SlideShare a Scribd company logo

Reconsidering Public Key Infrastructure and its Place in Your Enterprise Strategy

O
Omlis

Gartner's statement that certificates can no longer be blindly trusted; coupled with Microsoft VP of Trustworthy Computing, Scott Charney declaring “PKI is under attack” seems increasingly prophetic as the digital world relentlessly develops its capabilities. Undeniably, PKI plays a key role in internet security, but SSL (Secure Sockets Layer) / TLS (Transport Layer Security) systems are proving increasingly vulnerable under the weight of the latest digital ecosystem.

Technology
1 of 8
Download to read offline
Reconsidering PKI and its Place in Your Enterprise Encryption Strategy 150821_oml_v1p | Public | © Omlis Limited 2015
1150821_oml_pki_v1p | Public | © Omlis Limited 2015 Contents Introduction 2 Smartphone, IoT and Fragmented Platforms Bring Challenges and Inconsistencies to PKI 3 Inherent Security Flaws Associated with Interoperability 3 Cost and Complexity 4 Transitioning into the Future 5 References 6 Contributors 6
2150821_oml_pki_v1p | Public | © Omlis Limited 2015 Introduction Three years ago, Gartner made the claim that certificates can no longer be blindly trusted; a statement which seems more and more prophetic as the digital world relentlessly develops its capabilities at a pace which digital certificates is struggling to maintain. In an era of SDNs (Software-defined Networks), cloud implementation and lightweight agile solutions, many modern deployments of the certificate-based security methodology known as PKI (Public Key Infrastructure) are beginning to look increasingly outmoded, representing a very manual and increasingly unmanageable approach. PKI has undoubtedly formed an integral part of internet security, but the SSL (Secure Sockets Layer) / TLS (Transport Layer Security) based system is proving increasingly vulnerable under the weight of the latest digital ecosystem. Whilst PKI was at best acceptable for desktops and laptops operating over closed networks inside corporate firewalls, the mobile revolution has exposed existing cracks, making the commonly accepted methodology look cumbersome and ultimately, unsecure. PKI still has a role to play in the less ‘mission critical’ aspects of internet security, and to start describing it as a legacy architecture is premature, but within an increasingly connected world, it clearly needs to narrow the scope of its usage. According to research from Ponemon’s paper entitled “2015 Cost of Failed Trust Report” the average number of keys and certificates in use has grown at a rate of over 34% to 24,000 per enterprise 1 . For PKI to remain effective it must rein-in these levels of expansion and learn to co-exist with powerful, secure and more versatile forms of encryption. To provide context, it’s often stated that we’re at the third of the internet’s biggest evolutionary stages: we began with the era of mainframes and terminals, before moving to the second evolutionary platform which constituted the client / server model thereby introducing us to internet / LAN (Local Area Network), or “Web 2.0” as it was often labeled in the media. This was the climate in which PKI began to thrive, lasting until around 2005 when the net began to take on new dimensions. We’re now fully submerged in “Platform 3.0”, which is defined as an era of mobile, cloud, big data, IoT (Internet of Things), M2M (Machine- to-Machine), and BYOD (Bring Your Own Device) which brings with it a unique set of security demands.
3150821_oml_pki_v1p | Public | © Omlis Limited 2015 Smartphone, IoT and Fragmented Platforms Bring Challenges and Inconsistencies to PKI If PKI reached its practical zenith under the narrow platform of laptops and desktops, the IoT and the smartphone could represent the beginning of its demise due to an abundance of devices and operating systems all having different security requirements and equally different capabilities. Connected cars and other pervasive devices, smart cities and especially the smartphone have meant PKI has struggled to maintain any consistent level of security. Security applications and protocols such as SSL / TLS and the hashing functions associated with the SHA (Secure Hash Algorithm) family have become particularly complicated in the delivery of safe and secure mobile commerce. On the Android platform, TLS 1.1 is available from version 4.1 (Jelly Bean) and SHA-256 is only available from version 5.0 (Lollipop) onwards, which is currently deployed on less than 10% of Android devices. At the same time, banks, service providers and software vendors are expected to deliver secure mobile applications to the broadest possible audience on the most Android operating systems. In the most extreme cases some mobile banking apps are still intended to run on Android version 2.3, which only supports SSL3.0 and SHA-1. Aging protocols represent a critical problem in both a commercial and a security sense with Google announcing that they will start penalizing secure HTTP (Hypertext Transfer Protocol) sites where certificate chains are using SHA-1 with validity past January 2017 2 . Inherent Security Flaws Associated with Interoperability As a byproduct of PKI’s need to incorporate a range of algorithms and protocols via the server / client handshake, the system becomes susceptible to a number of exploits and attacks whereby security protocols are renegotiated depending on the client device. This is exemplified by the likes of POODLE and FREAK where server and client “rollback” to less secure protocols. Then there’s threats such as CA (Certificate Authority) compromise, impersonation, side-channel attacks and MitM (Man in the Middle). As a security methodology, PKI’s hybrid cryptographic nature means that side-channel attacks are worthy of special mention. PKI combines asymmetric and symmetric cryptography, exchanging symmetric session keys over public networks following asymmetric authentication. Millions of these session keys are exchanged over public networks each year and this poses a huge attack vector for cybercriminals. Earlier this year the Royal Bank of Scotland claimed that their busiest branch is the 7.01am commuter train between Paddington and Reading, emphasizing how the risk profile of the average customer has changed and also how many more opportunities may have arisen for hackers targeting the PKI methodology. Even if the crypto algorithms themselves aren’t under attack, it’s logical that hackers will take the easiest path, which means they’ll seek to exploit a system through buffer overflows, SQL (Structured Query Language) injections, XSS (Cross-site Scripting), or by using packet sniffers which will seek to detect and use session keys which have been pilfered over open networks.
4150821_oml_pki_v1p | Public | © Omlis Limited 2015 Cost and Complexity Even if PKI users can iron out its most obvious algorithmic weaknesses such as migrating their applications to TLS 1.2 and SHA-2, the limiting factor all PKI schemes inevitably share is that they naturally incur a high degree of cost and complexity. This cost is represented not just in the initial capital expenditure, but also in the ongoing total cost of ownership. PKI relies on a variety of moving parts thus vastly reducing the service provider’s autonomy over their own security network. Certificate authorities become trusted third parties, providing the actual certificates and offering additional services such as hosted solutions; expensive third party administration is often needed due to the complexity and ongoing needs of the admin process. At the heart of the system, mission critical PKI implementations rely on costly HSMs (Hardware Security Modules) to store and generate keys, which are derived through equally costly and elaborate key generation ceremonies, requiring intensively manual implementation and maintenance programs. This is a particular pain point for companies, as evidenced in Thales’ “2015 Global Encryption and Key Management Trends Study”. 51% of respondents perceived key management to be the most important feature of an encryption technology solution, with 33% finding the ongoing management of these keys to be one of the biggest challenges in planning and executing an encryption strategy 3 . On top of this, PKI bears the burdensome cost of secure facilities, installation and configuration, complicated audits and a consistent level of staffing for continued maintenance, operation and monitoring. The blind use of PKI as a fix-all solution makes these costs an ongoing expense, leaving an obvious gap in the market for a rapidly deployable, low complexity, high security solution. A company with a PKI infrastructure can attempt to reduce complexity by using self-signed certificates but this in turn reduces levels of security and has a negative effect on the company’s security profile itself. If a web server detects a self-signed certificate, it’ll often display a security alert which is obviously bad public relations. Self-signed certificates once again demonstrate the mismatch of open networks and PKI. Hackers can attempt techniques such as ARP (Address Resolution Protocol) spoofing and DNS (Domain Name System) tampering to intercept traffic and redirect banking users to illegitimate sites or as the basis for DoS (Denial of Service) attacks. Alarmingly, a recent study by IOActive discovered that 40% of the global banking apps which they tested didn’t validate the authenticity of SSL certificates 4 . According to Ponemon, the total impact of an exploited enterprise mobility certificate is valued at $126m 5 . The prevalence of these attacks and the stratospheric costs associated with them have led NIST (National Institute of Standards and Technology) to publish actual industry guidelines entitled “Preparing for and Responding to Certification Authority Compromise and Fraudulent Certificate Issuance.”
5150821_oml_pki_v1p | Public | © Omlis Limited 2015 Transitioning into the Future PKI resembles a heavyweight and complex machinery in a world where security solutions are becoming far more fluid. Evolving threats and the perils of open networks mean that the next generation of internet usage demands modular and agile solutions which can be deployed from the cloud, are adaptable in nature and have a number of delivery methods such as EaaS (Encryption as a Service). As much as delivery models need to be adaptable to cross-platform usage, security needs to be consistent, using the most secure protocols and the most suitable key exchange methods. As we move towards network developments such as 5G and concepts such as Li-Fi, the digital world demands a perfectly fluid, adaptable and low cost solution to everyday encryption, working instead of, or in tandem with a PKI architecture. As much as this forward thinking approach is essential, tying together an expanding network of both legacy and cutting-edge devices is also key to interoperability and inclusion. The ability to unite a disparate set of legacy components with consistent, cross-platform security protocols is imperative in building the most inclusive network. The message is clear. Over the last few years PKI has been charged with the increasingly impossible task of absorbing a fragmented range of devices with a common set of encryption protocols. Rather than settling for patchwork variations of PKI and commissioning improper deployments across the IoT, we need to rethink how we implement security across a range of devices.
6150821_oml_pki_v1p | Public | © Omlis Limited 2015 1. https://www.venafi.com/assets/pdf/wp/ Ponemon_2015_Cost_of_Failed_Trust_ Report.pdf 2. http://blog.chromium.org/2014/09/gradually- sunsetting-sha-1.html 3. https://www.thales-esecurity.com/company/ press/news/2015/april/2015-global- encryption-and-key-management-trends- study-release 4. http://blog.ioactive.com/2014/01/personal- banking-apps-leak-info-through.html 5. https://www.venafi.com/assets/pdf/wp/ Ponemon_2015_Cost_of_Failed_Trust_ Report.pdf References Contributors The following individuals contributed to this report: Stéphane Roule Senior Technical Manager Nirmal Misra Senior Technical Manager Paul Holland Analyst Jack Stuart Assistant Analyst
Omlis Third Floor Tyne House Newcastle upon Tyne United Kingdom NE1 3JD +44 (0) 845 838 1308 info@omlis.com www.omlis.com © Omlis Limited 2015

