to Bob, because both Eve and Mallory would see it as she’d have to send it
unencrypted. Even worse. Mallory could substitute another key entirely and send
that to Bob. After that, Mallory could intercept messages from Alice to Bob,
decrypting them with the real key, reading them, then encrypting them with the
fake key and sending them on. The same thing would happen on the return
journey. Alice and Bob’s messages would he nowhere near secure.
Shared keys
There was nothing for it: Alice and
Bob would have to meet in person and devise a shared key, making sure that they
couldn’t be overheard by Eve or Mallory. Of course, if the shared key was ever
disclosed or hacked, they’d have to go through the whole rigmarole of
travelling to meet up and decide Ofl a key again.
The most important thing to realise
here is that the secret between Alice and Bob is the key. If the shared key was
ever discovered, the totality of the communications between them would no
longer be secure.
Then, two things happened: computers
became fast enough to apply brute force decryption to messages encrypted with
DES, and public key cryptography was invented.
With brute force decryption, you use a
computer that tries every single key until one is found that decrypts the
message (it assumes that the plaintext message is recognisable in some sense).
When DES was first devised, PCs had only just entered the market and brute
force cracking of a DES-encrypted message was infeasible. Nowadays, using a specially
built computer, a DES 56-bit key can be discovered within a week on average.
Standard DES has been supplanted with
variations (triple-DES) and new algorithms files (AES) with longer keys, but
for Alice and Bob, the same old problem is still present: how to agree on and
exchange a key securely.
Public key cryptography
With public key cryptography, things
are different. Public key cryptosystems use two separate keys: a public key and
a private key. The cryptosystem (the most famous one is RSA, named after its
inventors Rivest, Shamir and Adleman) uses special mathematical algorithms so
that the encryption of a plaintext message and the decryption of that encrypted
message use different keys. The keys are related mathematically, hut knowing
one doesn’t really help you discover the other (the process involves the
factorisation of a very large number into two very large prime numbers - an
algorithm that with current mathematical knowledge would take an inordinate
amount of time to calculate). Because there are different keys for encrypting
and decrypting, these cryptosystems are known as asymmetric algorithms.
This is how Alice would encrypt a
message to send to Bob with a public key algorithm. Both she and Bob have
private/public key pairs, properly generated according to the algorithm they’re
using. Alice will encrypt the plaintext message with her private key (known
only to her), and then encrypt the result of that with Bob’s public key. She
knows Bob’s public key, because he publishes it (similarly she publishes her
own public key). She then sends this twice-encrypted message to Bob.
Bob receives the encrypted message
from Alice. He then decrypts the message with his private key (this key is a
secret known only to him), and then decrypts the result of that with Alice’s
public key. If the result is legible, he knows a couple of things with
certainty: only he could read it (neither Eve nor Mallory could, since only his
private key could decrypt it), and Mallory couldn’t have slipped in a fake
message since the original message could only have been encrypted with Mice’s
private key. So everything is well, and he and Alice can communicate with
abandon.
In fact, since public key
cryptosystems are much slower at encrypting and decrypting than symmetric
algorithms, in general only one message is sent using a public key
cryptosystem: Here’s a randomly generated key for a symmetric algorithm, let’s
both use that from now on.’ All of a sudden, Alice and Bob’s original problem
with a symmetric encrypt ion algorithm is removed: Alice just sends Bob a brand
new 256-bit key encrypted using RSA in the manner I just described, and then
they communicate using AES with that 256-bit key. They don’t have to meet at
all. Sounds great, but what’s the flaw?
The flaw is this: how do Alice and Bob
exchange their public keys securely? Alice can’t send an unencrypted message to
Bob containing her public key because Mallory may intercept that message and
substitute his own public key. (Ditto for Bob informing Alice of his public
key.) If that did happen, Mallory would be in complete control of the message
channel. Let’s call the two key pairs that Mallory generates, fakeAlice and
fakeBob; Alice thinks fakeBob is actually Bob, and Bob thinks fakeAlice is
Alice. Suppose Alice sends a message to Bob. She encrypts it with her private
key and then with fakeBob’s public key and then sends it. Mallory gets it,
decrypts it with the fakeBob’s private key and with Alice’s public key and
reads the message. He then encrypts a new message with fakeAlice’s private key
and Bob’s public key, and sends it to Bob. Bob can decrypt it with his private
key and fakeAlice’s public key.
Suddenly
it seems we’re right back to square one: Alice and Bob still have to meet in
order to exchange their public keys. We’re no better off than we were before.
