Identity in Cyberspace

I am stolen goods. Perhaps you are too. If so, I suspect you’ve asked yourself the question, “When will it happen again and how can I protect myself?”

Coming home after a relaxing vacation to a phone call from my credit card company about unusual Internet purchases made me count my blessings last year. Well, at least the card didn’t go defunct while we were on the road and end our relaxation.

Seems someone had ordered $1000 of digital cameras as a rush order over the web. Not our usual buying habits. Little did I know at the time that millions of credit card numbers and security codes had been stolen, news that filled the headlines a few days later.

In the meantime, my husband and I began making calls to various VISA customer service numbers to try to find out how they had been able to use our cards with the security code since the cards were securely in our wallets. The truly disconcerting information was that the thief had also been able to set up internet accounts for our us and change our billing address in the process. I had mistakenly thought I was more secure if I didn’t set up financial accounts on the web.

We called many numbers to find out what the thief knew about us to set up that account and reroute our bills, but no one at VISA could or would tell us what we felt we needed to know to avoid this situation again. And VISA would not allow us to opt out of having our account information available on the web. So not knowing what the thief knew about us, we decided to put a fraud alert on our credit and pay to have someone monitor our credit each month to see if strange things were happening in other realms of our financial identity.

But when the headlines hit the fan about those millions of stolen cards because some company was purposely not handling my information in a responsible manner, I got mad. I still don’t know for sure that a waiter in Colorado didn’t sell me out, but I suspect it is more likely that our information was stolen with all the other millions of cardholders.

Not knowing, not having even that much control over our financial identity is to say the least, extremely frustrating. And even more so because my husband and I wrote a book on technology that could prevent someone from masquerading as me on the web. Knowing about the authentication potential available through cryptography makes it all the more irritating that credit card companies aren’t lined up at my door with offers to let me pay money to have more control over my identity.

Why don’t I have control over my digital identity if the technology exists to give me a card that uniquely identifies me? A man who’d gotten out of smart card sales after 10 years of waiting for them to take off told me a story of a large bank that tried out smart cards on their customers as a new form of debit card. They even gave the customers $20 on the card, he said, to get them to use it. He explained that most of them didn’t even use the money.

My hope is those customers just didn’t understand the potential for better control of their financial identity. With such a card in hand, it is much more difficult to steal numbers that allow someone else to impersonate me. I want to be able to choose to have my credit card contain a chip that prevents anyone who collects information about me from masquerading as me if they don’t have the plastic in my wallet and know my password or have my thumbprint or all three.

I want to use the authentication piece of cryptography now because it would serve me. It would give me back some control over my digital identity. I had to write a primer on computer cryptography to understand that there could be a better way, and I hope our primer available here on our site helps others as well to better understand the possibilities from this technology.

Unfortunately, many of us understand through personal experience that our computer, our identity and perhaps even our livelihood is vulnerable to attack, not to mention that our computer controlled national infrastructure is at risk. What most of us don’t quite ‘get’ yet is how cryptography can help uniquely identify each of us and why it isn’t yet a tool everyone consciously uses to protect themselves.

Taking control of my own digital identity is my goal. The more of us who do it and understand how it can be done, the more secure we all become. For more of us to understand how digital certificates work and how they are issued and revoked and what makes them secure is a beginning. Understanding what’s needed to protect our digital identity just might begin to turn the tide toward that more secure digital world I thought was about to be born when the dotcom boom went bust a few years ago. And before the credit card industry was lax enough in its operations to let all that card information get stolen.

How could digital certificates, smart cards, and biometrics thwart such identity theft? In order to understand the answer to that question, let’s look at the building blocks of public key infrastructure: secret key, public key and digital certificates.

Cryptography is by its very nature designed to be confusing, and computer cryptography does a good job of making such digital hiding places even more circuitous. So let’s start by looking at one of computer cryptography’s simpler essential components – secret keys -- before we explain why public key cryptography had to be invented to usher in the possiblity of secure communications in the digital age.