Recommended

Reconsidering PKI and its Place in Your Enterprise Encryption Strategy
Reconsidering PKI and its Place in Your Enterprise Encryption StrategyReconsidering PKI and its Place in Your Enterprise Encryption Strategy
Reconsidering PKI and its Place in Your Enterprise Encryption StrategyNirmal Misra
 
150819_oml_pki_v1p
150819_oml_pki_v1p150819_oml_pki_v1p
150819_oml_pki_v1pStéphane Roule
 
Public Key Infrastructure (PKI) Market 2021 - Regional Outlook and Competitiv...
Public Key Infrastructure (PKI) Market 2021 - Regional Outlook and Competitiv...Public Key Infrastructure (PKI) Market 2021 - Regional Outlook and Competitiv...
Public Key Infrastructure (PKI) Market 2021 - Regional Outlook and Competitiv...PiyushHipparkar
 
SecureMAG Vol 3
SecureMAG Vol 3SecureMAG Vol 3
SecureMAG Vol 3Chin Wan Lim
 
E-commerce Security
E-commerce SecurityE-commerce Security
E-commerce SecurityLindsey Landolfi
 
Implementing High Grade Security in Cloud Application using Multifactor Auth...
Implementing High Grade Security in Cloud Application using Multifactor Auth...Implementing High Grade Security in Cloud Application using Multifactor Auth...
Implementing High Grade Security in Cloud Application using Multifactor Auth...IJwest
 
MIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the CloudMIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the CloudKumar Goud
 
SecureMAG Volume 6 - 2014
SecureMAG Volume 6 - 2014SecureMAG Volume 6 - 2014
SecureMAG Volume 6 - 2014Chin Wan Lim
 

Recommended

Reconsidering PKI and its Place in Your Enterprise Encryption Strategy
Reconsidering PKI and its Place in Your Enterprise Encryption StrategyReconsidering PKI and its Place in Your Enterprise Encryption Strategy
Reconsidering PKI and its Place in Your Enterprise Encryption StrategyNirmal Misra
 
150819_oml_pki_v1p
150819_oml_pki_v1p150819_oml_pki_v1p
150819_oml_pki_v1pStéphane Roule
 
Public Key Infrastructure (PKI) Market 2021 - Regional Outlook and Competitiv...
Public Key Infrastructure (PKI) Market 2021 - Regional Outlook and Competitiv...Public Key Infrastructure (PKI) Market 2021 - Regional Outlook and Competitiv...
Public Key Infrastructure (PKI) Market 2021 - Regional Outlook and Competitiv...PiyushHipparkar
 
SecureMAG Vol 3
SecureMAG Vol 3SecureMAG Vol 3
SecureMAG Vol 3Chin Wan Lim
 
E-commerce Security
E-commerce SecurityE-commerce Security
E-commerce SecurityLindsey Landolfi
 
Implementing High Grade Security in Cloud Application using Multifactor Auth...
Implementing High Grade Security in Cloud Application using Multifactor Auth...Implementing High Grade Security in Cloud Application using Multifactor Auth...
Implementing High Grade Security in Cloud Application using Multifactor Auth...IJwest
 
MIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the CloudMIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the CloudKumar Goud
 
SecureMAG Volume 6 - 2014
SecureMAG Volume 6 - 2014SecureMAG Volume 6 - 2014
SecureMAG Volume 6 - 2014Chin Wan Lim
 
SURVEY OF TRUST BASED BLUETOOTH AUTHENTICATION FOR MOBILE DEVICE
SURVEY OF TRUST BASED BLUETOOTH AUTHENTICATION FOR MOBILE DEVICESURVEY OF TRUST BASED BLUETOOTH AUTHENTICATION FOR MOBILE DEVICE
SURVEY OF TRUST BASED BLUETOOTH AUTHENTICATION FOR MOBILE DEVICEEditor IJMTER
 
