Search /
Docfinder:
Advanced search  |  Help  |  Site map
RESEARCH CENTERS
SITE RESOURCES
Click for Layer 8! No, really, click NOW!
Networking for Small Business
TODAY'S NEWS
Ex-Bay Networks CEO: Nortel's enterprise group could do well on its own
Net neutrality advocates score big win with broadband stimulus rules
Security guard charged with hacking hospital systems
Cisco looks to accelerate virtualization deployments
Apple patching serious SMS vulnerability on iPhone
Could Cisco take on Microsoft with office app service?
Nortel enterprise data chief wants to bring back Bay Networks
Government releases $4 billion in broadband stimulus funds
Why the iPhone can't be 'killed'
IBM bundles x86 servers with VMware, offers special financing
Users note virtualization foot-dragging among app vendors
Five slick search engines you should know about
FTC opens all out assault on economic cyber-scammers
Happy birthday! The Walkman turns 30
Cisco won't take on Amazon in cloud
Security /

PKI primer, Part 1

Related linksToday's breaking news
Send to a friendFeedback

Sign up to receive this and other networking newsletters in your inbox.

By M. E. Kabay
Network World Security Newsletter, 12/20/00

Public key infrastructures are the foundation on which digital signatures and secure Internet transactions will be built. This series of newsletter will serve as an introduction to PKI.

A Public Key Cryptosystem (PKC) provides asymmetric encryption of confidential messages and transactions, authenticates the origin of such data, and guarantees data integrity. For each user, two keys are generated at a time; each can decrypt only what the other encrypts; that is, each key cannot decrypt what it encrypts. One key is kept secret; the other becomes a public key known to anyone who wants to use the PKC.

Advertisement:

To send a message readable only by a specific PKC user, we can encrypt the " cleartext " with the recipient's public key; only the corresponding secret key can decrypt the " ciphertext. " Similarly, to authenticate the origin of a message, we can encrypt the cleartext or a randomized extract of the text (a hash) using our own secret key. Anyone can then decrypt the message using our public key - and only that key. Both of these methods also guarantee the integrity of the cleartext while the ciphertext is in transit, because any tampering with the ciphertext causes errors during verification of the digital signature or decryption of the ciphertext.

HHHHowever, a PKC depends on trust. For example, in the case of a digital signature, the PKC provides proof only of the secret key used to sign a given document. What if a signing key were actually issued to an imposter? What if a person's secret key were compromised? The PKC can be trusted only if there is a trusted link from a public key to a known individual, organization, or device. It is the chief function of a PKI to document a trustworthy linkage between the ostensible owner of a secret key and that key.

There are many questions raised when discussing the PKI. For example,

* What should a certificate that links identity to a key pair contain?

* How should we validate a public key to prevent impersonation?

* How should we handle revocation of certificates?

* What happens to documents signed with keys that have been revoked?

* Should organizations build their own PKI or use third-party certificates?

* Can proprietary formats for certificates lead to successful interoperability?

* What are the costs and benefits of third-party PKIs vs. in-house PKIs?

Thanks to Robert Moskowitz of ICSA Labs for contributing to the white paper on which this series is based.

RELATED LINKS

Check out the new "Computer Security Handbook, 4th Edition" edited by Seymour Bosworth and Michel E. Kabay; Wiley (New York), ISBN 0-4714-1258-9. Available now at your technical bookstore or visit Amazon.

M. E. Kabay, Ph.D., CISSP is Associate Professor of Information Assurance in the Department of Computer Information Systems at Norwich University in Northfield, Vt. Mich can be reached by e-mail by clicking here. He invites inquiries about his information security and operations management courses and consulting services. Visit his Web site for papers and course materials on information technology, security and management.

Archive of Network World Fusion Focus on Security newsletters

Network World Security and Bug Patch Alert
News of the latest security holes and patches.


NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.
* HOME    * RESEARCH CENTERS     * NEWS     * EVENTS

Contact us | Terms of Service/Privacy | How to Advertise
Reprints and links | Partnerships | Subscribe to NW
About Network World, Inc.

Copyright, 1994-2006 Network World, Inc. All rights reserved.