How are our communications securely sent over the internet? A deep dive into public-key cryptography.
Remember when you could turn to tell your friend a secret in class, or pass your bestie a note? Nowadays many of us are becoming more and more dependent on technology to communicate. But are these communications over the internet as private as the face-to-face communication methods we used in the past?
With friends and family living farther apart and increasingly reliant on technology to connect, we sure hope so. Below we’ll take a look at what it means for our communications to be secure and how technology achieves a level of security comparable to in-person interactions.
What are the things we care about when we communicate?
Let’s break down what we expect when communicating. If you are telling your bestie a secret, you want it to be seen or heard by them and them alone. It is a private message, after all. This feature is more formally defined as confidentiality. A communication protocol that supports confidentiality is one that ensures only the intended recipient reads the message.
Additionally, you want your bestie to receive the precise message you constructed, without any modifications. Exactly what you write is what you expect they get. We define this feature as integrity. The integrity of a message is maintained if the contents of the message are not altered.
Finally, you want your bestie to trust that when the message says it is from you, it really was sent by you. You don’t want anyone to be able to pretend to be you. Authentication confirms a sender is in fact who they say they are.
How do our communication priorities apply to current day technology?
Above we looked at our priorities when sharing a message with a friend. These same priorities can be applied to all of our technological communications. Whether the communication is an online merchant receiving credit card information, or patient health histories being processed via an API and stored in a database, we need all of the above aspects in our communications. Much of current day technology relies on being able to share private information between technical systems in a way that maintains confidentiality, integrity, and authentication.
We cannot have quality technological communications without all three of these features. Without confidentiality, our internet communications would be public for everyone to see. Without integrity, our messages could be altered and therefore our intended meaning changed. And without authentication anyone could pretend to be whomever they choose. To provide accurate and private internet communication, all three features are necessary.
There are various protocols used by technology to achieve confidentiality, integrity and authentication in communications. One prominent protocol that supports these features is public-key cryptography.
What is public-key cryptography?
Public-key cryptography, also known as asymmetric encryption, involves using public and private keys to provide message confidentiality, integrity and authentication. We use public-key cryptography in many of our online communications, including the technology behind HTTPS.
Despite our reliance on public-key cryptography, it may not be as secure as we think. Public-key cryptography relies on the discrete log problem, and therefore its security is dependent on whether P=NP. We do not yet know whether or not P=NP.
In later blogs we will look at alternatives to public-key cryptography and the future of secure internet communications. Here we will dive into asymmetric encryption and how it achieves the confidentiality, integrity and authentication we rely on.
What is encryption?
Encryption involves using a key to convert a message to a less readable form. The message can be read easily by the intended recipient if they have a key to decrypt the message. However, anyone who may intercept the encrypted message will have difficulty deciphering the message without knowing the key to decrypt it.
Let’s take a look at some examples. We can first look at encryption in a face-to-face interaction use case before looking at it from a technical perspective.
For simplicity we’ll take a look at how kids might pass secret notes to one another in elementary school. When passing a note to your friend in class, you may worry the teacher could intercept the note. Even worse, they may read the note to the class if they get it. To ensure the confidentiality of the note is maintained, you might use some sort of encryption.
Say you want to send your friend the message “hello”. To do so you decide to shift each letter in the message by one alphabetical letter, so that “hello” would become “ifmmp”. In this case, the encryption key is one letter shift.
If your friend knows to shift the message by one letter, they will have an easy time decoding the message. However if the teacher intercepts the message, they will not know how it was encoded. They cannot easily read the message and will likely throw out the note, disinterested in attempting to make sense of the gibberish.
Let’s take a look at encryption in a more technical context. Say you are developing a website which will take in personal customer information, such as a social security number. Your website frontend needs to send the social security number along with other personal data to your backend service. Having a separate backend service is common practice in software engineering, as it allows for greater organization of systems and can support more complex backend software.
To send the social security number and other personal customer information to the backend service, an API endpoint can be used. When sending this confidential information over a network, you will not want any hackers to view the customer social security numbers. Cases like these are where encryption is crucial.
The frontend service can encrypt the social security number and other private customer information with an encryption key. In this example, the same organization maintains the frontend as well as the backend services to support this website. Since the frontend and backend services have a trust relationship already established by the same team maintaining them, the same encryption key can be used to encrypt and decrypt the message. The act of using the same key for encryption and decryption is known as asymmetric encryption.
In this example the secret key can be securely established between the frontend and backend independently from this communication. However in cases where two technological services are communicating for the first time, they need to securely establish a shared key. To do so, asymmetric encryption is used.
We can use encryption to protect and securely send data from a frontend to a backend. This opens up greater technical possibilities and organized software engineering practices.
What does it mean for encryption to be asymmetric vs symmetric?
Symmetric encryption is when the same key used to encrypt the message is used to decrypt the message. In the above examples, symmetric encryption is used. In the “hello” note example, symmetric encryption is used and the key is shifting the message by one letter. But how would you and your friend establish that your encryption scheme is shifting a letter by one? This is where asymmetric encryption comes into play.
Asymmetric encryption, or public-key cryptography is when one key is used for encryption while a different key is used for decryption. Asymmetric encryption requires more computational power compared to asymmetric encryption. Therefore to support fast, secure, and accurate communication in practice, asymmetric encryption is often used to securely establish a shared secret key between two parties. Then once the shared key is established, it can be used by both parties in symmetric encryption.
The primary use of asymmetric encryption is in HTTPS per sessions. This involves establishing a shared key that can be used between two parties in a secure way. We need asymmetric encryption when these two parties have not had previous secure communications and therefore need to determine a shared secret key. As a reminder asymmetric encryption is synonymous with public-key cryptography.
