2. Topics Covered
Introduction
What is PKI
Why PKI is so important in Digital age
The Role of Digital Certificates in PKI
Role of Certification Authority in PKI
X.509
Duties of PKI
Common challenges that PKI solves
Conclusion
3. Introduction
Both symmetric and asymmetric encryption have one major challenge: How do you know
that the public key you received actually belongs to the person you think it does?
Even with asymmetric encryption, the risk of the “man in the middle” exists. For example,
what if someone intercepted Bob’s public key, made his own private key, and then
generated a new public key for Alice? In this case, Alice would encrypt messages for Bob,
the man in the middle could decrypt them, change them and then re-encrypt them and
neither Alice nor Bob would be any wiser.
PKI resolves this challenge by issuing and governing digital certificates that confirm the
identity of people, devices or applications that own private keys and the corresponding
public keys. In short, PKI assigns identities to keys so that recipients can accurately verify
the owners. This verification gives users confidence that if they send an encrypted
message to that person (or device), the intended recipient is the one who will actually read
it and not anyone else who may be sitting as a “man in the middle.”
4. Let’s understand what is PKI
Today, organizations rely on PKI to manage security
through encryption. Specifically, the most common form
of encryption used today involves a public key, which
anyone can use to encrypt a message, and a private key
(also known as a secret key), which only one person
should be able to use to decrypt those messages. These
keys can be used by people, devices, and applications.
PKI security first emerged in the 1990s to help govern
encryption keys through the issuance and management
of digital certificates. These PKI certificates verify the
owner of a private key and the authenticity of that
relationship going forward to help maintain security.
Public Key Infrastructure is a model for creating, distributing and revoking certificates
based on X.509(PKIX)
5. Public Key Infrastructure
Public key management requires :
Keeping the private key secret: Only the owner of a
private key is authorized to use a private key. It should
thus remain out of reach of any other person.
Assuring the public key: Public keys are in the open
domain and can be publicly accessed. When this extent
of public accessibility, it becomes hard to know if a key is
correct and what it will be used for. The purpose of a
public key must be explicitly defined.
PKI or public key infrastructure aims at achieving the
assurance of public key.
6. Why is PKI so Important in
Today’s Digital Age?
PKI is a cornerstone of modern digital security, providing a
framework for encrypting data, verifying identities, and
ensuring the integrity of communications. Through
cryptographic techniques, PKI enables secure transactions,
protects sensitive information, and facilitates
authentication in various online interactions. It supports
essential security protocols like SSL/TLS for web encryption
and S/MIME for email security, while also enabling digital
signatures for non-repudiation. PKI's hierarchical trust
model, upheld by trusted certificate authorities, establishes
the foundation for secure communication channels. In
summary, PKI plays a crucial role in fostering trust and
security in today's interconnected digital landscape.
7. Public Key Infrastructure
Public key infrastructure affirms the usage of a public key. PKI
identifies a public key along with its purpose. It usually
consists of the following components:
A digital certificate also called a public key certificate
Private Key tokens
Registration authority
Certification authority
CMS or Certification management system
8. PKI governs encryption keys by issuing and managing digital
certificates. Digital certificates are also called X.509
certificates and PKI certificates.
However, you refer to them, a digital certificate has these
qualities:
Is an electronic equivalent of a driver’s license or
passport
Contains information about an individual or entity
Is issued from a trusted third party
Contains information that can prove its authenticity
Can be traced back to the issuer
Has an expiration date
Is presented to someone (or something) for validation
The Role of Digital Certificates in PKI
9. Role of Certification Authority in PKI
Certification Authority(CA): CA binds a public key to an
entity and issues a certificate.
The CA has well known public key itself that cannot be
forged.
CA checks the persons identification(using persons ID
along with other proof).
It asks for person’s public key and writes it on the
certificate.
To prevent the certificate itself from being forged, the CA
signs the certificate with its private key.
Now person can share the signed certificate. Anyone who
wants Bob’s public key access the signed certificate and
uses the center’s public key to extract receiver’s public key
10. X.509
PKI is based on X.509, So Lets understand what is X.509
X.509 is a digital certificate that is built on top of a widely trusted standard known as
ITU or International Telecommunication Union X.509 standard, in which the format of
PKI certificates is defined.
Although CA has solved the problem of public-key fraud, but it also created one
problem that each certificate may have a different format.
One certificate may have the public key in one format and another in a different
format.
To remove this issue, the ITU has designed X.509.
X.509 is a way to describe the certificate in a structured way.
11. Duties of PKI
Certificates issuing, renewal, and
revocation
Key’s storage and update
Providing services to other
protocols
Providing access control
12. Common Challenges that PKI Solves?
One of the most explosive uses for PKI that is just now
taking off centers around authenticating and securing a wide
variety of IoT devices. These use cases span across
industries, as any connected device no matter how
innocuous it may seem requires security in this day and age.
For instance, The Home Depot data breach first started
because hackers were able to access the retailer’s point of
sale system by getting onto the network posing as an
unauthenticated HVAC unit.
Some of the most compelling PKI use cases today center
around the IoT. Auto manufacturers and medical device
manufacturers are two prime examples of industries
currently introducing PKI for IoT devices.
13. Conclusion
PKI helps secure our digital world by protecting
sensitive data and communications and verifying digital
identities. And as the number of connected devices and
applications explodes, this security continues to grow in
importance.
For enterprises, in particular, introducing PKI is critical —
but it’s also only the first step. Building and maintaining
a best practice PKI program that manages millions of
digital certificates isn’t easy, but that’s the challenge
facing today’s enterprises.