Cryptography is both the lock and combination or “key” that can help protect your data/identity. There are a variety of cryptographic methods and keys. The method and key together determine cryptographic security. If the cryptographic algorithm or method is secure and there are great quantities of potential secret keys, the method is said to be strong.

Strong methods are made more secure by being published since they can be scrutinized by cryptanalysts, good guy hackers who want to poke at the defenses to find and plug up the holes.

Openly publishing a cryptographic method is a good way to assure its security. Digital Encryption Standard (DES), the published secret key cryptographic standard from 1977 - 2000 withstood attack over the years. The DES algorithm was strong; cryptanalysts had no choice but to attack the keys. This means trying, on average, half of all possible keys — some number of trillion keys.

However, computer hardware advances compromised the strength and security of DES because it’s easier to search through all those keys now than in 1977. Rijndael (pronounced “rain doll”) was selected by the National Institute of Standards and Technology (NIST) to replace DES in 2000 and is known as the Advanced Encryption Standard (AES). Rijndael, an algorithm created by European cryptographers, was deemed the strongest candidate submitted for consideration. But just because a cryptographic method is considered strong doesn’t mean it gives us all the assurances we want.

We want our digital communications to provide us with all the security assurances we have historically enjoyed from our face-to-face communications. We want to know that only those we intend can receive our communications (confidentiality), that we know who we are talking to (authentication), that our message hasn’t been changed (integrity) and that we can be assured the person with whom we communicated can’t deny having received our message (non-repudiation). Secret keys provide us with most but not all of these assurances.

Secret communications with secret keys implies that only trusted parties should have copies of the secret key. That is, although secret keys can assure us of confidentiality, authentication of users and message integrity, in a global world we must be able to securely distribute keys at a distance in a timely manner.

If security is to be maintained, key distribution must be as solid as the cryptographic method and be able to assure that only trusted parties have copies of the keys. Obviously, key distribution is a very big problem.

Traditional methods of key distribution use trusted couriers to place the initial secret key. The more people using such a system, the more keys and the more difficult it is to securely deliver and manage keys.

Secret keys get very close to giving us all the digital security we want, but because you and I have a hard time sharing and maintaining such keys, secret keys are a necessary but not sufficient component to usher in a more secure digital age. Public key encryption makes (secret) key distribution and authentication much easier. The phrase Public Key Infrastructure (PKI) is really just another name for digital certificates and refers to public key management/distribution systems that many of us read about but have yet to get a chance to use.

Public Key Cryptography is a mathematically innovative approach to secret key distribution and authentication. Not only does it let us digitally distribute secret keys securely over an unsecured line, it also provides us with non-repudiation, an assurance which we can’t get from secret key alone. And it uniquely authenticates the holder of the private part of the public key pair.

That lock you see at the beginning of your credit card purchase over the web is a piece of a public key system. But we still don’t have all the pieces in place to allow ubiquitous authentication which could help prevent virus infection, illicit use of credit cards and terrorists attacks on critical computer infrastructure that so much of our day-to- day lives depend on.

Certainly the cost of implementing new systems into everyone’s life is a factor inhibiting the sea change happening, but such resistances have been overcome before. After all, it hasn’t been so long since people used gas to light their houses. And it hasn’t been so long since DSL was only available at the office.

But even more than cost, there are some unresolved issues that it would behoove all of us to think about before we become enamoured of the more secure public utility the world wide web would become with state-of-the-art computer cryptographic authentication used by everyone.

Public key cryptography does not do away with the age-old problem that anyone wanting to protect secrets has always had. Who do you trust? Whoever you trust has the keys to your kingdom. Do you want Verisign to be the trusted issuer and manager of your public/private key pair? Do you want the federal government to play that role? Or do you want to trust people you know personally to verify other people they know personally? Or some combination of all three?

This problem of trust is one that has not gone away for thousands of years and is not likely to go away soon. Any cryptographic system is only as secure as who you trust at the root of the system. So no matter how technologically advanced we get, it’s good not to get too comfortable with any system. It is good to keep an eye on the guys protecting your keys.