Inside TorrentLocker (Cryptolocker) Malware C&C Server
Inside TorrentLocker (Cryptolocker) Malware C&C Server Inside TorrentLocker (Cryptolocker) Malware C&C Server
Inside TorrentLocker (Cryptolocker) Malware C&C Server Davide Cioccia
 
Efficient Data Security for Mobile Instant Messenger
Efficient Data Security for Mobile Instant MessengerEfficient Data Security for Mobile Instant Messenger
Efficient Data Security for Mobile Instant MessengerTELKOMNIKA JOURNAL
 
DEVELOPMENT OF SECURE CLOUD TRANSMISSION PROTOCOL (SCTP) ENGINEERING PHASES :...
DEVELOPMENT OF SECURE CLOUD TRANSMISSION PROTOCOL (SCTP) ENGINEERING PHASES :...DEVELOPMENT OF SECURE CLOUD TRANSMISSION PROTOCOL (SCTP) ENGINEERING PHASES :...
DEVELOPMENT OF SECURE CLOUD TRANSMISSION PROTOCOL (SCTP) ENGINEERING PHASES :...ijcisjournal
 
Efficient Data Security for Mobile Instant Messenger
Efficient Data Security for Mobile Instant MessengerEfficient Data Security for Mobile Instant Messenger
Efficient Data Security for Mobile Instant MessengerPutra Wanda
 
Emerging Threats to Digital Payments - Is Your Business Ready
Emerging Threats to Digital Payments - Is Your Business ReadyEmerging Threats to Digital Payments - Is Your Business Ready
Emerging Threats to Digital Payments - Is Your Business ReadyChukwunonso Okoro, CFE, CAMS, CRISC
 
Blockchain in telecom industry
Blockchain in telecom industryBlockchain in telecom industry
Blockchain in telecom industryCeline George
 
PKI_in_Depth__TATT__Niza_Ben_Neji__TMGC
PKI_in_Depth__TATT__Niza_Ben_Neji__TMGCPKI_in_Depth__TATT__Niza_Ben_Neji__TMGC
PKI_in_Depth__TATT__Niza_Ben_Neji__TMGCNizar Ben Neji
 
CTO-CybersecurityForum-2010-RonWilliams
CTO-CybersecurityForum-2010-RonWilliamsCTO-CybersecurityForum-2010-RonWilliams
CTO-CybersecurityForum-2010-RonWilliamssegughana
 
Enabling privacy and_traceability_in_supply_chains_using_blockchain_and_zero_...
Enabling privacy and_traceability_in_supply_chains_using_blockchain_and_zero_...Enabling privacy and_traceability_in_supply_chains_using_blockchain_and_zero_...
Enabling privacy and_traceability_in_supply_chains_using_blockchain_and_zero_...Cláudia Alves
 
TGC12 e book
TGC12 e bookTGC12 e book
TGC12 e bookSadiq Malik
 
Data Protection & Privacy During the Coronavirus Pandemic
Data Protection & Privacy During the Coronavirus PandemicData Protection & Privacy During the Coronavirus Pandemic
Data Protection & Privacy During the Coronavirus PandemicUlf Mattsson
 
INSECURE Magazine - 35
INSECURE Magazine - 35INSECURE Magazine - 35
INSECURE Magazine - 35Felipe Prado
 
Construction Project Collaboration 030210
Construction Project Collaboration 030210Construction Project Collaboration 030210
Construction Project Collaboration 030210Alasdair Kilgour
 
Keyloggers A Malicious Attack
Keyloggers A Malicious AttackKeyloggers A Malicious Attack
Keyloggers A Malicious Attackijtsrd
 
IRJET- Graphical Secret Code in Internet Banking for Improved Security Transa...
IRJET- Graphical Secret Code in Internet Banking for Improved Security Transa...IRJET- Graphical Secret Code in Internet Banking for Improved Security Transa...
IRJET- Graphical Secret Code in Internet Banking for Improved Security Transa...IRJET Journal
 
IRJET- Blockchain Technology in Cloud Computing : A Systematic Review
IRJET- Blockchain Technology in Cloud Computing : A Systematic ReviewIRJET- Blockchain Technology in Cloud Computing : A Systematic Review
IRJET- Blockchain Technology in Cloud Computing : A Systematic ReviewIRJET Journal
 
IRJET- An Approach to Authenticating Devise in IoT using Blockchain
IRJET- An Approach to Authenticating Devise in IoT using BlockchainIRJET- An Approach to Authenticating Devise in IoT using Blockchain
IRJET- An Approach to Authenticating Devise in IoT using BlockchainIRJET Journal
 
2015 - 2016 IEEE Project Titles and abstracts in Java
2015 - 2016 IEEE Project Titles and abstracts in Java2015 - 2016 IEEE Project Titles and abstracts in Java
2015 - 2016 IEEE Project Titles and abstracts in JavaPapitha Velumani
 
Layer8 exploitation: Lock'n Load Target
Layer8 exploitation: Lock'n Load TargetLayer8 exploitation: Lock'n Load Target
Layer8 exploitation: Lock'n Load TargetPrathan Phongthiproek
 
Формирование лояльных клиентов, Павел Соболев, руководитель отдела продаж UIS
Формирование лояльных клиентов, Павел Соболев, руководитель отдела продаж UISФормирование лояльных клиентов, Павел Соболев, руководитель отдела продаж UIS
Формирование лояльных клиентов, Павел Соболев, руководитель отдела продаж UISCoMagic
 
11 iz s
11 iz s11 iz s
11 iz sYchebnikRU1
 

More Related Content

What's hot

SURVEY OF TRUST BASED BLUETOOTH AUTHENTICATION FOR MOBILE DEVICE
SURVEY OF TRUST BASED BLUETOOTH AUTHENTICATION FOR MOBILE DEVICESURVEY OF TRUST BASED BLUETOOTH AUTHENTICATION FOR MOBILE DEVICE
SURVEY OF TRUST BASED BLUETOOTH AUTHENTICATION FOR MOBILE DEVICEEditor IJMTER
 
Inside TorrentLocker (Cryptolocker) Malware C&C Server
Inside TorrentLocker (Cryptolocker) Malware C&C Server Inside TorrentLocker (Cryptolocker) Malware C&C Server
Inside TorrentLocker (Cryptolocker) Malware C&C Server Davide Cioccia
 
Efficient Data Security for Mobile Instant Messenger
Efficient Data Security for Mobile Instant MessengerEfficient Data Security for Mobile Instant Messenger
Efficient Data Security for Mobile Instant MessengerTELKOMNIKA JOURNAL
 
DEVELOPMENT OF SECURE CLOUD TRANSMISSION PROTOCOL (SCTP) ENGINEERING PHASES :...
DEVELOPMENT OF SECURE CLOUD TRANSMISSION PROTOCOL (SCTP) ENGINEERING PHASES :...DEVELOPMENT OF SECURE CLOUD TRANSMISSION PROTOCOL (SCTP) ENGINEERING PHASES :...
DEVELOPMENT OF SECURE CLOUD TRANSMISSION PROTOCOL (SCTP) ENGINEERING PHASES :...ijcisjournal
 
