Confidentiality, Integrity, Authentication, and Nonrepudiation.
Carlos F Rentas
November 17, 2012
Prof. Jonathan C. Thrall
Working as an Information Security Officer, our firm was task for a client who is small software company currently using a Microsoft Server 2008 Active Directory domain and is administered by a limited number of over-tasked network administrators. The rest of the client’s staff is mostly software developers and a small number of administrative personnel. The client has decided that it would be in their best interest to use a public key infrastructure (PKI) to provide a framework that facilitates confidentiality, integrity, ...view middle of the document...
It uses a pair of mathematically related cryptographic keys. When one key is used to encrypt information, then only the related key can decrypt the same. If only one of the keys is known, then the other key becomes extremely difficult to calculate, resulting in the following:
* A public key. This is something made public, freely distributed and it can be seen by all users.
* A corresponding (and unique) private key. This is kept secret and not shared among users.
A private key enables a user to prove, without any doubt, who they claim to be.
Positive and negative characteristics of a Public and In-house CA.
Some of the expected advantages of a PKI infrastructure comes as;
* Ensuring the quality of information electronically sent and received
* Ensuring the authenticity of the source and destination of the information,
* Provided the source of time is known, the assurance of the time and timing of the information
* Ensuring information’s privacy
* Information’s authenticity that may be introduced as evidence in court
In a network that’s used to issue and manage security credentials and public keys for the encryption of messages, a CA is the authority. In a public key infrastructure, a CA verifies with a RA checks with (registration authority) (RA) and checks the information provided by whoever request a digital certificate. The CA issues a certificate once the RA verifies the requestor’s information. Depending on the public key infrastructure implementation, the certificate includes the owner’s name, the owner's public key, expiration date of the certificate, and any other public key owner information such as;
In a Public Key system, communication is asymmetric, the sender and receiver do not need a common key to send encrypted messages. The sender needs however to know the receiver's public key so the message can be sent. However for that communication to stay private, the receiver needs to keep the sender's private key confidential.
Due to its asymmetric encryption, communication in a PKI infrastructure should be secure. When an individual or companies make false representations or assume false identity is when problems arise, allowing confidential data to fall into unauthorized hands.
* Certificate Authority
In a website holding public keys, these are trusted third parties who verify identities. These contain names, addresses, phone numbers and other information subject to be verified in order to determine if the entity is legitimate. Some of these certificates issued provide an additional encryption known as Secure Socket Layer (SSL) making communication secure.
Recommendation for either a Public CA or an In-house CA.
Security has become a priority for companies over the last few years, and many administrators that have probably never thought twice about digital certificates are...