In the 1970s a graduate student, Ralph Merkle, came up with an innovative way to distribute secret keys securely over an insecure line. Though Merkle’s professor was not impressed, others were. He joined with Martin Hellman and Whitfield Diffie to eventually turn this idea into Diffie-Hellman (DH) key exchange system which anyone with a credit card using SSL has benefited from.

Although it’s now accepted that British cryptographers developed public key cryptography before them, Diffie, Hellman and Merkle were the first to patent a public key system. The Diffie-Hellman public key system, implements the strategy of making a problem with at least two solution paths, an easy one and a very difficult one. Give your friends the easy, less time-consuming path and force your adversaries to solve the difficult more time-consuming version of the same problem. All public key cryptography uses this principle.

Diffie-Hellman key agreement method didn’t give us all the versatility and assurances we needed to fuel the digital age. Key exchange and authentication were still problems. With Diffie-Hellman you can’t be assured with whom you are sharing the shared secret key over that unsecured line. But in some situations that’s okay. In the case of SSL, we feel pretty comfortable that if we log onto Amazon.com, our credit card information is not going to an outfit in Russia unless Amazon authorized and outsourced their business to be handled that way.

Diffie-Hellman is used to derive secret keys in a real time situation where both parties are on the unsecured line together. That doesn’t work for us in all situations. Another public key system was needed to be more like UPS delivering secret keys whether or not we are there to receive them at that moment.

The idea of asymmetric ciphers, public key cryptography, solves key exchange and authentication problems. In asymmetric ciphers one key is used to encrypt and another is used to decrypt, each key providing different assurances, as opposed to symmetric secret keys where both keys are the same and offer the same assurances. MIT mathematicians Ronald Rivest, Adi Shamir and Leonard Adleman built on Diffie, Hellman and Merkle’s public key foundation to create an asymmetric cipher known as RSA.

RSA like AES is a published encryption method and considered very strong. At this stage in our history, if your RSA private key is safe, your secrets and your digital identity are also safe.

For confidential communications, the public key part of the public/private key pair is used to encrypt a message that can only be decrypted by the matching private key. Knowledge of the public key doesn’t help the nefarious BlackHat quickly decipher a public key encrypted message or figure out the private key. Since the public key doesn’t need to be concealed and is widely distributed, key distribution is much easier than in secret key cryptography.

Let’s see how this might help me protect my online identity. When I send someone information “signed” with the private key portion of my public/private key pair, anyone can easily use my public key to verify that it is the authentic Doris on the other end of this unsecured line. In the case of my stolen credit card information, if I have a private key on my credit card, I could use that key to verify any transaction I initiate with my credit card number. As long as I hold my credit card in my wallet, it is much more difficult for someone stealing my credit card information to masquerade as me. The theif can still steal my physical card but 40 million cards are not going to be easily compromised with such as system.

Private key encryption is called digitally signing. Digital signatures need a public key cryptographic system; each person has a (private) key, which is not shared. Authentication, integrity and non-repudiation are assurances we get from the private key.

In general, after I get a RSA public/private key pair, I only use my private key. Anyone can have and know and use my public key to send me confidential messages and to verify that I am who I say I am over an unsecured line. If someone other than myself ever learns or steals my private key, my entire public key cryptographic system is insecure. All future messages lack any assurances that they are from the authentic Doris.

Since public key encryption and decryption is very slow, cryptographer’s invented a condensed representation of a message, called a message digest or cryptographic hash. Message digests are used as a short proxy for a usually much larger message and are designed to detect intentional modification to a message.

If in buying something over the web, the vendor wants me to sign a contract, I would sign a hash of the contract and so attach my identity to it just as though I signed the original unhashed contract. Signing/verifying message digests is more efficient than signing/verifying the underlying message, expediting online transactions. Signed hashes are also used when distributing public keys on digital certificates because they save time in verifying that the certificate is authentic.

Even though public and secret key cryptography solve a variety of problems with ushering in a more secure digital world, we still have the age old problem of “who to trust.” How to distribute public keys is just not as mathematically comforting as strong cryptographic algorithms because of this issue.

