Public Key Infrastructure
This chapter briefly looks at a PKI network security infrastructure and its basic services: entity authentication, message integrity, and confidentiality. It presents a PKI structure, its basic components, and the tasks of Registration Authority (RA), Cer
- PDF / 1,109,127 Bytes
- 17 Pages / 441 x 666 pts Page_size
- 77 Downloads / 206 Views
Public Key Infrastructure
This chapter briefly looks at a PKI network security infrastructure and its basic services: entity authentication, message integrity, and confidentiality. It presents a PKI structure, its basic components, and the tasks of Registration Authority (RA), Certification Authority (CA), key repositories, certificates and Certificate Revocation Lists (CRLs).
7.1 Public Key Infrastructure and Its Services Every year more and more people become users of the Internet. Each of them uses data accumulated on the network and exchanges information with other people using well-known services such as e-mail or WWW. Sometimes, when you communicate with a person you are intentionally misled about their identity. Many people are not aware of how important it is to verify the identity of the sender or recipient of a message or other web services. This fact is often used by intruders. Cryptography and its latest achievements appear extremely helpful in this case. You already know the advantages of asymmetric cryptography which enables electronic signatures. Data which is transmitted or accumulated can be signed electronically. With a signature you should not have any problems with identification of the data’s author or a message originator. If you know the author’s public key you can easily verify the signature’s authenticity. A risk, however, is that a phisher can impersonate the relevant person or institution and replace the public keys. To avoid this type of action a Public Key Infrastructure was invented. Its main purpose is to ensure the authenticity of private and public keys in a given sector.
7.2 Modern Web Threats When you have your own pair of asymmetric keys and want to exchange some electronically signed information with another person, you must each make public C. Ko´scielny et al., Modern Cryptography Primer, DOI 10.1007/978-3-642-41386-5_7, © Springer-Verlag Berlin Heidelberg 2013
175
176
7
Public Key Infrastructure
keys accessible to the other. You may do so using a web site, an e-mail or any other form of electronic exchange. A threat is that intruders can replace the transmitted public keys by their own. Unknowingly using an inappropriate public key causes incorrect authorization of the partner you communicate with. A Trusted Third Party is one of the possible ways to make the information exchange system reliable and appropriately secure. Its main function is to confirm the authenticity of public keys owned by users communicating in the system. A TTP can also inform us about any change of the keys in case of loss or theft. This is why the idea of a Public Key Infrastructure was born. The three main components of the structure are: • a Registration Authority (RA) verifies and registers the user’s personal data, • a Certification Authority (CA) issues digital certificates which testify to the authenticity of a given person and their public key. Certification is preceded by the applicant’s identification process, • a Repository of certificates, keys and Certificate Revocation Lists (CRLs
Data Loading...
