1. Field of the Invention
The present invention relates to data authentication, and more particularly to a method for real-time data authentication utilizing a combination of public-key cryptography and digital signatures.
2. Discussion of the Related Art
Various systems and methods exist for protecting data transmitted over particular transmission mediums. For example, public-key cryptography may be utilized. Public-key cryptography, also known as asymmetric encryption, involves the encryption and subsequent decryption of data utilizing a key pair comprising a public key and a private key. Essentially, the data to be encrypted is combined with the public key in accordance with a predetermined encryption algorithm. One the data is encrypted, it is transmitted via a specific medium, for example, electronic mail. Once received, the encrypted data may only be decrypted by correct application of the private key in accordance with a decryption function. Typically, the public key of the key pair is widely distributed so that individuals desiring to encrypt data may do so relatively easily. However, the data may only be decrypted with the matching private key which should only be in the possession of individuals previously designated by the owner or distributor of the public key.
Cryptographers consider that with all things being equal, a larger key is more secure than a smaller key. Therefore, the keys comprising a key pair are often relatively large in length, typically more than two thousand binary bits (approximately six hundred decimal digits). This relatively large size of the keys makes it uneconomical for an unintended recipient of the encrypted data to determine the private key and thus decrypt the data by trying all possible values.
Public-key cryptography, as described above, has traditionally been used to ensure the integrity of data. Used properly however, encryption may also be used to identify the source of the data. This is clearly important even when the data itself is not private. Thus, public-key cryptography may serve as a technique for authenticating the data by verifying that the data came from a source specifically identified by the private-key. In this regard, the data is said to be signed, that is, affixed with a digital signature created only by the holder of a private key. Anyone who knows the corresponding public key can verify the digital signature. This assures that the data did in fact come from the person who holds the private key, and that the data has not been altered.
To create a digital signature for data, the sender first applies a cryptographic hash function to the data. This hash function accepts any amount of input data, and produces a fixed-size output, typically between 64 and 256 bits (20 to 80 decimal digits). The hash function has two important properties. First, if any portion of the input data is changed even slightly, the output has a value which will be completely different. Second, it is very difficult to find or construct input data that will produce a given desired hash output.
The hash value is then encrypted, using the sender's private key. The data and the encrypted hash function are sent to a receiver. The receiver first computes his own hash value based on the data portion of the received message. The receiver also decodes the encrypted hash value using the sender's public key. If the two hash values match, the receiver knows that the message must have come from the holder of the public key. The receiver knows that the message came from the holder of the public key because the encrypted hash value was decoded with the sender's public key. Only the sender's private key could have done this encryption in the first place. Accordingly, since the private portion of the key pair is assumed to be held secret by the keyholder, no one else could have performed the encryption. The receiver also knows that the data portion has not been changed since the sender signed it because the received encrypted hash value matches the value the receiver computed himself or herself. The encrypted hash value was computed at the time of the message signature. Any change in the data would have drastically changed the hash value. Accordingly, the encrypted value sent with the message would not match the value the receiver computes.
Although a digital signature assures the integrity of the data, it does not assure the identity of the sender. The receiver knows only that the data was signed by the holder of the private key, but they cannot be assured that any particular person is the holder of that key. Anyone could have generated a key pair, and attached the name of some other party to that key pair. This inability to reliably associate a real human being with a key pair is known as “the trust problem.”
To address the trust problem, digital signatures are often used in conjunction with public-key certificates, or simply certificates. A certificate includes an identification of a keyholder (such as a name, address, phone number, or e-mail address), a copy of the public portion of the keyholder's key pair, and a digital signature from a third party certificate authority. The certificate authority functions as a sort of digital notary, attesting by its signature in the certificate that the keyholder identified is the real holder of the key pair given. The certificate is in effect a digital identification card.
The use of a certificate in this manner reduces the trust necessary. The receiver need no longer trust the identity proclaimed by the sender's certificate. The receiver can rely on the certificate authority's signature incorporated into the sender's certificate, attesting to the sender's identity. This means that the receiver is trusting that the certificate authority's procedure for verifying identity works, and that the certificate authority has followed its procedure.
In addition to the privacy and trust issues discussed above, other issues do exist that pose potential pitfalls to the use of encryption. These other issues include computing time and ease of implementation and use. These issues are discussed below with respect to various encryption systems and methodologies.
Various encryption programs are known to exist. One such system is known as PGP (for “Pretty Good Privacy”) from Network Associates, Inc. PGP is primarily used to encrypt e-mail messages, but any other type of data may be encrypted. PGP can also apply digital signatures to data, and it can both sign and encrypt the same data. To sign or verify a message, PGP uses a single, large size key pair, such as one having a default value of 2,048 bits or longer. This makes it infeasible for an adversary to happen upon the right value of a PGP key pair by simply guessing. However, the large size of PGP keys means that PGP takes significant computer time to create or verify a digital signature.
Another encryption system involves SSL3 (for “Secure Sockets Layer 3”). SSL3 is a protocol often used in web browsers to provide confidentiality. SSL3 may also be used to provide authentication services. For instance, when a connection is established, either side in an SSL3 exchange can request that the other side identity itself by means of a public-key certificate. SSL3 does not explicitly cite the size of the key used, but in practice, all key pairs are relatively long. The shortest known implementation uses a minimum key length of 512 bits (160 decimal digits). The cryptographic community does not consider this size long enough to be secure against a determined adversary. Unfortunately, SSL3 requires a negotiation between the server and the client at the beginning of the communication. So, even if confidentially is not desired, the client must tell the server what cryptographic services it wants, which makes the protocol unsuitable for use in a real-time environment where there may be multiple recipients. Further, the protocol negotiation at the beginning prevents anyone from joining an already established communication.
Another encryption system is known as IPSEC, for Internet Protocol Security. IPSEC is a relatively new standard and will be included as part of the next version of TCP/IP called Ipv6. IPSEC provides confidentiality and keeps eavesdroppers from listening to messages. IPSEC operates at the IP layer (OSI layer 3), such that when data passes through several routers on its way to the destination, IPSEC decodes and re-encodes the data enroute. Clearly, this could be time-consuming and require a significant amount of computer time to accomplish successfully.
Hence, there exists a need to perform real-time authentication of data by applying a digital signature, without requiring a tremendous amount of time or computing power, while at the same time providing a high degree of security and ease of implementation.