Public Key Infrastructure
(PKI) is a system that provides the public key encryption and the digital signature service. The idea is to manage certificates and keys. The infrastructure works with CIA triads but not limited to and provides integrity checking, authenticity, and confidentiality. It’s consists of:
· Certificate Authority (CA) which is the root of the trust and offers the service to authenticate the identity of the entities.
· Registration Authority which certified by a root CA to create certificates for users that are permitted by the root.
· Certificate Database which supplies the stores certificate requests and releases and revokes certificates.
· Certificate store which is in a local computer to store the issued certificates and the private keys.
The future of PKI
The growth of smart phones and Internet of Things and how it will rely on PKI for the network connection that includes lighting systems, thermostats, home surveillance and ATMs and many more which demands the transparency of certificate identity authentications. The Department of the Defense is already using PKI, some private businesses and companies are transiting as well. The future of PKI is unknown as there are some who believe it will stay and some who thinks that on some scenarios it could cause a huge reversal that involves vulnerabilities to be found and exploit.
Applications of PKI
An example of PKI application is server identification, whenever someone uses HTTPS, it is using PKI server identity certificate in the SSL handshake. The idea is to have the server assert its identity to the client side. VPNs uses the same thing to identify themselves to the clients.
The biggest issue of PKI is the chain of trust to verify the identities on networks. The problem is that there’s no major party that enforces these standards, so when one of CAs is compromised the whole PKI security is in danger. An example would the 2011 incident where web browser sellers were forced to blacklist all the certificates issued by Dutch CA (DigiNotar) which had more than 500 fake certificates.