Various methods have attempted to authenticate, validate, securitize, and conceal communications. Most online transactions, for instance, are considered secure with often false assurances provided by the service providers employed to protect users' data and privacy. Unfortunately, in many if not all cases, these communications are protected with information private to a user and stored by a third-party. Since the more prevalent use of the internet in the late 1990's and most recently government system breaches since 2010, there has been continuous news reports regarding compromised private data, previously considered to be secure. This has sparked new awareness of communications and associated data vulnerability in the private, public, industrial, and government sectors.
The problem regarding transmitting personal and private information today requires the users of various devices including personal computers of all forms and smart phones to install and run special purpose client applications specifically designed for protecting information.
In addition, cryptographic methods to keep information shared among users, software, devices and the like, secure, are becoming more prevalent. Many judge just how secure a communication is by comparing encryption algorithms employed. Examples of encryption algorithms or computerized computations that are commercially used today include AES (Advanced Encryption Standard), Triple-DES (Data Encryption Standard), Blowfish, and RC4. Thus, the sheer number and variety of encryption methods provides questions regarding which encryption is best and how much encryption is enough.
Unfortunately, encryption alone does not ensure security and more importantly, privacy. Data that travels over “free and open” communication mediums such as cell phones and internet communications paths are perfect targets for interception. Many individuals and organizations believe (with a false sense of security) upon the pretense of their data being encrypted. Normally, encrypting the data with a pre-existing algorithm simply means that an equally outstanding algorithm is required to decrypt. Conversely, an easier method to decrypt exists that includes the use of keys. Much like the keys to a home, the strength of the encryption over these insecure “free and open” communication media are only as effective as the keys and the computerized computations that can encrypt and decrypt the keys to unlock the data. The principal is basic and simple; find the proper key, and unlock the door.
Two distinct encryption methods are widely used today: symmetric and asymmetric. Both utilize key-based computerized computations. Which method is more secure is the subject of much debate.
Symmetric cryptography (also known as private-key, single-key, secret-key, shared-key, and one-key encryption) exchanges “secret-keys” that are identical (or related computationally) to encrypt and decrypt data between two or more users. Types of symmetric key ciphers include block ciphers that input blocks of plaintext and stream ciphers that input individual characters. Popular examples of block cipher methods include TripleDES (Data Encryption Standard) and AES (Advanced Encryption Standard). RC4 is an example of a stream cipher.
For symmetric methods, the advantages are simplicity and speed. Users only have to specify a single key to encrypt or decrypt data. Symmetric cryptography is also much more resistant to brute force attacks and requires less computational power than its counterpart asymmetric cryptography. One major issue involving the use of this method is that “secret keys” must be shared via a secret communication channel, which is the very purpose of sharing secret keys in the first place, thus presenting a “chicken-and-egg” situation. In addition, the origin and authenticity of a message cannot be guaranteed, since both users use the same key, leaving this method, like many other cryptographic methods, open to “man-in-the-middle” attacks. Lastly, communication with every new user requires a new key to be shared to prevent compromise of a “universal key”, thereby increasing the number of keys that have to be stored securely.
Another type of cryptography includes cryptographic hash functions. This method enables “digital signatures” to authenticate who a message is from and whether a message has been altered. Hash functions output a short hash of fixed length that is unique to a message and its author. Hash functions have gone through many mutations, culminating in 2012 when NIST (National Institute of Standards and Technology) announced an algorithm from Keccak that won a competition and is becoming the new Secure Hash Algorithm (SHA), called SHA-3.
Asymmetric cryptography is a method that enables two parties to secretly agree on a shared encryption key. Since proposed in a paper by Whitfield Diffie and Martin Hellman in 1976, the idea of cryptography using “public and private mathematically related keys”, also known as asymmetric cryptography, has been become widely popular, especially for online communications. Asymmetric cryptography uses two keys. One key is shared publically between users to use for encryption, while the other key is kept private to use for decryption. A public key is derived from a private key in such a way that that the private key can decrypt data encrypted from a related public key, but not vice versa. No information about a private key can be derived from a public key.
