How Romeo and Juliet defend themselves, or Email authentication
The next instalment in this exciting saga of family feuds and cyberwarfare. Tybalt has sent an invitation email to Romeo, impersonating Juliet in order to tempt Romeo to reveal himself.
Romeo opens his mail and finds this message waiting for him:
From: “Juliet” juliet@capulet.net
To: “Romeo” romeo@montague.net
Subject: secret meeting
Come to the town square at midnight, behind the clock.
Come alone and make sure you’re not followed.
J. xxx
If he takes the bait and travels to meet his love, who knows what terrible fate will befall him?
Luckily, we don’t have to worry, because Romeo and Juliet have been smart. They’ve taken precautions.
Home-brew authentication
The simplest kind of precaution they could take is to include some kind of code word or shibboleth in their communications.
They could each choose a text-say, Shakespeare’s Romeo and Juliet-and use it as a method to identify themselves. In each email they could take the next word from their chosen text and just write it at the bottom. Unobtrusive and inscrutable to outsiders-but easy for the knowledgable recipient to verify.
In older times people would rely on a signature at the bottom of a letter-and maybe a wax seal-to be sure that their correspondence was genuine and from the stated person. There are modern, cryptographic equivalents to both signatures and wax seals. This is how Romeo and Juliet can properly safeguard their correspondence.
Digital signatures
The job of a digital signature is two-fold. What does Romeo want to know about the email he has received?
- Is it actually from Juliet?
- Was it tampered with after Juliet sent it?
The first is a question of authenticity-the name says Juliet, but is it a genuine Juliet email? The second is one of integrity-has someone intercepted the mail and rewritten it? We’ll see how digital signatures help answer these questions. We’ll look at the questions in order.
Creating a unique signature
A good signature should be one that only you can sign. But it should also allow other people to check that it’s yours. These two seem somehow contradictory-they have to look at it (to check that it’s yours) but also be prevented from looking at it (because they could copy it and sign things in your name). This calls for a special kind of signature that can be examined without being copied!
What we need is something which only you can do, but that everyone can undo. This is called public key cryptography and is quite interesting and counter-intuitive. Normal cryptography has one key which allows the owner to lock and unlock things. Public key cryptography has two keys which are intrinsically interlinked. Each is the opposite of the other in some obscure way, since each can unlock the what the other locked, but they can’t unlock what they locked themselves.
Confused yet? Yep, that happens, so we’ll go slowly. There are two keys, traditionally called Public and Private. Whatever Public locks, only Private can unlock. And what Private locks, only Public can unlock. It’s like two one-way trapdoors going in opposite directions. There is nothing special about Private that makes it private-these are just names to indicate that one is kept secret and the other is released to the public.
Let’s assume that Juliet was diligent and sat down one afternoon to make a Public/Private keychain. Romeo did the same, and they sent each other their Public keys; and they kept their Private keys private.
This means that when Juliet sends a message to Romeo she can write “it’s really me!” and lock it with her Private key. When Romeo receives the message he can unlock it with Juliet’s Public key. If it unlocks then he knows that Juliet must have created the signature, because the only thing which can lock something which can be unlocked by a Public key is its opposite, the Private key. And Juliet’s Private key is in Juliet’s possession.
Integrity
Ah, but hold on, you say. What’s to stop Tybalt cut-n-pasting a signature from a different email which he received from Juliet? What’s to stop him changing the rest of the message and just leaving the signature alone?
This is where the clever bit comes in. Juliet doesn’t create a signature which says “it’s really me!”. The signature is a fingerprint of the whole message created using a hash function. If the message changes then the hash function will no longer be valid. So while Tybalt could intercept a message, decode the signature, change the content of the message and create a new hash, he has no way of locking the new hash inside Juliet’s signature.
Tybalt could go all out and completely strip the signature and pretend it was never there-but Romeo isn’t going to trust an unsigned message, is he? It seems Tybalt can’t win.
Confidentiality
I think we can be assured that Romeo wouldn’t be silly enough to go out alone at night to meet Juliet on the evidence of an unverifiable message like that.
But what if the message was really from Juliet and she wanted to elope? She could send the same message to Romeo and sign it. But if Tybalt managed to intercept the message he would still know the full contents of the message, because it can all be unlocked with Juliet’s Public key.
What Juliet should do is lock the message so that only Romeo can unlock it. Can you think of anything which would allow anyone to lock something, but only one person could unlock it? Oh yes, it’s those Public/Private key pairs!
This time, Juliet can arrange their rendezvous. She can sign the message (which locks a message hash with her Private key). And then she can encrypt the message with Romeo’s Public key. Now even Juliet can’t read it-the only person who can unlock the whole thing is Romeo.
Email security
It is a fact that most people don’t bother with email security of this level of sophistication. Email programs have always had quite awkward encryption and digital signature features. Most people leave them alone, if they know about them at all.
And in most cases you can be assured that people don’t forge your email, intercept it to change the words, or want to ambush you while you wait for your true love at midnight. But it’s better to know than be ignorant of the possibilities.