Cryptography Reference
In-Depth Information
Hence, it was evident that public key crypto-systems introduced a new paradigm
in cryptography, but also increased the complexity of securing end-to-end communica-
tions. Public Key Infrastructure (PKI) aims to solve the above questions.
4.2 Public Key Infrastructure
Public Key Infrastructure (PKI) was designed to provide the necessary foundation for
implementing security services. One of the main goals of PKI is to provide an arrange-
ment to bind the public keys of end users with their respective identities. In PKI, this
binding is achieved through a digital certificate (For example, X.509 version 3 certifi-
cates). A digital certificate is a signed certificate that contains the public key along with
the name of the subject. The name of the subject can be an email address, a direc-
tory name, or a Domain Name Service (DNS) name. These certificates are usually
signed by certificate authorities (CAs). A certificate authority is supposedly a trusted
third party who is responsible for issuing certificates to trusted users or intermediate
certificate authorities. A typical PKI consists of CAs, Registration Authorities (RAs),
certificate repository, and certificate management (discussed in the next section).
4.2.1 Single-Certifi cate Authority Model
In this model, every end user's equipment is preconfigured with the Certificate Authority
(CA)'s public key certificate (Figure 4.4). The organizations that run CA (VeriSign or
Thwate) are responsible for distributing public key certificates. However, there is no
single organization that is trusted universally by every commercial, governmental, edu-
cational institution, and so on. From a scalability point of view, it is tedious, expensive,
and unsecure to obtain certificates from unrelated and distant organizations.
In addition, adhering to the norm of best security practice; it is important to update
the public key certificate of the CA periodically. However, with the single-certificate
model, it is next to impossible to refresh public key certificates of all the end users at the
Certificate Authority
Alice
Bob
Figure 4.4. Single-Certifi cate Authority Model
Search WWH ::




Custom Search