Efficient Data Security for Mobile Instant Messenger
Efficient Data Security for Mobile Instant MessengerEfficient Data Security for Mobile Instant Messenger
Efficient Data Security for Mobile Instant MessengerPutra Wanda
 
Blockchain in telecom industry
Blockchain in telecom industryBlockchain in telecom industry
Blockchain in telecom industryCeline George
 
PKI_in_Depth__TATT__Niza_Ben_Neji__TMGC
PKI_in_Depth__TATT__Niza_Ben_Neji__TMGCPKI_in_Depth__TATT__Niza_Ben_Neji__TMGC
PKI_in_Depth__TATT__Niza_Ben_Neji__TMGCNizar Ben Neji
 
CTO-CybersecurityForum-2010-RonWilliams
CTO-CybersecurityForum-2010-RonWilliamsCTO-CybersecurityForum-2010-RonWilliams
CTO-CybersecurityForum-2010-RonWilliamssegughana
 
Enabling privacy and_traceability_in_supply_chains_using_blockchain_and_zero_...
Enabling privacy and_traceability_in_supply_chains_using_blockchain_and_zero_...Enabling privacy and_traceability_in_supply_chains_using_blockchain_and_zero_...
Enabling privacy and_traceability_in_supply_chains_using_blockchain_and_zero_...Cláudia Alves
 
Data Protection & Privacy During the Coronavirus Pandemic
Data Protection & Privacy During the Coronavirus PandemicData Protection & Privacy During the Coronavirus Pandemic
Data Protection & Privacy During the Coronavirus PandemicUlf Mattsson
 
INSECURE Magazine - 35
INSECURE Magazine - 35INSECURE Magazine - 35
INSECURE Magazine - 35Felipe Prado
 
Construction Project Collaboration 030210
Construction Project Collaboration 030210Construction Project Collaboration 030210
Construction Project Collaboration 030210Alasdair Kilgour
 
Keyloggers A Malicious Attack
Keyloggers A Malicious AttackKeyloggers A Malicious Attack
Keyloggers A Malicious Attackijtsrd
 
IRJET- Graphical Secret Code in Internet Banking for Improved Security Transa...
IRJET- Graphical Secret Code in Internet Banking for Improved Security Transa...IRJET- Graphical Secret Code in Internet Banking for Improved Security Transa...
IRJET- Graphical Secret Code in Internet Banking for Improved Security Transa...IRJET Journal
 
IRJET- Blockchain Technology in Cloud Computing : A Systematic Review
IRJET- Blockchain Technology in Cloud Computing : A Systematic ReviewIRJET- Blockchain Technology in Cloud Computing : A Systematic Review
IRJET- Blockchain Technology in Cloud Computing : A Systematic ReviewIRJET Journal
 
IRJET- An Approach to Authenticating Devise in IoT using Blockchain
IRJET- An Approach to Authenticating Devise in IoT using BlockchainIRJET- An Approach to Authenticating Devise in IoT using Blockchain
IRJET- An Approach to Authenticating Devise in IoT using BlockchainIRJET Journal
 
2015 - 2016 IEEE Project Titles and abstracts in Java
2015 - 2016 IEEE Project Titles and abstracts in Java2015 - 2016 IEEE Project Titles and abstracts in Java
2015 - 2016 IEEE Project Titles and abstracts in JavaPapitha Velumani
 
Layer8 exploitation: Lock'n Load Target
Layer8 exploitation: Lock'n Load TargetLayer8 exploitation: Lock'n Load Target
Layer8 exploitation: Lock'n Load TargetPrathan Phongthiproek
 

What's hot (20)

SURVEY OF TRUST BASED BLUETOOTH AUTHENTICATION FOR MOBILE DEVICE
SURVEY OF TRUST BASED BLUETOOTH AUTHENTICATION FOR MOBILE DEVICESURVEY OF TRUST BASED BLUETOOTH AUTHENTICATION FOR MOBILE DEVICE
SURVEY OF TRUST BASED BLUETOOTH AUTHENTICATION FOR MOBILE DEVICE
 
Inside TorrentLocker (Cryptolocker) Malware C&C Server
Inside TorrentLocker (Cryptolocker) Malware C&C Server Inside TorrentLocker (Cryptolocker) Malware C&C Server
Inside TorrentLocker (Cryptolocker) Malware C&C Server
 
Efficient Data Security for Mobile Instant Messenger
Efficient Data Security for Mobile Instant MessengerEfficient Data Security for Mobile Instant Messenger
Efficient Data Security for Mobile Instant Messenger
 
DEVELOPMENT OF SECURE CLOUD TRANSMISSION PROTOCOL (SCTP) ENGINEERING PHASES :...
DEVELOPMENT OF SECURE CLOUD TRANSMISSION PROTOCOL (SCTP) ENGINEERING PHASES :...DEVELOPMENT OF SECURE CLOUD TRANSMISSION PROTOCOL (SCTP) ENGINEERING PHASES :...
DEVELOPMENT OF SECURE CLOUD TRANSMISSION PROTOCOL (SCTP) ENGINEERING PHASES :...
 
Efficient Data Security for Mobile Instant Messenger
Efficient Data Security for Mobile Instant MessengerEfficient Data Security for Mobile Instant Messenger
Efficient Data Security for Mobile Instant Messenger
 
Emerging Threats to Digital Payments - Is Your Business Ready
Emerging Threats to Digital Payments - Is Your Business ReadyEmerging Threats to Digital Payments - Is Your Business Ready
Emerging Threats to Digital Payments - Is Your Business Ready
 
Blockchain in telecom industry
Blockchain in telecom industryBlockchain in telecom industry
Blockchain in telecom industry
 
PKI_in_Depth__TATT__Niza_Ben_Neji__TMGC
PKI_in_Depth__TATT__Niza_Ben_Neji__TMGCPKI_in_Depth__TATT__Niza_Ben_Neji__TMGC
PKI_in_Depth__TATT__Niza_Ben_Neji__TMGC
 
CTO-CybersecurityForum-2010-RonWilliams
CTO-CybersecurityForum-2010-RonWilliamsCTO-CybersecurityForum-2010-RonWilliams
CTO-CybersecurityForum-2010-RonWilliams
 
Enabling privacy and_traceability_in_supply_chains_using_blockchain_and_zero_...
Enabling privacy and_traceability_in_supply_chains_using_blockchain_and_zero_...Enabling privacy and_traceability_in_supply_chains_using_blockchain_and_zero_...
Enabling privacy and_traceability_in_supply_chains_using_blockchain_and_zero_...
 
