Article - Issue 12, May 2002
Cryptography in the distributed network environment
Arthur Mason OBE
To provide security for people using the Internet for the transmission of confidential information, some form of cryptography is needed. Arthur Mason outlines the basic principles and describes how the development of a public key infrastructure is providing a basis for confidential data exchange across the Internet and other types of distributed network.
The Internet has revolutionised the way we all communicate and has become essential to the modern global market place. The Internet works well for relatively small amounts of non-realtime traffic that can be allowed to take several minutes to cross the network. It can be used for distributed point-to-multi-point communication, such as web-sites, as well as point-to-point communication, such as email.
The Internet is really the modern equivalent of the fax machine; however, it is more convenient to use, works in colour, can provide more information on an interactive basis and is generally cheaper to use. Like fax, the Internet fills the communication time window, which lies somewhere between the instantaneous real-time channel of the telephone (microwave link) and the relatively slow postal system used for carrying letters, documents and parcels.
The Internet has grown up on an ad hoc basis through the repeated connection of more and more computers together all over the world. Hence the performance of the Internet as a communications channel cannot be guaranteed, nor is it very secure. The present Internet varies in its bandwidth, both in location and time of the day. Although all the data packets will eventually get there, they do this by repeated requests from the receiving device. Hence, the Internet is not well suited to high bandwidth real-time services, such as video or audio, as the data packets can be held up in servers, received in the wrong order or even completely ditched.
There is interest in using parts of the Internet for much higher bandwidth communications and improving its performance to make it suitable for reliable real-time signal handling. This area is generally called ‘broadband’ and a variety of possible improvements is under development.
This article deals with the inclusion of cryptography on either the Internet or some future ‘broadband’ version of it. The purpose of the crypto-system is to provide security to these networks and also as a means of releasing to customers access to the goods for which they have paid. In terms of the cryptographic architecture, it does not really matter whether we are talking about the existing Internet or some ‘broadband’ version of it. However, the reliability of recovering the ciphered services will generally depend upon the ability of the network to deliver all the packets in the correct order before the deciphering process takes place.
The distributed servers in a ‘broadband’ Internet can be considered like websites, where video information is either requested by establishing a pointto- point link or played out to a number of other servers on a point-to-multipoint basis. The servers can be either owned by businesses or by consumers. So the resulting network will resemble the e-commerce situation where consumers and businesses buy and sell goods electronically over a network. Both business-to-business transactions can take place between servers within the network, analogous to the wholesale business between manufactures and shops, as well as business to consumer transactions, analogous to the retail business between shops and the general public. Hence any cryptosystem that has been properly designed for e-commerce will work well within the ‘distributed broadband video Internet’ world. The main difference, as stated above, is the real-time nature of the signals and the increased bandwidth.
Some basic concepts in cryptography
Over the last 20 years, there have been many advances in cryptography, which aid the introduction of e-commerce. The major milestone has been the development of public key cryptography, which makes not only secrecy, but also authentication, a reality. The process of authentication enables signed digital certificates to be issued that authenticate both the participants in an electronic transaction as well as the keys that they are using. Moreover, in secrecy mode, public key cryptography also revolutionises the key management problem, in that it allows keys required for enciphering to be looked up in public directories. This is accomplished by having a different key for encryption to the key used for decryption. The decryption key is known only to the recipient and is kept secret by him. The public–secret key pair is generated entirely by the recipient so that his secret key never leaves him. The recipient publishes his public encryption key in a directory and anyone wishing to send him enciphered information can use the publicly available key for encryption. When the recipient receives this enciphered information, he decrypts it with his secret key, which only he knows.
Public key cryptography makes key management much more secure, as the decryption key never leaves the recipient. In classical key cryptography, the same key is used for encryption and decryption, so a key has to pass from the receiver to the sender along a very secure channel so that it is not discovered by an unwanted third party. Public key cryptography allows keys to be exchanged securely over insecure networks, such as the Internet.
Authentication also uses public key cryptography, but the keys are used the other way round. Here the sender uses the secret key to sign his document and any recipient can use the public key to read this document to see that it has been properly signed.
Often, public key cryptography is used to solve the problem of exchanging classical cryptographic keys. Classical encryption algorithms often run faster than their public key counterparts, so that it is usually more convenient to encipher the bulk message information using classical key cryptography and use public key cryptography to exchange the classical keys over an insecure channel. Hence the public key algorithm is used for ‘key’ encrypting purposes, which requires only a small amount of information to be sent, while the classical key enciphering algorithm is used for ‘message’ encryption.
Certification authorities (CA) solve the problem of authenticating public keys that are offered up by would-be recipients. Suppose a buyer wants to buy some information from a seller. Using public key cryptography, a buyer can tell the seller his public key (in the same way as he would tell the seller his address) so that the seller can send the requested information after encrypting it with the buyer’s public key. This works well when the buyer and seller know each other, for instance if they are both members of a small private club. However, when the buyer and seller have never met before, as in an ecommerce situation, the seller does not know whether the public key that he is actually being offered really belongs to the buyer. Hence, he might unwittingly sell a major movie to a private individual for a few pounds, only to find that the actual recipient was an unscrupulous underground video network!
