Public key infrastructure has solved one of its major flaws, the possibility of the public key being tampered with, by adding a certification authority to the encryption and decryption process. This is done by having the private key sign a certification authority, which tells the receiving end that the public key being issued is indeed the one issued by the trusted party. What stood out to me here was the additional layer being added to maintain security. This was the result of the public key infrastructure evolving to protect public keys against man-in-the-middle attacks. I am wondering if evolving security threats will continue causing public key infrastructure to add more and more levels of certification.
A key point I got from this article was that security requires many layers in order to make sure communication is secure. The public key infrastructure (asymmetric key) generates a public and private key that are mathematically related, using one of these keys to encrypt a message and the other key to decrypt the message. This type of cryptography helps keep messages confidential, but does not verify the identity of the party receiving the message. In order to guarantee that the party receiving the message is actually who they say they are, a trusted third-party called a certificate authority (CA) should be used. This is the additional layer needed to make sure the communication is secure by verifying identities.
Hi Nicholas,
That is an interesting point that you bring up about encryption specifically regarding asymmetric key encryption. While asymmetric encryption might be more secure than symmetric encryption, however, symmetric encryption is faster. Symmetric encryption is faster since one secret key is used to encrypt and decrypt the message. Both asymmetric and symmetric are very effective in different ways and depending on the goal of the user or organization, either or both types of encryption may be implemented to secure data transfers.
A strong cryptographic authentication is very well needed between computers with a reliable connection. This is where Public Key Infrastructure (PKI) comes in. It delivers a framework of encryption and data communication standards to secure communications over public networks. It also connects public keys with user identities by way of a certificate authority, which is a reliable third party that issues digital certificates and creates digital signatures. The X.509 certificate uses the PKI model to confirm that the public key belongs to the user or computer from that certificate.
This web page introduces the public key infrastructure. Public key cryptography uses a key pair to encrypt and decrypt the content. It should have a pair of mathematically related keys, one is the public key and one is the private key. One user needs to use one key to encrypt the information and the other user needs to use one key to decrypt the information. The certificate authority (CA) usually achieved by issuing a signed (encrypted) binary certificate, which confirms the identity of the certificate subject and binds that identity to the public key contained in the certificate. The CA uses its private key to sign the certificate. It uses a self-signed CA certificate to issue corresponding public keys to all relevant parties. The certificate signing process verifies that the public key has not been tampered with or damaged during transmission.
A key takeaway I learned from his reading was just that public-key cryptography relies on a public and private key pair to encrypt and decrypt. The certificate authority gives each member their own particular one that they can choose to share with others. The x.509 public key infrastructure recognizes the requirements for a public key certificate. The signed certificate certifies the key to a person, computer, or organization. Since inception, the X.509 public-key standard has evolved 3 times, each time requiring more specific detail, the latest version (3) requires the issuer’s unique ID, subject unique ID, and extensions. As time goes on, these public key requirements will become more detailed in order to heighten security.
A key takeaway from this reading is that the CA acts as the “middleman” in PKI, providing assurance (use of signed binary certificates) that the public key belongs to the person who they say they are, a major challenge in the asymmetric key cryptography. This then eases concerns regarding whether the public key used to encrypt a message belongs to the intended recipient.
It was interesting to read these documents, as they take a deeper dive into PKI and Asymmetric keys. In previous classes, we have covered this, but have not learned about the technical details that are going on in the background. It was interesting to read through the ASN.1 syntax. I also didn’t realize that there have been 3 different versions of the X.509 public-key certificate standard. The included chart was interesting to see how it has evolved over the years.
I also think it’s interesting to see how technology and standards change over time. Version 2 added Issuer Unique ID and Subject Unique ID to X.509 certificates. Those are probably better identifiers than just names that they had before. Version 3 added extensions. Those extensions allow for more information to be associated with the certificate.
This reading outlines how public key infrastructure can be used to solve the challenge of lack of certainty about public key ownership. PKI consists of both hardware and software that are used to establish both integrity and ownership. The ownership or identity factor is established through the use of certificate authorities and the integrity factor is established through the hashing performed by the certificate authority, which is compared to a separate hash that is performed upon receipt. If the two hashes match, it provides the recipient “reasonable certainty” that the contents have not been changed. These two short readings were a good example of how specific technologies can be deployed to solve challenges introduced by security measures such as encryption. I thought it was a good build upon our discussion of encryption last week.