TGC12 e book
TGC12 e bookTGC12 e book
TGC12 e book
 
Data Protection & Privacy During the Coronavirus Pandemic
Data Protection & Privacy During the Coronavirus PandemicData Protection & Privacy During the Coronavirus Pandemic
Data Protection & Privacy During the Coronavirus Pandemic
 
INSECURE Magazine - 35
INSECURE Magazine - 35INSECURE Magazine - 35
INSECURE Magazine - 35
 
Construction Project Collaboration 030210
Construction Project Collaboration 030210Construction Project Collaboration 030210
Construction Project Collaboration 030210
 
Keyloggers A Malicious Attack
Keyloggers A Malicious AttackKeyloggers A Malicious Attack
Keyloggers A Malicious Attack
 
IRJET- Graphical Secret Code in Internet Banking for Improved Security Transa...
IRJET- Graphical Secret Code in Internet Banking for Improved Security Transa...IRJET- Graphical Secret Code in Internet Banking for Improved Security Transa...
IRJET- Graphical Secret Code in Internet Banking for Improved Security Transa...
 
IRJET- Blockchain Technology in Cloud Computing : A Systematic Review
IRJET- Blockchain Technology in Cloud Computing : A Systematic ReviewIRJET- Blockchain Technology in Cloud Computing : A Systematic Review
IRJET- Blockchain Technology in Cloud Computing : A Systematic Review
 
IRJET- An Approach to Authenticating Devise in IoT using Blockchain
IRJET- An Approach to Authenticating Devise in IoT using BlockchainIRJET- An Approach to Authenticating Devise in IoT using Blockchain
IRJET- An Approach to Authenticating Devise in IoT using Blockchain
 
2015 - 2016 IEEE Project Titles and abstracts in Java
2015 - 2016 IEEE Project Titles and abstracts in Java2015 - 2016 IEEE Project Titles and abstracts in Java
2015 - 2016 IEEE Project Titles and abstracts in Java
 
Layer8 exploitation: Lock'n Load Target
Layer8 exploitation: Lock'n Load TargetLayer8 exploitation: Lock'n Load Target
Layer8 exploitation: Lock'n Load Target
 

Viewers also liked

Формирование лояльных клиентов, Павел Соболев, руководитель отдела продаж UIS
Формирование лояльных клиентов, Павел Соболев, руководитель отдела продаж UISФормирование лояльных клиентов, Павел Соболев, руководитель отдела продаж UIS
Формирование лояльных клиентов, Павел Соболев, руководитель отдела продаж UISCoMagic
 
Vanderbilt University Medical Center: My Southern Health: A "content-first" a...
Vanderbilt University Medical Center: My Southern Health: A "content-first" a...Vanderbilt University Medical Center: My Southern Health: A "content-first" a...
Vanderbilt University Medical Center: My Southern Health: A "content-first" a...SocialMedia.org Health
 
Mihailov 11klass1
Mihailov 11klass1Mihailov 11klass1
Mihailov 11klass1qwasar1
 
Methodist Le Bonheur Healthcare: Storytelling: Using strong storytelling to i...
Methodist Le Bonheur Healthcare: Storytelling: Using strong storytelling to i...Methodist Le Bonheur Healthcare: Storytelling: Using strong storytelling to i...
Methodist Le Bonheur Healthcare: Storytelling: Using strong storytelling to i...SocialMedia.org Health
 
Функционал и ежедневная отчетность отдела продаж. влияние и роль собственника...
Функционал и ежедневная отчетность отдела продаж. влияние и роль собственника...Функционал и ежедневная отчетность отдела продаж. влияние и роль собственника...
Функционал и ежедневная отчетность отдела продаж. влияние и роль собственника...Тетервак Дмитрий
 
Etihad Airway’s Product Offerings, Key Success Factors, Critical Issues, Miss...
Etihad Airway’s Product Offerings, Key Success Factors, Critical Issues, Miss...Etihad Airway’s Product Offerings, Key Success Factors, Critical Issues, Miss...
Etihad Airway’s Product Offerings, Key Success Factors, Critical Issues, Miss...Arshed Aydrose
 
Red Lobster: Mapping the journey to Crabfest, presented by Carl Allen
Red Lobster: Mapping the journey to Crabfest, presented by Carl AllenRed Lobster: Mapping the journey to Crabfest, presented by Carl Allen
Red Lobster: Mapping the journey to Crabfest, presented by Carl AllenSocialMedia.org
 
Fire Prevention Planning Training by EHSS Virginia Tech
Fire Prevention Planning Training by EHSS Virginia TechFire Prevention Planning Training by EHSS Virginia Tech
Fire Prevention Planning Training by EHSS Virginia TechAtlantic Training, LLC.
 

Viewers also liked (20)

Формирование лояльных клиентов, Павел Соболев, руководитель отдела продаж UIS
Формирование лояльных клиентов, Павел Соболев, руководитель отдела продаж UISФормирование лояльных клиентов, Павел Соболев, руководитель отдела продаж UIS
Формирование лояльных клиентов, Павел Соболев, руководитель отдела продаж UIS
 
11 iz s
11 iz s11 iz s
11 iz s
 
Vanderbilt University Medical Center: My Southern Health: A "content-first" a...
Vanderbilt University Medical Center: My Southern Health: A "content-first" a...Vanderbilt University Medical Center: My Southern Health: A "content-first" a...
Vanderbilt University Medical Center: My Southern Health: A "content-first" a...
 
Mihailov 11klass1
Mihailov 11klass1Mihailov 11klass1
Mihailov 11klass1
 
Methodist Le Bonheur Healthcare: Storytelling: Using strong storytelling to i...
Methodist Le Bonheur Healthcare: Storytelling: Using strong storytelling to i...Methodist Le Bonheur Healthcare: Storytelling: Using strong storytelling to i...
Methodist Le Bonheur Healthcare: Storytelling: Using strong storytelling to i...
 
Андрей Бадин. Проектные сервисы. Ускоренный метод внедрения проектного управл...
Андрей Бадин. Проектные сервисы. Ускоренный метод внедрения проектного управл...Андрей Бадин. Проектные сервисы. Ускоренный метод внедрения проектного управл...
Андрей Бадин. Проектные сервисы. Ускоренный метод внедрения проектного управл...
 
Функционал и ежедневная отчетность отдела продаж. влияние и роль собственника...
Функционал и ежедневная отчетность отдела продаж. влияние и роль собственника...Функционал и ежедневная отчетность отдела продаж. влияние и роль собственника...
Функционал и ежедневная отчетность отдела продаж. влияние и роль собственника...
 
11 ayst b
11 ayst b11 ayst b
11 ayst b
 
Etihad Airway’s Product Offerings, Key Success Factors, Critical Issues, Miss...
Etihad Airway’s Product Offerings, Key Success Factors, Critical Issues, Miss...Etihad Airway’s Product Offerings, Key Success Factors, Critical Issues, Miss...
Etihad Airway’s Product Offerings, Key Success Factors, Critical Issues, Miss...
 
