Overview of authentication methods
Authentication is needed to provide some assurance about the source of a message: did it originate from the location it appears to have originated from? One of the simplest authentication methods is the use of a shared secret such as a password. Assume that Alice and Bob share a password. Alice may challenge Bob to provide the shared password and if he does so correctly and Alice is confident that the password has not been compromised in any way, then she may be reassured that she is indeed communicating with Bob.
Using the following steps, public key encryption can be used to provide an alternative challenge–response protocol between communicating entities who do not share a secret key:
Alice challenges Bob by sending him some random number.
Bob encrypts the random number using his own private key and sends the result to Alice.
Alice decrypts the message using Bob's public key. If the result matches her original random value and if she has confidence that the public key does indeed belong to Bob, then she may be assured that it is Bob who has sent the message to her.
In effect, when a message is encrypted with a private key, the key acts like the signature of the owner. As long as the key has not been compromised in any way it will act as an assurance of the authenticity of the message. However, Bob would be ill-advised to sign a document unless he was very sure about its contents. What if the value sent by Alice was not, after all, some random number but instead was an encrypted message giving instructions to Bob's bank to transfer funds into Alice's account? A better way for Bob to provide authentication when sending messages to Alice would be for him to create a digest of his message encrypted with his private key and to append this to the message he sends to Alice. On receipt Alice could create a new digest using an identical algorithm and compare this with the decrypted digest sent by Bob. If the two match and she is confident that Bob's private key has not been compromised in any way she may feel reasonably confident that the message did originate with Bob. Such an encrypted message digest is known as a digital signature.
Certification authorities and digital certificates
There are snags to this procedure, however: for example, Charlie could generate a key pair for himself and publish the public key using Bob's name. Some additional assurance is required that irrevocably binds together the true identity of a person with a public key. This assurance can be provided by a trusted third party, known as a certification authority, which is able to vouch for Bob. Certification authorities can be independent organisations, system administrators, or companies (such as Verisign) that specialise in validating the identity of an entity and issue a digital certificate that binds the identity with a public key. The certification authority knows only the public key of the entity and not the private key, which should of course be kept secret at all times. The entity may not be a person – it could also, for example, be a computer, a website, or a network resource such as a router. Once the digital certificate has been issued, the entity can append it to messages it sends in order to provide assurance about its identity.
Can you think of a problem that might arise with this arrangement?
So a digital certificate itself needs some form of authentication to provide assurance that it is valid.
How could a certification authority provide assurance about the validity of a digital certificate?
Typically, a digital certificate includes the information illustrated in Figure 12. It may also include the level of trust that the certification authority is prepared to recommend. The emerging standard for digital certificates is ITU-T X.509.
A user will need to obtain the certification authority's public key in order to validate its signature. In turn, the binding of the certification authority's identity to a public key will itself need to be the subject of validity assurances, and thus the system of authentication depends on an extended structure and often relies on a chain of certificates.
Certification authorities form part of what is known as a public key infrastructure – a combination of services and encryption techniques that together are used to protect the security of data over networks. At the time of writing, the definition of a public key infrastructure is rather loose, but it is generally accepted that it will include:
a registration authority, which checks and verifies the credentials of a user before a digital certificate can be issued
a certification authority that issues and verifies digital certificates
directory services for the publishing of public keys and certificates
certificate management and key management services.