Certification authorities are set up to deal with the problem of authenticating the public keys that are exchanged. With a private club, the certification authority stores all the public keys of everyone in the e-commerce market, together with their personal details. The certification authority signs all the users’ public keys by encrypting them with its own secret key. Since the certification authority’s document can be read by only using its own published public key, everyone in the e-commerce market can authenticate all the public keys (and their owners) within the e-market.
If it is necessary to link multiple certification authorities together into a larger system, trust can be communicated between the individual certification authorities by using certificates issued from a major national organisation such as Entrust (http://www.entrust.com). This CA linking application is just one of the modes in which Entrust certificates can be used in a large system; the actual mode used will depend upon the system under consideration and the trust relationships that exist in the particular application being considered.
Trusted third parties
The certification authority is one example of a trusted third party used to authenticate the public keys that have to be exchanged in the e-market. However, there are many other aspects of trust that have to be built up between buyer and seller before accepting to exchange goods and money. The seller may want to know the creditworthiness of the buyer. The buyer may also want to know whether the seller has the goods that he says he has. The buyer may also want to know the past delivery record of the seller. Sellers can use credit card companies and other banking organisations to verify creditworthiness and to guarantee payments. Buyers can use companies like Dun & Bradstreet (http://www.dnb.com) to obtain information about the suitability of sellers. Such information would not only include the track record of the selling company but could also include the DTI records on the directors.
The law of cybertrading is taking some time to develop. This is not just because the legal profession is very slow to keep up with new technology, but also because of the complex issues raised by the nature of cybertrade. The Internet operates in ‘cyberspace’ and it is not always clear who owns the parts that make up cyberspace and which country’s laws they are governed by. For instance, which governments’ taxes should apply to cybercontent? How are contracts made and in which country’s laws are they made? The legal profession has never really solved the problem of international law in the existing world, let alone cyberworld!
There has been some progress in looking at these issues and the UK government is considering new legislation allowing the recognition of contracts that have been signed using digital signatures. There is also an EEC Directive on the same subject.
There has been considerable progress in dealing with cybertrade in closed user groups, such as banks and insurance companies. Here, electronic data exchange (EDI) has existed for some years and it is usually regulated by an underlying interchange agreement (IA) made between the parties concerned. The IA is a document that sets out the contractual and commercial obligations within the closed user group, using EDI technology. The IA is not a watertight solution to all the legal problems that could arise, for instance, in the case of fraud; however, it works quite well in a closed user group where all the parties basically trust each other.
Public key infrastructure: available products
There are about six companies in the broadcast television industry offering encryption products for sale; however, these are not suited to a public key infrastructure environment, such as the broadband Internet. Some of these are starting to consider this area and may well bring out suitable products in the future. However, security companies that have traditionally supplied equipment for the retail-banking world using the existing telecommunication network already have solutions and products available.
One such company, Thales e-Security, sells a range of security products that will encrypt and decrypt IP data streams. It also designs systems that use smart cards to provide security, enabling buyers to offer public keys up to sellers. The company manufactures a certification authority security module that can be used for signing public keys in a small network; it can also be used with the Entrust organisation. Many of these modules incorporate tamper-resistant technology, which will cause the keys that they store to be destroyed if the module is moved or opened in any way.
The current IP data-enciphering modules will encrypt and decrypt 10 base-T ethernet streams. The continuous data throughput of the 10 base-T module is 4.2 Mbits/s data capacity. Around the third quarter of 2002, 100 base-T IP data-enciphering modules should become available, that will have a continuous data capacity of some 90 Mbits/s.
The cryptographic technology needed for the transmission of video material over a distributed broadband Internet-type environment already exists and is available from UK security companies. Such companies also offer a system design service to cater for particular needs up to 90 Mbits/s data capacity.
The largest problem likely to be encountered in the design of such a large e-market network is the storage and management of all the signed and certified public keys.
The main limitation at present is the poor performance of the existing Internet. Broadband systems are being developed to ease this problem, but it is probable that there will always be a shortage of suitable ‘broadband’ paths through any complex distributed network.
It is possible to buy equipment to encapsulate IP packets in packet streams of other systems, such as XDSL and ATM. This would enable the encrypted IP packets to be sent over more reliable existing networks and give a stepping stone to the fully distributed broadband Internet-type world of the future.
Broadband networks are likely to start on a small scale by closed user groups. Here, the legal issues will be straightforward and could be governed by a simple interchange agreement. However, the wider issues involved in a full e-commerce environment should be kept in mind as the network expands.
Arthur Mason OBE
Thales Research, Reading
Arthur Mason graduated from City University, London, in electronic engineering and has spent 28 years in broadcasting research and development. He started his career with the Independent Broadcasting Authority. He was a consultant to the Norwegian Telecom administration where he developed the basic principles of PAY-TV encryption. From 1990 Arthur worked within the private successor companies of the IBA laboratories. He is the acknowledged pioneer of digital terrestrial television, for which he received the OBE in 1997 for services to broadcasting. He is Visiting Professor at the University of Bath and was formerly the Chairman of the Virtual Centre of Excellence in Broadcasting and Multimedia Technology Ltd. Arthur wrote the first draft of this article when he was at Tandberg Television and their permission to publish is acknowledged. He is now with Thales Research in Reading.