Public Key Cryptography is essential to allowing secure communication across the Internet. Essential to PKI is the certificate authorities. When they verify an identity and issue a certificate, they allow anyone to be reasonably sure that information is coming from who they say it’s coming from. The CAs are a trusted third-party that validates and issues the certificates. The X.509 certificates are what they issue and each one has specific validity periods.
These documents build upon the cryptography chapter in Boyle and this week’s class. The concepts of a public key, private key, and certification authority are explained and it is clear how all three must exist in order to securely encrypt a message. The public key encryption standard has evolved over time since it was developed in 1998 (3 versions thus far). It is critical that this standard and continues to evolve as technologies also rapidly change and evolve.
I like how you mentioned that this technology needs to continue to evolve. It’s always important that we diversify and never grow too reliant on any security method because technology is always exponentially evolving.
The X.509 public key infrastructure certificate described in RFC5280 addresses the issue of securing data in transit. Combining authentication and encryption, this standard not only provided a standard for certification issuing, but it also enabled the distribution of the server public key to allow asymmetric encryption to protect data in transit. In addition, RFC5280 section 3.3 also accounts for the revocation of certifications via a signed data structure called a certificate revocation list (CRL).
A key takeaway from the reading is to recognize the role of a certificate authority (CA) in public-key infrastructure, and to understand the problem that the CA solves. In public-key infrastructure, the CA distributes a signed digital certificate, containing its public key, to both parties. When party A intends to send an encrypted message to party B, it must encrypt the message with party B’s public key so that party B can decrypt it with their private key. Party B sends its public key to both party A and the CA, and the CA hashes the public key, adds it to the CA’s digital certificate, and sends that data to party A. Party A can compare the hash sent by the CA to the hash of the public key they received from party B. This enables the two parties to verify that the public keys they use to encrypt their messages have not been tampered with by a third party, which would compromise the confidentiality of those messages.
PKI’s are so interesting to me because it serves a technology security purpose with what’s essentially a logic problem. It doesn’t use some magic firewall, it simply secures both parties with some logic and arithmetic. Although it’s not 100% secure, good luck trying to crack it within a reasonable amount of time. Of course, nothing is ever 100% secure, and even if you don’t have enough computing power to crack a key there are still man-in-the-middle attacks.
The main concept that I learned from this reading, Public Key Infrastructure and X.509 Public Key Certificates, is that Certification authorities or (CAs) authenticate the identity of the parties in the network. This is for both root certification authorities and subordinate authorities. The general concept is to have one or more trusted entitles digitally sign documents certifying that a particular cryptographic key belongs to that corresponding particular user or device in a database. Basically, a public key infrastructure is often how two end computers encrypt and decrypt data, then transfers the data securely via networks such as the internet.
While I’m familiar with the public key infrastructure, this reading introduced the concept of the certification authority to me. The CA uses software and hardware to establish the integrity and ownership of a public key. The CA signing process ensures that public keys have not been tampered with in transit. The reading also giver a great example of this process using the scenario between Bob and Alice.
The Public Key Infrastructure (KPI) has solved one of the biggest problems that both symmetric and asymmetric encryption have – How do you know that the public key you received actually belongs to the person you think it does? PKI resolves this challenge by issuing and governing digital certificates that confirm the identity of people, devices or applications that own private keys and the corresponding public keys. PKI is so important in today’s digital age because there are now millions of applications and connected devices that require certification. Properly authenticating and maintaining certificates for these technologies is essential to keeping our highly connected world secure.
THis reading gave me a better appreciation of PKI, At my previous job, i had to access my network from my desk with a PKI, i had numerous problems with the PKI reader in the laptop as well as the chip itself in the card. The purpose behind implementing a PKI to access my network drive from my office computer was always a question that i had but after this reading i know understand why my old employer choose to do this.
Taylor Trench says
Public key infrastructure has solved one of its major flaws, the possibility of the public key being tampered with, by adding a certification authority to the encryption and decryption process. This is done by having the private key sign a certification authority, which tells the receiving end that the public key being issued is indeed the one issued by the trusted party. What stood out to me here was the additional layer being added to maintain security. This was the result of the public key infrastructure evolving to protect public keys against man-in-the-middle attacks. I am wondering if evolving security threats will continue causing public key infrastructure to add more and more levels of certification.