Artsofte for b2 b
Artsofte for b2 b Artsofte for b2 b
Artsofte for b2 b
 
8 mkh s
8 mkh s8 mkh s
8 mkh s
 
10 l kur
10 l kur10 l kur
10 l kur
 
10 l2 k
10 l2 k10 l2 k
10 l2 k
 
6 mtt b
6 mtt b6 mtt b
6 mtt b
 
Red Lobster: Mapping the journey to Crabfest, presented by Carl Allen
Red Lobster: Mapping the journey to Crabfest, presented by Carl AllenRed Lobster: Mapping the journey to Crabfest, presented by Carl Allen
Red Lobster: Mapping the journey to Crabfest, presented by Carl Allen
 
9 lh2 k
9 lh2 k9 lh2 k
9 lh2 k
 
Fire Safety Training by
Fire Safety Training byFire Safety Training by
Fire Safety Training by
 
Emergency Action Plans Training by NMED
Emergency Action Plans Training by NMEDEmergency Action Plans Training by NMED
Emergency Action Plans Training by NMED
 
Fire Prevention Planning Training by EHSS Virginia Tech
Fire Prevention Planning Training by EHSS Virginia TechFire Prevention Planning Training by EHSS Virginia Tech
Fire Prevention Planning Training by EHSS Virginia Tech
 
Creative, Digital and Design Business Briefing - June 2016
Creative, Digital and Design Business Briefing - June 2016Creative, Digital and Design Business Briefing - June 2016
Creative, Digital and Design Business Briefing - June 2016
 

Similar to Reconsidering Public Key Infrastructure and its Place in Your Enterprise Strategy

Reinventing Cybersecurity in the Internet of Things
Reinventing Cybersecurity in the Internet of ThingsReinventing Cybersecurity in the Internet of Things
Reinventing Cybersecurity in the Internet of ThingsNirmal Misra
 
151022_oml_reinventing_cybersecurity_IoT_v1p
151022_oml_reinventing_cybersecurity_IoT_v1p151022_oml_reinventing_cybersecurity_IoT_v1p
151022_oml_reinventing_cybersecurity_IoT_v1pStéphane Roule
 
"Is your browser secure? Breaking cryptography in PKI based systems, opening ...
"Is your browser secure? Breaking cryptography in PKI based systems, opening ..."Is your browser secure? Breaking cryptography in PKI based systems, opening ...
"Is your browser secure? Breaking cryptography in PKI based systems, opening ...PROIDEA
 
Securing Tomorrow Unveiling the Future of Digital Trust with PKI - DrySign
Securing Tomorrow Unveiling the Future of Digital Trust with PKI - DrySignSecuring Tomorrow Unveiling the Future of Digital Trust with PKI - DrySign
Securing Tomorrow Unveiling the Future of Digital Trust with PKI - DrySignDrysign By Exela
 
Communications Technologies
Communications TechnologiesCommunications Technologies
Communications TechnologiesSarah Jimenez
 
BIOMETRIC SMARTCARD AUTHENTICATION FOR FOG COMPUTING
BIOMETRIC SMARTCARD AUTHENTICATION FOR FOG COMPUTINGBIOMETRIC SMARTCARD AUTHENTICATION FOR FOG COMPUTING
BIOMETRIC SMARTCARD AUTHENTICATION FOR FOG COMPUTINGIJNSA Journal
 
BIOMETRIC SMARTCARD AUTHENTICATION FOR FOG COMPUTING
BIOMETRIC SMARTCARD AUTHENTICATION FOR FOG COMPUTINGBIOMETRIC SMARTCARD AUTHENTICATION FOR FOG COMPUTING
BIOMETRIC SMARTCARD AUTHENTICATION FOR FOG COMPUTINGIJNSA Journal
 
Digital certificate management v1 (Draft)
Digital certificate management v1 (Draft)Digital certificate management v1 (Draft)
Digital certificate management v1 (Draft)Avirot Mitamura
 
Improve network safety through better visibility – Netmagic
Improve network safety through better visibility – NetmagicImprove network safety through better visibility – Netmagic
Improve network safety through better visibility – NetmagicNetmagic Solutions Pvt. Ltd.
 
Secure ip payment networks what's available other than ssl - final
Secure ip payment networks what's available other than ssl - finalSecure ip payment networks what's available other than ssl - final
Secure ip payment networks what's available other than ssl - finalAlex Tan
 
Blockchain Defined Perimeter (BDP) - Maximum cybersecurity for critical syste...
Blockchain Defined Perimeter (BDP) - Maximum cybersecurity for critical syste...Blockchain Defined Perimeter (BDP) - Maximum cybersecurity for critical syste...
Blockchain Defined Perimeter (BDP) - Maximum cybersecurity for critical syste...Floyd DCosta
 
Securing Digital_Adams
Securing Digital_AdamsSecuring Digital_Adams
Securing Digital_AdamsJulius Adams
 
Debunking the Myths of SSL VPN Security
Debunking the Myths of SSL VPN SecurityDebunking the Myths of SSL VPN Security
Debunking the Myths of SSL VPN Securityinside-BigData.com
 
An Identity-Based Mutual Authentication with Key Agreement
An Identity-Based Mutual Authentication with Key AgreementAn Identity-Based Mutual Authentication with Key Agreement
An Identity-Based Mutual Authentication with Key Agreementijtsrd
 
TURNING THE DISRUPTIVE POWER OF BLOCKCHAIN IN THE INSURANCE MARKET INTO INNOV...
TURNING THE DISRUPTIVE POWER OF BLOCKCHAIN IN THE INSURANCE MARKET INTO INNOV...TURNING THE DISRUPTIVE POWER OF BLOCKCHAIN IN THE INSURANCE MARKET INTO INNOV...
TURNING THE DISRUPTIVE POWER OF BLOCKCHAIN IN THE INSURANCE MARKET INTO INNOV...IJNSA Journal
 
Evolving regulations are changing the way we think about tools and technology
Evolving regulations are changing the way we think about tools and technologyEvolving regulations are changing the way we think about tools and technology
Evolving regulations are changing the way we think about tools and technologyUlf Mattsson
 
VET4SBO Level 2 module 6 - unit 4 - v0.9 en
VET4SBO Level 2 module 6 - unit 4 - v0.9 enVET4SBO Level 2 module 6 - unit 4 - v0.9 en
VET4SBO Level 2 module 6 - unit 4 - v0.9 enKarel Van Isacker
 
Security issues in cloud
Security issues in cloudSecurity issues in cloud
Security issues in cloudWipro
 

Similar to Reconsidering Public Key Infrastructure and its Place in Your Enterprise Strategy (20)

150819_oml_pki_v1p
150819_oml_pki_v1p150819_oml_pki_v1p
150819_oml_pki_v1p
 
Reinventing Cybersecurity in the Internet of Things
Reinventing Cybersecurity in the Internet of ThingsReinventing Cybersecurity in the Internet of Things
Reinventing Cybersecurity in the Internet of Things
 
151022_oml_reinventing_cybersecurity_IoT_v1p
151022_oml_reinventing_cybersecurity_IoT_v1p151022_oml_reinventing_cybersecurity_IoT_v1p
151022_oml_reinventing_cybersecurity_IoT_v1p
 
"Is your browser secure? Breaking cryptography in PKI based systems, opening ...
"Is your browser secure? Breaking cryptography in PKI based systems, opening ..."Is your browser secure? Breaking cryptography in PKI based systems, opening ...
"Is your browser secure? Breaking cryptography in PKI based systems, opening ...
 