How does public-key cryptography work?
Asymmetric encryption starts with public and private keys. Each computer has a public key as well as a private key, which it uses to communicate. As the names imply, public keys are known while private keys are only known by the computer it belongs to. The private key is tied to the computer identity, much like how social security numbers are linked to the identity of a person.
Asymmetric encryption uses public keys to encrypt messages, and private keys to decrypt messages. Public and private keys share a special property, being modular inverses, which ensures a message encoded with a public key can be decrypted with the corresponding private key, and vice-versa. For the sake of simplicity we will not dive into the details behind modular inverses in this blog post.
How is public-key cryptography used in practice?
Public-key cryptography is primarily used to establish a secret key between two parties in a secure way, often at the start of HTTPS connections. Say Alice and Bob want to share messages over their computers with confidentiality, integrity, and authentication. Public-key cryptography can be used to do so.
Alice has a public key, A and private key, a. Similarly Bob has a public key, B and private key b. To perform asymmetric encryption, first Alice broadcasts A, her public key to Bob, and anyone else listening on the network. Bob will also broadcast B, his public key.
Next Alice will take the message she wishes to sent to Bob, m, and encrypt m using Bob’s public key. Alice sends this encrypted version of the message m’ to Bob.
Bob receives this encrypted version of the message, and is able to decrypt it using his private key. This allows Bob to view the contents of the original message. Because only he has access to his private key, b, he is the only one able to decrypt the message encrypted with his public key.
Asymmetric encryption uses private and public keys in communication between two computers. We’ve dived into the math behind asymmetric encryption, but how does this cryptographic protocol provide the necessary communication features we described above? We’ll discuss in the next few sections how asymmetric encryption can be used to ensure confidentiality, integrity and authentication in communications.
How do public and private keys ensure confidentiality in public-key cryptography?
As a reminder, confidentiality means the message is kept confidential and is only decipherable to the intended receiver. In the example of Alice and Bob, because Alice uses Bob’s public key to encrypt the message, only Bob’s private key can be used to decrypt the message. Therefore because Bob is the only person with access to his private key, he is the only person able to read the message.
Confidentiality of messages relies on the private keys of computers to be kept secret. Only those with a given private key are able to read messages encrypted with the corresponding public key. Because public-key cryptography uses public keys for encryption and private keys for decryption, it provides message confidentiality.
How do public and private keys ensure integrity in public-key cryptography?
Message integrity is achieved if the receiver can determine whether or not the message has been altered. Public-key cryptography can use hashes to ensure message integrity. Hashing is a cryptographic technique used to convert messages into an irreversible and cryptic form. We can send a hash of the message, along with the encrypted message to others.
To determine the message integrity, the recipient first decrypts the message using their private key, and then computes the hash of this message. If the hash they compute matches the hash sent, they can confirm the message has not been altered.
Looking at integrity in the context of the Alice and Bob example, after broadcasting public keys Alice sends the encrypted version of the message m’. To provide integrity, Alice also sends a hashed version of m, h, to Bob.
Bob receives this encrypted version of the message, and is able to decrypt it using his private key. He then computes the hash of this message, h’.
Bob can then compare h to h’. If they are the same, he can conclude the message m was not altered during transit. If they are not equal, he will conclude the message was changes by an adversary and disregard the message.
Sending a hash of the message along with the encrypted message allows the recipient to verify the integrity of the message was maintained. To forge the hash, an attacker would need to know the contents of the message, requiring the attacker to decrypt the encrypted message with the private key. Similar to confidentiality, message integrity relies on private keys being kept secret.
How do public and private keys ensure authentication in public-key cryptography?
Authentication requires validating the identity of the message sender. Digital signatures can be used to provide authentication in public-key cryptography. A digital signature can be created by signing the encrypted message with the sender’s private key. Because the sender is the only individual with their private key, they prove their identity by using it in the signature.
Due to the modular inverse relationship between public and private keys, the receiver can decrypt the signature with the sender’s public key, and giving them the original encrypted message. If this does produce the original message, then the sender’s identity is confirmed by the signature. This use of public and private keys gives us a way to confirm who the encrypted message was sent from.
Applying the use of signatures in the Alice and Bob example, after broadcasting public keys Alice would send the signature alongside the encrypted message.
Bob would then use Alice’s public key to decrypt the signature.
If the decrypted signature matches the encrypted message, the message was sent using Alice’s private key. The use of Alice’s private key in sending the message confirms Alice sent the message.
Only the individual who holds the private key can sign a message. The signature and sender’s public key can be used to verify the senders identity, providing authentication.
Conclusion
For technology to persist as our primary form of communication, and for technical systems to continue to integrate, we need protocols that provide confidentiality, integrity and authentication in communications. Public-key cryptography allows us to meet these needs.
Asymmetric encryption is needed when communicating between two parties for the first time. HTTPS per session is the most common use case of asymmetric encryption. From a software engineering perspective, asymmetric encryption is more useful when developing products that communicate with external systems.
Asymmetric encryption is more complex than other cryptographic methods, such as symmetric encryption. Modern technologies strike a balance of using a combination of protocols depending on the use case. Security is often traded off with complexity and speed. When two parties do not have a trusted relationship and want to communicate, public-key cryptography is useful.
There are some long term concerns regarding the security of public-key cryptography if P=NP. Stay tuned to learn about alternative cryptographic protocols.
Additional Readings
How Secure Are Encryption, Hashing, Encoding, and Obfuscation?