Nicholas Fabrizio says
A key point I got from this article was that security requires many layers in order to make sure communication is secure. The public key infrastructure (asymmetric key) generates a public and private key that are mathematically related, using one of these keys to encrypt a message and the other key to decrypt the message. This type of cryptography helps keep messages confidential, but does not verify the identity of the party receiving the message. In order to guarantee that the party receiving the message is actually who they say they are, a trusted third-party called a certificate authority (CA) should be used. This is the additional layer needed to make sure the communication is secure by verifying identities.
Elias Harake says
Hi Nicholas,
That is an interesting point that you bring up about encryption specifically regarding asymmetric key encryption. While asymmetric encryption might be more secure than symmetric encryption, however, symmetric encryption is faster. Symmetric encryption is faster since one secret key is used to encrypt and decrypt the message. Both asymmetric and symmetric are very effective in different ways and depending on the goal of the user or organization, either or both types of encryption may be implemented to secure data transfers.
Christopher Clayton says
A strong cryptographic authentication is very well needed between computers with a reliable connection. This is where Public Key Infrastructure (PKI) comes in. It delivers a framework of encryption and data communication standards to secure communications over public networks. It also connects public keys with user identities by way of a certificate authority, which is a reliable third party that issues digital certificates and creates digital signatures. The X.509 certificate uses the PKI model to confirm that the public key belongs to the user or computer from that certificate.
To-Yin Cheng says
This web page introduces the public key infrastructure. Public key cryptography uses a key pair to encrypt and decrypt the content. It should have a pair of mathematically related keys, one is the public key and one is the private key. One user needs to use one key to encrypt the information and the other user needs to use one key to decrypt the information. The certificate authority (CA) usually achieved by issuing a signed (encrypted) binary certificate, which confirms the identity of the certificate subject and binds that identity to the public key contained in the certificate. The CA uses its private key to sign the certificate. It uses a self-signed CA certificate to issue corresponding public keys to all relevant parties. The certificate signing process verifies that the public key has not been tampered with or damaged during transmission.
Quynh Nguyen says
A key takeaway I learned from his reading was just that public-key cryptography relies on a public and private key pair to encrypt and decrypt. The certificate authority gives each member their own particular one that they can choose to share with others. The x.509 public key infrastructure recognizes the requirements for a public key certificate. The signed certificate certifies the key to a person, computer, or organization. Since inception, the X.509 public-key standard has evolved 3 times, each time requiring more specific detail, the latest version (3) requires the issuer’s unique ID, subject unique ID, and extensions. As time goes on, these public key requirements will become more detailed in order to heighten security.
Lakshmi Surujnauth says
A key takeaway from this reading is that the CA acts as the “middleman” in PKI, providing assurance (use of signed binary certificates) that the public key belongs to the person who they say they are, a major challenge in the asymmetric key cryptography. This then eases concerns regarding whether the public key used to encrypt a message belongs to the intended recipient.
Charlie Corrao says
It was interesting to read these documents, as they take a deeper dive into PKI and Asymmetric keys. In previous classes, we have covered this, but have not learned about the technical details that are going on in the background. It was interesting to read through the ASN.1 syntax. I also didn’t realize that there have been 3 different versions of the X.509 public-key certificate standard. The included chart was interesting to see how it has evolved over the years.
Jonathan Mettus says
I also think it’s interesting to see how technology and standards change over time. Version 2 added Issuer Unique ID and Subject Unique ID to X.509 certificates. Those are probably better identifiers than just names that they had before. Version 3 added extensions. Those extensions allow for more information to be associated with the certificate.
Megan Hall says
This reading outlines how public key infrastructure can be used to solve the challenge of lack of certainty about public key ownership. PKI consists of both hardware and software that are used to establish both integrity and ownership. The ownership or identity factor is established through the use of certificate authorities and the integrity factor is established through the hashing performed by the certificate authority, which is compared to a separate hash that is performed upon receipt. If the two hashes match, it provides the recipient “reasonable certainty” that the contents have not been changed. These two short readings were a good example of how specific technologies can be deployed to solve challenges introduced by security measures such as encryption. I thought it was a good build upon our discussion of encryption last week.
