Good Example Of A Research On Public Key Infrastructure Case Study
Fundamentals of PKI
The use of technology and its application to business is evolving, thus, it is critical that the information running through the networks gets protected and secured. One secure way of guaranteeing its protection is through the implementation of public key infrastructure (PKI). PKI is a collection of procedures and policies governing the people, hardware and software to bring trust and protection to electronic business transactions via digital certificates.
A PKI has four key elements. These include the certificate authority, certificate store, registration authority and certificate database. A certificate authority, also known a trusted party, serve as the main root of trust that offers services to validate and authenticate an individual’s identity, processors or computers and other entities. A registration authority, on the other hand, provides certificates for a certain function and use allowed by the root. The root certificate authority has to certify the registration authority, also known as the subordinate certificate authority. Meanwhile, certificate databases stores all request for certificates as well as cancels certificates. Within a local computer, a certificate store exists to store accumulated delivered certificates and private keys . Some PKI has automated key recovery functions that allow recovery of lost data and services.
Generally, a PKI provides functions such as issuing and revoking of certificates, collecting and retrieving certificates as well as providing trust. Issuance of certificate provide authentication of the identity of user including a date stamp with expiration. This date stamp expires within the defined validation period, thus, allows withdrawal of the certificate. The features of PKI functions are advantageous for business in securing its Web access, electronic mails, extranets and VPNs. This technology provides data integrity that permits verification through digital signatures if an alteration occurred in the digitally signed information or data. Also, employing such kind of innovation offers strong authentication. This authentication means that a user can identify him through a network without the need to provide password. PKI also presents strong repudiation where a user cannot deny that the signed data comes from him .
Application of PKI and its Benefit
An essential feature of PKI is its public key cryptography that provides for organizing encryption keys and digital certificates for employees, systems and applications. The PKI implements the cryptography within applications such as electronic mail and messaging and web servers and its web browsers to establish guaranteed network operations and messaging sessions. In a secured environment with implemented electronic mail and messaging technology, the PKI utilizes encryptions for files and messages as well as digital signatures. Companies such as IBM Lotus Notes and Microsoft implement encryption technology to secure transfer of sensitive data and information. This is also the same case for messaging mechanism that provide encryption as well as with electronic data exchanges to protect sensitive financial information .
Public and In-house Certificate Authority
Organizations who intend to avail of the public certificate authority generally acquire the services of a certified external certificate authority. An example of this entity that provides digital certificate service is VeriSign. In this kind of set-up, the external certificate authority is accountable for any failure of the PKI. Meanwhile, this set-up has limited integration level. In the long run, expenses involving public certificate authority can become exorbitant for the company. In-house certificate authority has the basic management protocol in terms of managing certificate authority within an organization. This set-up allows integration with active directory, thus, providing ease of management within the structure of certificate authority. It also includes automated enrollment through Windows servers and does not cost any fee for each certificate. On a challenging note, implementing in-house certificate is more complex than the public ones. Its implementation means full accountability within an organization. Furthermore, its operating cost for certificate management is more costly than the public certificate authority .
In case our company is heavily engaging in voluminous financial transactions from different parts of the world, I recommend that we invest on implementing an in-house certificate authority. Since our transactions will include million dollar transactions, it is important that we have internal optimize level of control over security. It is true that this will mean investing more than a public certificate authority; however, it is more important for our company to protect our company’s image and no risk of breaching among users over our network. It is very important that users that we allow usage of our network must follow through defined network security statement. Similarly, our company will have a control with regard to the interoperability between the needs of the organization and the defined certificate authority.
Andrews, R. (2013, September 25). What is Certification Authority Authorization? Retrieved from CA Security Council: https://casecurity.org/2013/09/25/what-is-certification-authority-authorization/
Kharche, H., & Chouhan, D. (2012). Building Trust In Cloud Using Public Key Infrastructure. International Journal of Advanced Computer Science and Applications, vol.3, no.3, 26-31.
RSA Data Security. (2012). Understanding Publick Key Infrastructure (PKI). California: RSA Data Security, Inc.
Seltzer, L. (2012). Securing Your Private Keys as Best Practices for Code Signing Certificates. Thawte, Inc.