The trade-offs for asymmetric methods include a chief advantage of asymmetric cryptography that includes the reduction in the number of unique secret keys that have to be shared between users requesting to communicate. Disadvantages of this method include computational cost, slower speeds, and the possibility for widespread compromise if just a single private key is compromised. Additionally, data may be irretrievable if a private key is lost. Also, asymmetric encryption is far more susceptible to brute force attacks than symmetric encryption. For example, AES 256 (symmetric encryption) is considered as strong as 15,360-bit methods using asymmetric encryption such as RSA (Rivest-Shamir-Adleman). Last and possibly most challenging is that the lack of authentication of public keys leaves the real possibility for man-in-the-middle attacks where a third party can impersonate an intended recipient by intercepting a sender's public key and exchange their own credentials with the sender without either the intended recipient nor the sender's knowledge.
Trusted 3rd Parties (Certificate Authorities) such as PKI (Public Key Infrastructure) and PGP (Pretty Good Privacy) are examples of asymmetric methods of encryption that rely upon some “trusted” authority to establish trust between peers over open communications such as the internet. These certificate authorities issue certificates that contain a public key of an entity and a cryptographic signature of the issuer, which is then passed to an intended recipient as evidence “they are who they say they are” (i.e. their “identity”). PGP and PKI differ in how they establish “trust.” PKI is based upon predetermined “trusted” certificate authorities (CA) while PGP is based on a “web of trust” that allows users to choose who they trust.
Trade-offs for Certificate Authorities in a similar fashion to symmetric and asymmetric cryptography, include the fact that certificate authorities are vulnerable to man-in-the-middle attacks. If a certificate authority is compromised, another party can cause false certificates to be issued to impersonate another entity. For instance, in July 2012, NIST issued a warning that theft of certificates would allow attackers to issue new “valid” certificates and/or “sign” malware. Although 3rd party certificate authorities may add security in some circumstances, credibility of this method is diminished when reports of compromise surface. New methods such as certificate pinning causes man-in-the-middle attacks to be more difficult, but it can still be by-passed in many ways. Under this architecture, if the certificates are compromised, likely so are all sessions that utilize the certificates and their associated keys.
Several methods to improve cryptography as a means of mutual authentication include asymmetric/symmetric combinations, such as SSL and TLS, where symmetric private keys are shared within encryption by public keys. These methods still have the issue of a shared secret between entities. It has also been shown that a private key becomes more susceptible to disclosure the longer it is used with a public key (PKI). SSL/TLS overcomes the weaknesses of authentication with PKI by using Certificate Authorities to certify the identity of a server or entity, and then overcomes the weaknesses of the speed computational expense of PKI by negotiating a temporary symmetric key for rapid encryption and decryption during a communication session. This approach places emphasis on signature processes with certification authorities, which also has weaknesses as previously discussed.
Regardless of the cryptographic method used for encryption or authentication, an approach that ensures entities “are who they say they are” is needed for various scenarios, for example, when a device falls into the hands of an unauthorized user.
For such instances, many methods including biometrics have been promoted. The use of biometrics is becoming more prevalent and employs the same principle of key management for encryption and authentication.
Which cryptographic authentication and encryption methods are more secure is the subject of much debate. Regardless of the encryption method, the issue with encryption is that the keys still must be protected. Compromise of a private key, though unlikely, could prove catastrophic. Whether disclosure is a result of flawed implementations or a flawed protocol or architecture, recent disclosures of private data bring into focus the need for new approaches to guarantee authenticity and place control of data into the hands of the user to control the entity's secrets, keys, and private data. These encrypted and decrypted communications provide for special encryption techniques essential to denying fraudulent or otherwise unauthorized third parties with the ability to access sealed encrypted transmissions for data at rest as well as for data on the move. New approaches combined with data transmission devices are described in the present disclosure below.