Jonathan Mettus says
Public Key Cryptography is essential to allowing secure communication across the Internet. Essential to PKI is the certificate authorities. When they verify an identity and issue a certificate, they allow anyone to be reasonably sure that information is coming from who they say it’s coming from. The CAs are a trusted third-party that validates and issues the certificates. The X.509 certificates are what they issue and each one has specific validity periods.
Christa Giordano says
These documents build upon the cryptography chapter in Boyle and this week’s class. The concepts of a public key, private key, and certification authority are explained and it is clear how all three must exist in order to securely encrypt a message. The public key encryption standard has evolved over time since it was developed in 1998 (3 versions thus far). It is critical that this standard and continues to evolve as technologies also rapidly change and evolve.
Panayiotis Laskaridis says
Hello Christa,
I like how you mentioned that this technology needs to continue to evolve. It’s always important that we diversify and never grow too reliant on any security method because technology is always exponentially evolving.
Xiduo Liu says
The X.509 public key infrastructure certificate described in RFC5280 addresses the issue of securing data in transit. Combining authentication and encryption, this standard not only provided a standard for certification issuing, but it also enabled the distribution of the server public key to allow asymmetric encryption to protect data in transit. In addition, RFC5280 section 3.3 also accounts for the revocation of certifications via a signed data structure called a certificate revocation list (CRL).
Mitchell Dulaney says
A key takeaway from the reading is to recognize the role of a certificate authority (CA) in public-key infrastructure, and to understand the problem that the CA solves. In public-key infrastructure, the CA distributes a signed digital certificate, containing its public key, to both parties. When party A intends to send an encrypted message to party B, it must encrypt the message with party B’s public key so that party B can decrypt it with their private key. Party B sends its public key to both party A and the CA, and the CA hashes the public key, adds it to the CA’s digital certificate, and sends that data to party A. Party A can compare the hash sent by the CA to the hash of the public key they received from party B. This enables the two parties to verify that the public keys they use to encrypt their messages have not been tampered with by a third party, which would compromise the confidentiality of those messages.
Panayiotis Laskaridis says
PKI’s are so interesting to me because it serves a technology security purpose with what’s essentially a logic problem. It doesn’t use some magic firewall, it simply secures both parties with some logic and arithmetic. Although it’s not 100% secure, good luck trying to crack it within a reasonable amount of time. Of course, nothing is ever 100% secure, and even if you don’t have enough computing power to crack a key there are still man-in-the-middle attacks.
Elias Harake says
The main concept that I learned from this reading, Public Key Infrastructure and X.509 Public Key Certificates, is that Certification authorities or (CAs) authenticate the identity of the parties in the network. This is for both root certification authorities and subordinate authorities. The general concept is to have one or more trusted entitles digitally sign documents certifying that a particular cryptographic key belongs to that corresponding particular user or device in a database. Basically, a public key infrastructure is often how two end computers encrypt and decrypt data, then transfers the data securely via networks such as the internet.
Michael Doherty says
Elias,
I as well gained this insight from the reading,. As long as the proper certifications are in place then the authentication should work.
Ashleigh Williams says
While I’m familiar with the public key infrastructure, this reading introduced the concept of the certification authority to me. The CA uses software and hardware to establish the integrity and ownership of a public key. The CA signing process ensures that public keys have not been tampered with in transit. The reading also giver a great example of this process using the scenario between Bob and Alice.
Wei Liu says
The Public Key Infrastructure (KPI) has solved one of the biggest problems that both symmetric and asymmetric encryption have – How do you know that the public key you received actually belongs to the person you think it does? PKI resolves this challenge by issuing and governing digital certificates that confirm the identity of people, devices or applications that own private keys and the corresponding public keys. PKI is so important in today’s digital age because there are now millions of applications and connected devices that require certification. Properly authenticating and maintaining certificates for these technologies is essential to keeping our highly connected world secure.
Michael Doherty says
THis reading gave me a better appreciation of PKI, At my previous job, i had to access my network from my desk with a PKI, i had numerous problems with the PKI reader in the laptop as well as the chip itself in the card. The purpose behind implementing a PKI to access my network drive from my office computer was always a question that i had but after this reading i know understand why my old employer choose to do this.