With symmetric key encryption, both the transmitter and the receiver need to use the same key, which raises the question of how the key itself can be securely transmitted. One way to do this is to set up the shared secret key a priori via an out-of-band method. For example, a shared secret password could be hard-coded into both the transmitter and the receiver; on the other hand, a service provider could give the key to a subscriber at the time of signing up for service. This approach, however, does not scale very well for extensive use. For example, it becomes impossible to generate millions of individual unique keys and deliver them to each person. Also, relying on out-of-band mechanisms is unmanageable, prone to errors, and often not very practical.
Asymmetric key encryption is an elegant solution to the key-distribution problem. Asymmetric key encryption uses two keys: a public key and a private key. When a ciphertext is encrypted using one of the two keys, it can be decrypted only by the other key. Both the keys are generated simultaneously using the same algorithm RSA and the public key is disclosed widely and the private key is kept secret. The Wimax Public Key Infrastructure (PKI), which is widely used to secure a variety of Internet transactions, is built on this idea of using asymmetric keys. (Arkoudi-Vafea Aikaterini, 2006)
Authentication in Public Key Infrastructure (PKI)
Here, we need a mechanism to ensure that a given user or device is as stated. For example, to ensure that the data received is really from user B, user A can use the process using public and private keys, along with a random number. If B returns A’s random number, A can be assured that the message was sent by B and no one else. Similarly, B can be assured that A received the message correctly. The message could not have been read by anyone else and could not have been generated by anyone else, since no other user has the private key or the correct random number.
Shared Key Distribution in Public Key Infrastructure (PKI)
To securely send data to user B, user A can do so by using the public key of user B to encrypt the data. Since it now can be decrypted only by the private key of user B, the transaction is secured from everyone else. This secure transaction can now be used to distribute a shared secret key, which can then be used to encrypt the rest of the communication, using a symmetric key algorithm, such as AES it also shows how, after mutual authentication, a shared key is established for encrypting the rest of the session. (Eduardo B. Fernandez, Michael VanHilst and Juan C. Pelaez)
Non-Repudiation & Message Integrity in Public Key Infrastructure (PKI)
Asymmetric keys and Wimax Public Key Infrastructure (PKI) can also be used to prove that someone said something. This non-repudiationis the role often played by signatures on a standard letter. In order to establish non-repudiation, it is not necessary to encrypt the entire text, which is sometimes computationally expensive and unnecessary. An easier way to guarantee that the text came from the sender and has not been tampered with is to create a message digest from the message and then encrypt the digest, using the private key of the sender. A message digestis a short fixed-length string that can be generated from an arbitrarily long message. It is very unlikely that two different messages generate the same digest, especially when at least 128-bit message digests are used. Message Digest 5 algorithm (MD-5) and Secure Hash Algorithm (SHA) are two algorithms used for computing message digests, both of which are much faster and easier to implement than encryption. By sending the unencrypted text along with an encrypted digest, it is possible to establish non-repudiation and message integrity. (Eduardo B. Fernandez, Michael VanHilst and Juan C. Pelaez)
Digital Certificates Public Key Infrastructure (PKI)
Digital certificates are a means of certifying the validity and validity of public keys. As part of the Wimax Public Key Infrastructure (PKI), a certification authority, which essentially is a trusted independent organization, such as VeriSign, certifies a set of public and private keys for use with Wimax Public Key Infrastructure (PKI) transactions. The certification authority issues digital certificates that contain the user’s name, the expiry date, and the public key. This certificate itself is digitally signed by the certification authority using its private key. The public key of Certification Authorities are widely distributed and known; for example, every browser knows them. In the context of broadband wireless services, subscriber terminals may be issued individual digital certificates that are hard coded into the device, and can be used for device authentication. (Sonnenreich Wes, Albanese Jason, 2003)