Previous Table of Contents Next


One-Way Hash Codes

In the case illustrated by Figure 9.4, when the smart card encrypts the challenge text with a public key, the smart card authenticates the identity of the terminal side application when it demonstrates possession of the private key which can decrypt the challenge text. The smart card application knows that only the possessor of the private key can decrypt that message. So if the process is reversed and the terminal-side application generates some piece of text and encrypts it with its private key, the smart card application knows that the text, when decrypted with the public key (of the terminal-side application’s identity) must have come from the terminal-side application. Thus, the terminal-side application has digitally signed the text in question; that is, it has essentially affixed an identifying symbol that conveys the same information that the signature at the bottom of a contract does.

As mentioned previously, public key encryption and decryption can be very processor intensive. Further, the public-key encryption and decryption operations being discussed are (for purposes of the current discussion) intended to authenticate identity, not assure privacy. This being the case, it is not actually necessary to encrypt all the information in question in order to sign it digitally and to validate that it hasn’t changed; that is, that the integrity of the information has been preserved. Rather, all that is necessary is to calculate some type of unique check sum over the information in question and then encrypt that check sum. A check sum is the result from a computational algorithm acting on the information in question such that if a single bit of that information changes, the resulting check sum will change.

Generation of such check sums is possible with a family of computational algorithms known as one-way hash functions. Through these functions, you can process a large collection of information and derive a much smaller set of information, referred to as a hash code. You might think of a hash function as a logical, nondestructive meat grinder. When you grind a piece of meat with it, you don’t destroy the meat, but you get pile of ground round that is unique for every piece of meat you put into it. So if I put the same piece of meat through the grinder twice, I get two identical batches of ground round.

Some very desirable traits of useful one-way hash functions are the creation of a unique hash code for a unique collection of bits comprising the source document and the inability (or at least great computational difficulty) to predict what hash code will be generated (without passing the information in question through the one-way hash code algorithm) from a given collection of bits. Two of the more popular one-way hash codes in use in the smart card world are the MD5 algorithm and SHA-1 algorithm.

A variant of one-way hash functions has been developed which also requires a key, in addition to the information in question, before a one-way hash code can be computed. These functions are referred to as message authentication codes, or MACs. They are useful for confirming integrity of information as well as authenticating identities associated with the information, but without guaranteeing the privacy of the information. A variant on this theme involves the use of public-key cryptography in conjunction with one-way hash functions. This is the mechanism that is most generally called a digital signature, as opposed to the definition suggested earlier.

Digital Signatures

If a one-way hash function is computed on a collection of information and that hash code is not encrypted with the private key of a public/private key pair, the encrypted information that results provides both authentication of the identity of the entity which encrypted the hash code (essentially signed the original information) and the integrity of the original information. This mechanism is illustrated in Figure 9.5.


Figure 9.5.  A digital signature using a one-way hash code.

From Figure 9.5, you can see that when the original document—along with the digital signature of that document—is now passed to another entity, that entity can validate the digital signature. The entity authenticates the identity of the entity that digitally signed the original document and confirms the integrity of the original document (that is, it confirms that the same one-way hash code is calculated from the document on receipt as was calculated from the document at signing time).

Chain of Trust

Through the use of public-key cryptography mechanisms, it is certainly possible to address the concepts of authentication and integrity in a highly dispersed security infrastructure. In fact, many of the same techniques can be used to address authorization and privacy as well, and those points are discussed in the section “Authorization,” later in this chapter. At this point, however, an additional issue related to public-key cryptography needs to be addressed. Specifically, how does the recipient of information encrypted with a private key—and which must be decrypted with a public key to authenticate the identity associated with the private key—actually make a connection between the public key and other forms of identification related to that entity?

More to the point, how does the recipient come into possession of the public key and, if a public key would be useful in authenticating the identity of Jane Doe, why would the recipient trust the connection of that public key to the identity of a specific Jane Doe? In more general terms, what is the trust model associated with the use of public-key cryptography?


Previous Table of Contents Next