Public Key Infrastructure
PKI is an encryption scheme that provides the public key encryption and the digital signature service. The idea is to manage certificates and keys. The infrastructure works with C-I-A triad but not limited to it which provides integrity checking, authenticity, and confidentiality. It’s consists of:
· Certificate Authority (CA): the root of the trust and it offers the service to authenticate the identity of the entities.
· Registration Authority: certified by a root CA to create certificates for users that are permitted by the root.
· Certificate Database: supplies the stored certificate requests, releases and revokes certificates.
· Certificate store: a local computer to store the issued certificates and the private keys.
The future of PKI
Since the Department of the Defense is already using PKI, as well as some private businesses and companies, there is a future for PKI to expand more which raises questions of how safe it is. With the growth of smart phones and Internet of Things (IoT) and how it could rely on PKI for securing the network connection such as: lighting systems, thermostats, home surveillance and ATMs and many more. Some could argue that the future of PKI is still unknown as there are some who believe it will stay and some who believes not arguing that in some scenarios it could cause a huge reversal that involves vulnerabilities to be found and exploit.
Applications of PKI
An example of PKI application is the server identification, when someone uses HTTPS which uses either Secure Socket Layer (SSL) or Transport Layer Security (TLS) which are both asymmetric PKI. The idea is to have the server declare its identity to the client side. VPNs as well uses the same idea to show themselves to the clients.
Issues of PKI
The biggest issue of PKI is the chain of trust to verify the identities on networks. The problem is that there’s no central party that enforces these standards, so when one of CAs is compromised the PKI security is in danger. An example would the 2011 incident where web browser sellers were forced to blacklist all the certificates issued by Dutch CA (DigiNotar) which had more than 500 fake certificates.