Dienstag, 14. Februar 2012

(SOA-)Security-Basics - part 3

"digital signature, certificates and digital identities"
This is the third part.

Private keys, public keys and the man in the middle

Introducing Alice, Bob and...

Alice sends a message to Bob and adds the hash value to this message. To ensure integrity Bob creates a hash value from the message and compares his hash value with the one that's included in the message. If the two values are identical, Bob knows that the message was not changed on its way!

BUT can Bob really be sure about that?

The man in the middle

Mallory, who is a crypto-villain, puts himself between Alice and Bob and captures the message! He then creates his own new message, hashes it and sends it to Bob. Bob again creates his own hash value and compares it. The result will be fine. Bob will not realize, that this is not Alices message! Hashing is good for integrity, but does not protect against an "man in the middle"-attack.

So what to do?

Very private but even so public

To solve this problem asymmetric cryptography is used. To encrypt something you need a key. In this case even two! A private key and a public key. Those two keys correspond mathematically in the following way:

- What is encrypted with the public key, can only be decrypted with the private key (but this is not interessting  for signatures)
- Important: What is encrypted with the private key, can only be decrypted with the public key

As the name indicates, the private key belongs to one person or institution. It is kept secret and nobody knows it, but the owner. The public key is sent to all communication partners.

Alice and Bob again...

Alice again sends a message to Bob. But this time they use asymmetric cryptography and hashing:



This time mallory cannot manipulate the message because if he would, the comparison would lead to another hash value. To sign the message again, he would need the private key of Alice. The second message from Alice to Bob is protected by a digital signature.

1. The integrity is guaranteed (hashing)
2. The author of the message is ensured (public / private encoding

Part 4 will follow...
Eingestellt von um

Keine Kommentare:

Kommentar veröffentlichen

Abonnieren Kommentare zum Post (Atom)