CPK通向赛博安全之路:理论与实践CPK Solution to Cyber Security:Theory and Practice
上QQ阅读APP看本书,新人免费读10天
设备和账号都新为新人
上一章目录下一章

序言

Providing trust in the face of anonymity is an impossibility. Since interactions on the Internet can easily be anonymous, it is imperative to find a digital authentication which is reliable and simple to deploy. A method that will bring authenticity evidence to the Internet and the general population is critical. The CPK crypto allows society to enjoy the benefits of E-Commerce and individual privacy which is balanced with the social needs.

Anonymity, the ability to perform an act without identifying oneself, is not a new concept, but has been dramatically enhanced because of the Internet. Traditionally, the presence of an offender and a victim in the same location leaves behind physical evidence, and this evidence improves the ability of the police to identify and apprehens an offender. By comparison, the Internet has been shown to be a heaven for offenders. Offenders can perform criminal acts at great distances that can transcend national boundaries in nearly perfect anonymity, making law enforcement more difficult.

Authentication is the natural defense of anonymity, and it forms the foundation for authenticity evidence by proving identity. Authentication can be used for authorization, privacy, and deterrence.

Authentication for authorization is necessary to access money in the bank or to know that the person who signed the document has the authority to commit for the organization.

Authentication for privacy is necessary to know that a conversation is private between two people. An email to your spouse should not be readable by someone who has attacked the Internet. This form of “direct encryption” has higher levels of trust if there is direct authentication by both parties.

Authentication for deterrence is necessary to be able to know who you interact with. Seeing the license of a car provides some assurance about who you are dealing with if something bad happens, and there is a better chance of the police being able to track down the offender.

Cryptographic Authentication attempts to provide this proof of identity from a distance using purely digital means. This is a difficult problem that transcends the mathematics of cryptography and moves into the philosophical issues of trust and the organizational basis of society.

In Whitfield Diffie's and Martin Hellman's 1976 paper NEW DIRECTIONS IN CRYPTOGRAPHY, the authors introducing the concept of public key cryptography and digital signatures wrote.

• Authentication is the heart of any system involving contracts and billing. Without it, business cannot function. Current electronic authenticating systems cannot meet the need for a purely digital, unforgeable, message dependent signature. They provide protection against third party forgeries, but do not protect against disputes between transmitter and receiver.

Since that time, there have been many digital signature schemes proposed and some standardized. In general these are now described as traditional signature schemes that have been implemented as a directed graph of public keys which are signed by a more general key until mutual trust exists.

Traditional digital authentication is tied to the individual. It requires a public key distribution scheme and lacks lawful intercept abilities.

If Alice needs to send an email to Bob, she must first get Bob's public key from a repository, check the revoked key list, and authenticate this key to some root key that she trusts before she can send a message to Bob. This is a significant effort.

If Alice and Bob are conspirators in a crime, their communications cannot be investigated by law enforcement.

Identity based encryption provides simpler solutions to these problems. From Adi Shamir's 1984 paper IDENTITY BASED CRYPTOS AND SIGNATURE SCHEMES, he states:

• In this paper we introduce a novel type of cryptographic scheme, which enables any pair of users to communicate securely and to verify each other's signatures without exchanging private or public keys, without keeping key directories, and without using the services of a third party.

Professor Shamir further states:

• The scheme remains practical even on a nationwide scale with hundreds of key generation centers and millions of users, and it can be the basis for a new type of personal identification card which everyone can electronically sign checks, credit card slips, legal documents, and electronic mail.

One of the values of identity based encryption is the key generating centers can be operated by organizations who can naturally vouch for an individual's identity. For example, a university can vouch for a professor or a student, or a corporation can vouch for an employee.

Identity based encryption also provides a deterrence against the abuse of trust. In practice, a key generated by a corporation has the valuable side effect of allowing policing by that corporation of an individual's use of that key.

The CPK algorithm represents a great step forward in identity based encryption. It creates a simple to understand, easy to implement, and easy to deploy system that provides all the benefits that these visionaries imagined for public key and identity based cryptosystems.

This book delivers a complete analysis of what Identity, Authentication and Evidence mean in a digital age. It shows how CPK can meet the challenges of the Internet to make it a safer place.

This book may not result in world peace, but it can provide a roadmap to calm the chaos which exists on the Internet today.

James P. Hughes

Palo Alto, CA, USA (Revised in Sep. 2017)

上一章目录下一章