Public key cryptography changed 3,000 years of key exchange. For thousands of years, two people had to somehow exchange a secret key without anyone else seeing it. Furthermore, the shared secret key had to remain secret forever. Public key cryptography changed all that, allowing two people to exchange public keys openly, allowing the verification of authenticity on an unsecure line.

Even though I openly distribute my public key to Visa and everyone else, I need assurances that nefarious BlackHat can’t substitute his public key for my public key. Since delivery of authentic public keys is still a problem, understanding the process of creation and maintenance of digital certificates can help me decide how I want to proceed and who I am willing to trust.

Even though attacks are possible[1], digital certificates are the preferred way to securely deliver public keys. A digital certificate is a specialized document signed by a trusted third party not much different than a driver’s license. Just as in the case of a driver’s license, if you can trust the issuer and its issuing procedures, you can trust the certificate.

The top part of a digital certificate identifies the issuer (signer), subject (whose public key is attached), the subject’s public key and the expiration date of the certificate. The bottom part of a digital certificate contains the issuer’s signed hash of the top part. As mentioned in the discussion on public key cryptography, the hash saves time when digitally authenticating since it is compressed redundant copy of the original digital certificate.

Two popular standards for digital certificates -- X.509 and Pretty Good Privacy (PGP) -- provide different ways for a network of digital certificates to be managed. These digital certificate frameworks are commonly called public key infrastructures or PKI. X.509 employs a centralized control in its trust model, while PGP distributes the trust.

The Root Certificate Authority (CA) is the single focal point of X.509 certificate policies. Digital certificate users trust the accuracy of the public keys the CA issues.

Like a DMV, the CA controls certificate registration, issuance, expiration and revocation. This is in contrast to PGP’s trust model, where the individual user acts unilaterally.

The CA can out-source most of these functions to subcontractors. For instance, PKI defines terms and definitions for Registration Authorities (RA) who act on behalf of the CA. The CA can outsource the distribution of the certificate revocation list (CRL) which I very much hope would come into the picture if I report a theft of my credit card containing my private key.

A CA Root Certificate is self-signed by the CA and is usually accepted as valid with additional verification. CA Root Certificates are often distributed through another trusted source such as an Internet Browser.

Philip Zimmerman developed Pretty Good Privacy (PGP), an encryption system designed to be managed more individually by the digital certificate subject and based on RSA public key cryptography. It’s available for free from several Internet servers; probably the most well known source is MIT.

PGP’s digital certificates are similar to X.509 self-signed (root) certificates, except there can be more than one signature on PGP certificates. In contrast to X.509’s centralized control (certificate authority) trust model, PGP uses a distributed trust (web-of-trust) model. Even though there is not a centralized digital certificate issuer in this model, PGP cryptographic methods and keys are as strong as those used with X.509.

The history of cryptography teaches that so far no system has been immune from attack. Attacks against cryptographic systems are as creative as cryptographic systems themselves. Public and private keys must be used carefully. And no matter how strong any cryptographic system is, an identity thief could steal who you are (biometric scans), what you know (password) or what you have (smart card). One of the best ways to be vigilant about your keys is to store them someplace more secure than a desktop computer.

Smart cards, similar to a credit card, let you do that. They come in two different varieties—memory and microprocessor cards. Microprocessor cards, more sophisticated than memory cards, can hold multiple applications, passwords and even a co-processor that encrypts data stored in the card’s chip.

Manufacturers of smart cards design them in ways to protect against tampering. Though smart cards offer good security, they can still be attacked and are subject to technological advances weakening once strong keys. And if only I had one of those in my wallet, stolen credit card numbers would be less likely to make me stolen goods.

Doris Baker and H.X. Mel are co-authors of Cryptography Decrypted, published by Addison Wesley. Much of the book is available on line at hxmel.com..

[1] Attacks to digital certificates are discussed in Cryptography Decrypted, Chapter 16: Digital Certificates and Chapter 22: Cryptographic Gotchas.