Encrypted Data In The Cloud – The Future (3/4)
The Third Wave - Public Key Cryptography
The idea of public key cryptography was first presented by Martin Hellman, Ralph Merkle, and Whitfield Diffie at Stanford University in 1976. They proposed a method in which the encryption and decryption keys were different, and in which the decryption key could not be determined using the encryption key. Using such a system, the encryption key could be given out publicly, as only the intended recipient would have the decryption key to make sense of it. A common use of this system is for a person to give out a public key to anyone who wishes to send them private information, keeping their private key to themselves. Of course, the encryption algorithm will also need to be public. There are 3 important requirements for a public key encryption method:
When the decryption process is applied to the encrypted message, the result must be the same as the original message before it was encrypted.
It must be exceedingly difficult (ideally impossible) to deduce the decryption (private) key from the encryption (public) key.
The encryption must not be able to be broken by a plaintext attack. Since the encryption and decryption algorithms and the encryption key will be public, people attempting to break the encryption will be able to experiment with the algorithms to attempt to find any flaws in the system.
One popular method for public key encryption was discovered by a group at MIT in 1978, and was named after the initials of the three members of the group: Ron Rivest, Adi Shamir, and Leonard Adleman. Shortly before the details of RSA encryption were to be published, the US government reportedly “asked” the inventors to cancel the publication. However, copies of the article had already reached the public - A.K. Dewdney of Scientific American had a photocopy of the document explaining the algorithm, and more photocopies of this quickly spread. The RSA algorithm was patented by MIT, and then this patent was handed over to a company in California called Public Key Partners (PKP). PKP holds the exclusive commercial license to sell and sub-license the RSA public key cryptosystem. They also hold other patents which cover other public key cryptography algorithms. This gives them absolute control over who may legally use public key cryptography in the US and Canada (Menage, 1994). Since the RSA patent was not applied for until after publication of the algorithm, the patents are only valid inside the US and Canada.
There is a recognised method of breaking RSA encryption based on factoring numbers involved, although this can be safely ignored due to the huge amount of time required to factor large numbers. Unfortunately, RSA is too slow for encrypting large amounts of data, so it is often used for encrypting the key used in a private key method, such as IDEA. This key can then be transferred in public securely, resolving the key security problem for IDEA.
Public key cryptography is a cornerstone of security on the web. In many cases it allows us to transfer the second wave of cryptography, 'symmetric keys', across an untrusted medium. However, it is not sufficient for security, especially when it comes to data residing on third party servers in the cloud.
Up next: The Fourth Wave - Searchable Encryption