Public Key Cryptography

Public key cryptography (see Figure 9.7) can assist in removing the key deposit
process. The assumption is that public key encryption and decryption algorithms have
the property that E[D(P)] = P, in addition to the usual property that D[E(P)] = P (since
RSA has this property, it is not unreasonable).
Assuming the previously mentioned conditions are in effect:
 Party A can send a plaintext message to party B by sending EB[DA(P)]. Party A
can do this, since she knows her own private decryption key, DA, as well as B’s
public key, EB.
 When B receives the message, he transforms it using his own private key. This yields
DA(P).
 The text is stored in a safe place and then decrypted using EA to get the original
plaintext.
 If subsequently A denies having sent the message to B, B can produce both P
and DA(P).
 It can be verified that it is a valid message encrypted by DA by applying EA to it.
Since B does not have A’s private key, the only way B could have acquired the message
was if A sent it. If A discloses her secret key, then the message could have come
from anyone.

Summary
The transition to packet-routed networks means that we now share transport channels.
This has increased the need for authentication and encryption. The greater the distance
we can deliver (the more robust we make the authentication and encryption process),
the more value we confer but the greater the overhead in terms of processor bandwidth,
processing delay, and memory/code footprint.
Authentication and encryption are part of our overall end-to-end delay budget, but
in turn, authentication can be compromised by delay and delay variability, particularly
when time-sensitive challenge-response algorithms are used. Firewalls and virus scanning
techniques can add many hundreds of milliseconds to our end-to-end delay budget
but still have to be taken into account when dimensioning quality of service service
level agreements (QoS SLAs).
From the perspective of a digital cellular handset, it makes considerable sense to use
the smart card SIM/USIM as the basis both for over-the-air and end-to-end encryption,
particularly since hardware coprocessors are now available on the smart card to minimize
processing delay. For maximum flexibility, it could be argued that it is better to
have authentication and encryption implemented in software at the application layer.
Pragmatically, the best option is to integrate SIM/USIM-based admission control with
an application layer user interface.
In a packet-routed network, the IP protocol stack may also implement packet-level
security. This allows a virtual private network or networks to be deployed within a
public IP network. Care must be taken, however, to ensure that network performance
does not become protocol-limited. (We revisit IP protocol performance in our later
chapter on network software.)
Specialist users can be supported either within private networks or virtual private
networks by providing session-specific, location-specific, user group- or implementation-
specific keys that can also be given conditional access status (preemption rights).
This supports closed user groups and user group reconfiguration.
Key life can be difficult to manage, particularly with multiple user groups where
group membership is highly dynamic. Note also that in specialist radio networks, there
may be no network—that is, users are talking back-to-back between handsets. In a specialist
radio network, a session can be defined as the time during which the press-to-talk
key on the radio is depressed. When the PTT is released, the session is completed.
As most specialist users expect virtual instant access to a channel or virtual instant
access into a group call, it is imperative that access and authentication protocols work
within very strictly defined time limits.
In private mobile radio systems equipped with in-band tone signaling (tone signaling
is still sometimes used in taxi radios) the on to channel rise time, the time taken to
acquire a channel, would typically be 180 ms. Authentication and access protocols
therefore have to be close to this in terms of performance and certainly should not
introduce more than 250 ms of access delay. Early attempts to produce specialist user
group services over GSM resulted in a call set/session setup time of 5 seconds—really
not acceptable—an example of protocol performance limitation.
We revisit dynamic user groups in Chapter 17 when discussing mobile IP in ad hoc
networks in the context of traffic shaping protocols. 221