Securing Tomorrow Unveiling the Future of Digital Trust with PKI - DrySign
Securing Tomorrow Unveiling the Future of Digital Trust with PKI - DrySignSecuring Tomorrow Unveiling the Future of Digital Trust with PKI - DrySign
Securing Tomorrow Unveiling the Future of Digital Trust with PKI - DrySign
 
Communications Technologies
Communications TechnologiesCommunications Technologies
Communications Technologies
 
BIOMETRIC SMARTCARD AUTHENTICATION FOR FOG COMPUTING
BIOMETRIC SMARTCARD AUTHENTICATION FOR FOG COMPUTINGBIOMETRIC SMARTCARD AUTHENTICATION FOR FOG COMPUTING
BIOMETRIC SMARTCARD AUTHENTICATION FOR FOG COMPUTING
 
BIOMETRIC SMARTCARD AUTHENTICATION FOR FOG COMPUTING
BIOMETRIC SMARTCARD AUTHENTICATION FOR FOG COMPUTINGBIOMETRIC SMARTCARD AUTHENTICATION FOR FOG COMPUTING
BIOMETRIC SMARTCARD AUTHENTICATION FOR FOG COMPUTING
 
Digital certificate management v1 (Draft)
Digital certificate management v1 (Draft)Digital certificate management v1 (Draft)
Digital certificate management v1 (Draft)
 
Improve network safety through better visibility – Netmagic
Improve network safety through better visibility – NetmagicImprove network safety through better visibility – Netmagic
Improve network safety through better visibility – Netmagic
 
Secure ip payment networks what's available other than ssl - final
Secure ip payment networks what's available other than ssl - finalSecure ip payment networks what's available other than ssl - final
Secure ip payment networks what's available other than ssl - final
 
Blockchain Defined Perimeter (BDP) - Maximum cybersecurity for critical syste...
Blockchain Defined Perimeter (BDP) - Maximum cybersecurity for critical syste...Blockchain Defined Perimeter (BDP) - Maximum cybersecurity for critical syste...
Blockchain Defined Perimeter (BDP) - Maximum cybersecurity for critical syste...
 
Securing Digital_Adams
Securing Digital_AdamsSecuring Digital_Adams
Securing Digital_Adams
 
Debunking the Myths of SSL VPN Security
Debunking the Myths of SSL VPN SecurityDebunking the Myths of SSL VPN Security
Debunking the Myths of SSL VPN Security
 
An Identity-Based Mutual Authentication with Key Agreement
An Identity-Based Mutual Authentication with Key AgreementAn Identity-Based Mutual Authentication with Key Agreement
An Identity-Based Mutual Authentication with Key Agreement
 
TURNING THE DISRUPTIVE POWER OF BLOCKCHAIN IN THE INSURANCE MARKET INTO INNOV...
TURNING THE DISRUPTIVE POWER OF BLOCKCHAIN IN THE INSURANCE MARKET INTO INNOV...TURNING THE DISRUPTIVE POWER OF BLOCKCHAIN IN THE INSURANCE MARKET INTO INNOV...
TURNING THE DISRUPTIVE POWER OF BLOCKCHAIN IN THE INSURANCE MARKET INTO INNOV...
 
Evolving regulations are changing the way we think about tools and technology
Evolving regulations are changing the way we think about tools and technologyEvolving regulations are changing the way we think about tools and technology
Evolving regulations are changing the way we think about tools and technology
 
VET4SBO Level 2 module 6 - unit 4 - v0.9 en
VET4SBO Level 2 module 6 - unit 4 - v0.9 enVET4SBO Level 2 module 6 - unit 4 - v0.9 en
VET4SBO Level 2 module 6 - unit 4 - v0.9 en
 
Security issues in cloud
Security issues in cloudSecurity issues in cloud
Security issues in cloud
 
Cybersecurity Slides
Cybersecurity SlidesCybersecurity Slides
Cybersecurity Slides
 

Recently uploaded

FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Zilliz
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMKumar Satyam
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 

Recently uploaded (20)

FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDM
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 

Reconsidering Public Key Infrastructure and its Place in Your Enterprise Strategy

