Different techniques are used to protect the integrity of data as well as unauthorized access to such data using different techniques. Cryptography is one of the many techniques whereby plain text is changed to unreadable text with the aid of mathematical algorithms. One of these techniques is Public Key Infrastructure (PKI). A pair of keys is used in Public Key Cryptography to encrypt and decrypt information. Of these two keys, one is available publicly and can be known to anyone while the other is a private key and is only known to the owner of the key and used for digitally signing files.
PKI makes use of a number of components to achieve the digital signing and encryption of documents. The core components used in PKI are as follows:
Certificate Authority (CA): A CA issues signed certificates that are used for the purpose of validating the identity of a party that is making a request. It also establishes a set of policies that govern the issuance and revocation of certificates. Revoked certificates are kept in the Certificate Revocation List (CRL) that is maintained by the CA.
Key Store: Keys are stored here for later retrieval.
Management function: A console carries out the management function in order to update keys when new ones are generated. It is also used in restoring keys when lost and archiving keys as a backup.
For the use of the organization with regards to the protection of information, PKI provides a number of important services that are highlighted as follows according to Choudhury et al. (2002):
Integrity: When documents are digitally signed using PKI, a successful verification procedure is carried out to determine if the document has already been altered or is still intact. This procedure of verification will not be successful if the document has been altered in a way or the other.
Authentication of identity: The identity of a person A can be authenticated by sending a challenge from a sender B to person A using A’s public key. The person B will then sign the challenge with some additional information with the private key and send as a reply to person A. If the reply received from person A can be validated by person B using the public key of person A, then person B can be certain that the information came from person A, thereby confirming the identity of person A.
Confidentiality: Confidentiality of information exchanged between two parties is ensured by PKI using the public key. Any information sent from person A to person B after encrypting it with the public key of person B can only be decrypted by person B using the combination of the public key and private key.
Non-repudiation: PKI ensures non-repudiation of digitally-signed documents. This is because any digitally signed document that originates from a source using private key cannot be said not to have come from that source. The private key is not supposed to be known to anyone else except the owner that can sign such documents with the private key (Albarqi et al., 2015).
The organization stands to benefit immensely from using PKI owing to the huge number of uses it can be put to. It is used for signing files and program code, helps to manage e-mails (Al-Janabi et al., 2002) and generally other messaging applications, web access and VPNs. Confidentiality and encryption are implemented in web browsers using Secure Socket Layer (SSL) (De Ryck et al., 2014); software programs that are published by the organization can be verified for authenticity after download by using the digital signature of the company.
2. For the organization to authenticate its softwares with the customers, the softwares need to be signed with the private key of the organization. A mathematical function is used to create a digest or hash of the software to be signed and encrypts the software into an unreadable format before it is signed with the private key to generate a signature. This signature is packaged along with the software. The verification is carried out by the customer using the public key of the organization, the digital signature and the software. The software can only be successfully validated using the public key of the owner that signed it. When there is a failure in the validation process, then the customer knows that the file has been altered.
3. For the organization to use in-house certificates it means creating its own certificates to sign her digital documents. The aim of signing softwares and other documents is to foster trust in the customers that such documents and softwares came from the right source. Certificates from public Certificate Authorities (CAs) are well known and are easier for customers to identify and trust compared to in-house certificates. In-house certificates will thus not easily pass the trust test with customers that might not recognize the certificate. Although an advantage of using in-house certificates over ones issued by CAs to the organization would be that it comes at no extra cost to the organization. The organization only becomes liable for the certificates that they issue with extra responsibility attached to managing the certificates.
It is strongly recommended to the organization to make use of CAs as they can be easily identified and trusted by customers, since the aim of signing digital documents is to foster trust with the customers and it is easily achieved with using CAs.
REFERENCES
Albarqi, A., Alzaid, E., Al Ghamdi, F., Asiri, S. and Kar, J. (2014). Public Key Infrastructure: A survey. PDF. Retrieved from http://file.scirp.org/pdf/JIS_2015010814030097.pdf on 10th August 2016
Al-Janabi, Sufyan T. Faraj et al. (2012). Combining Mediated and Identity-Based Cryptography for Securing Email, In Ariwa, Ezendu et al. Digital Enterprise and Information Systems: International Conference, DEIS 2011, London, UK July 20 – 22, 2011, Proceedings. Springer. pp. 2–3, ISBN:3642226027.
De Ryck, P., Desmet, L., Piessens, F. and Johns, M (2014). Primer on Client-Side Web Security, Springer, ISBN: 3319122266.
Choudhury, S., Bhatnagar, K. and Haque, W. (2002). Public Key Infrastructure Implementation and Design. Hungry Minds Inc. ISBN: 0−7645−4879−4