  • 1. Reconsidering PKI and its Place in Your Enterprise Encryption Strategy 150821_oml_v1p | Public | © Omlis Limited 2015
  • 2. 1150821_oml_pki_v1p | Public | © Omlis Limited 2015 Contents Introduction 2 Smartphone, IoT and Fragmented Platforms Bring Challenges and Inconsistencies to PKI 3 Inherent Security Flaws Associated with Interoperability 3 Cost and Complexity 4 Transitioning into the Future 5 References 6 Contributors 6
  • 3. 2150821_oml_pki_v1p | Public | © Omlis Limited 2015 Introduction Three years ago, Gartner made the claim that certificates can no longer be blindly trusted; a statement which seems more and more prophetic as the digital world relentlessly develops its capabilities at a pace which digital certificates is struggling to maintain. In an era of SDNs (Software-defined Networks), cloud implementation and lightweight agile solutions, many modern deployments of the certificate-based security methodology known as PKI (Public Key Infrastructure) are beginning to look increasingly outmoded, representing a very manual and increasingly unmanageable approach. PKI has undoubtedly formed an integral part of internet security, but the SSL (Secure Sockets Layer) / TLS (Transport Layer Security) based system is proving increasingly vulnerable under the weight of the latest digital ecosystem. Whilst PKI was at best acceptable for desktops and laptops operating over closed networks inside corporate firewalls, the mobile revolution has exposed existing cracks, making the commonly accepted methodology look cumbersome and ultimately, unsecure. PKI still has a role to play in the less ‘mission critical’ aspects of internet security, and to start describing it as a legacy architecture is premature, but within an increasingly connected world, it clearly needs to narrow the scope of its usage. According to research from Ponemon’s paper entitled “2015 Cost of Failed Trust Report” the average number of keys and certificates in use has grown at a rate of over 34% to 24,000 per enterprise 1 . For PKI to remain effective it must rein-in these levels of expansion and learn to co-exist with powerful, secure and more versatile forms of encryption. To provide context, it’s often stated that we’re at the third of the internet’s biggest evolutionary stages: we began with the era of mainframes and terminals, before moving to the second evolutionary platform which constituted the client / server model thereby introducing us to internet / LAN (Local Area Network), or “Web 2.0” as it was often labeled in the media. This was the climate in which PKI began to thrive, lasting until around 2005 when the net began to take on new dimensions. We’re now fully submerged in “Platform 3.0”, which is defined as an era of mobile, cloud, big data, IoT (Internet of Things), M2M (Machine- to-Machine), and BYOD (Bring Your Own Device) which brings with it a unique set of security demands.
  • 4. 3150821_oml_pki_v1p | Public | © Omlis Limited 2015 Smartphone, IoT and Fragmented Platforms Bring Challenges and Inconsistencies to PKI If PKI reached its practical zenith under the narrow platform of laptops and desktops, the IoT and the smartphone could represent the beginning of its demise due to an abundance of devices and operating systems all having different security requirements and equally different capabilities. Connected cars and other pervasive devices, smart cities and especially the smartphone have meant PKI has struggled to maintain any consistent level of security. Security applications and protocols such as SSL / TLS and the hashing functions associated with the SHA (Secure Hash Algorithm) family have become particularly complicated in the delivery of safe and secure mobile commerce. On the Android platform, TLS 1.1 is available from version 4.1 (Jelly Bean) and SHA-256 is only available from version 5.0 (Lollipop) onwards, which is currently deployed on less than 10% of Android devices. At the same time, banks, service providers and software vendors are expected to deliver secure mobile applications to the broadest possible audience on the most Android operating systems. In the most extreme cases some mobile banking apps are still intended to run on Android version 2.3, which only supports SSL3.0 and SHA-1. Aging protocols represent a critical problem in both a commercial and a security sense with Google announcing that they will start penalizing secure HTTP (Hypertext Transfer Protocol) sites where certificate chains are using SHA-1 with validity past January 2017 2 . Inherent Security Flaws Associated with Interoperability As a byproduct of PKI’s need to incorporate a range of algorithms and protocols via the server / client handshake, the system becomes susceptible to a number of exploits and attacks whereby security protocols are renegotiated depending on the client device. This is exemplified by the likes of POODLE and FREAK where server and client “rollback” to less secure protocols. Then there’s threats such as CA (Certificate Authority) compromise, impersonation, side-channel attacks and MitM (Man in the Middle). As a security methodology, PKI’s hybrid cryptographic nature means that side-channel attacks are worthy of special mention. PKI combines asymmetric and symmetric cryptography, exchanging symmetric session keys over public networks following asymmetric authentication. Millions of these session keys are exchanged over public networks each year and this poses a huge attack vector for cybercriminals. Earlier this year the Royal Bank of Scotland claimed that their busiest branch is the 7.01am commuter train between Paddington and Reading, emphasizing how the risk profile of the average customer has changed and also how many more opportunities may have arisen for hackers targeting the PKI methodology. Even if the crypto algorithms themselves aren’t under attack, it’s logical that hackers will take the easiest path, which means they’ll seek to exploit a system through buffer overflows, SQL (Structured Query Language) injections, XSS (Cross-site Scripting), or by using packet sniffers which will seek to detect and use session keys which have been pilfered over open networks.
  • 5. 4150821_oml_pki_v1p | Public | © Omlis Limited 2015 Cost and Complexity Even if PKI users can iron out its most obvious algorithmic weaknesses such as migrating their applications to TLS 1.2 and SHA-2, the limiting factor all PKI schemes inevitably share is that they naturally incur a high degree of cost and complexity. This cost is represented not just in the initial capital expenditure, but also in the ongoing total cost of ownership. PKI relies on a variety of moving parts thus vastly reducing the service provider’s autonomy over their own security network. Certificate authorities become trusted third parties, providing the actual certificates and offering additional services such as hosted solutions; expensive third party administration is often needed due to the complexity and ongoing needs of the admin process. At the heart of the system, mission critical PKI implementations rely on costly HSMs (Hardware Security Modules) to store and generate keys, which are derived through equally costly and elaborate key generation ceremonies, requiring intensively manual implementation and maintenance programs. This is a particular pain point for companies, as evidenced in Thales’ “2015 Global Encryption and Key Management Trends Study”. 51% of respondents perceived key management to be the most important feature of an encryption technology solution, with 33% finding the ongoing management of these keys to be one of the biggest challenges in planning and executing an encryption strategy 3 . On top of this, PKI bears the burdensome cost of secure facilities, installation and configuration, complicated audits and a consistent level of staffing for continued maintenance, operation and monitoring. The blind use of PKI as a fix-all solution makes these costs an ongoing expense, leaving an obvious gap in the market for a rapidly deployable, low complexity, high security solution. A company with a PKI infrastructure can attempt to reduce complexity by using self-signed certificates but this in turn reduces levels of security and has a negative effect on the company’s security profile itself. If a web server detects a self-signed certificate, it’ll often display a security alert which is obviously bad public relations. Self-signed certificates once again demonstrate the mismatch of open networks and PKI. Hackers can attempt techniques such as ARP (Address Resolution Protocol) spoofing and DNS (Domain Name System) tampering to intercept traffic and redirect banking users to illegitimate sites or as the basis for DoS (Denial of Service) attacks. Alarmingly, a recent study by IOActive discovered that 40% of the global banking apps which they tested didn’t validate the authenticity of SSL certificates 4 . According to Ponemon, the total impact of an exploited enterprise mobility certificate is valued at $126m 5 . The prevalence of these attacks and the stratospheric costs associated with them have led NIST (National Institute of Standards and Technology) to publish actual industry guidelines entitled “Preparing for and Responding to Certification Authority Compromise and Fraudulent Certificate Issuance.”
  • 6. 5150821_oml_pki_v1p | Public | © Omlis Limited 2015 Transitioning into the Future PKI resembles a heavyweight and complex machinery in a world where security solutions are becoming far more fluid. Evolving threats and the perils of open networks mean that the next generation of internet usage demands modular and agile solutions which can be deployed from the cloud, are adaptable in nature and have a number of delivery methods such as EaaS (Encryption as a Service). As much as delivery models need to be adaptable to cross-platform usage, security needs to be consistent, using the most secure protocols and the most suitable key exchange methods. As we move towards network developments such as 5G and concepts such as Li-Fi, the digital world demands a perfectly fluid, adaptable and low cost solution to everyday encryption, working instead of, or in tandem with a PKI architecture. As much as this forward thinking approach is essential, tying together an expanding network of both legacy and cutting-edge devices is also key to interoperability and inclusion. The ability to unite a disparate set of legacy components with consistent, cross-platform security protocols is imperative in building the most inclusive network. The message is clear. Over the last few years PKI has been charged with the increasingly impossible task of absorbing a fragmented range of devices with a common set of encryption protocols. Rather than settling for patchwork variations of PKI and commissioning improper deployments across the IoT, we need to rethink how we implement security across a range of devices.
  • 7. 6150821_oml_pki_v1p | Public | © Omlis Limited 2015 1. https://www.venafi.com/assets/pdf/wp/ Ponemon_2015_Cost_of_Failed_Trust_ Report.pdf 2. http://blog.chromium.org/2014/09/gradually- sunsetting-sha-1.html 3. https://www.thales-esecurity.com/company/ press/news/2015/april/2015-global- encryption-and-key-management-trends- study-release 4. http://blog.ioactive.com/2014/01/personal- banking-apps-leak-info-through.html 5. https://www.venafi.com/assets/pdf/wp/ Ponemon_2015_Cost_of_Failed_Trust_ Report.pdf References Contributors The following individuals contributed to this report: Stéphane Roule Senior Technical Manager Nirmal Misra Senior Technical Manager Paul Holland Analyst Jack Stuart Assistant Analyst
  • 8. Omlis Third Floor Tyne House Newcastle upon Tyne United Kingdom NE1 3JD +44 (0) 845 838 1308 info@omlis.com www.omlis.com © Omlis Limited 2015