PKI Infrastructure
Introduction-
Public Key Infrastructure (PKI) is a system of processes, technologies, and policies that allows you to encrypt and sign data. You can issue digital certificates that authenticate the identity of users, devices, or services. These certificates create a secure connection for both public web pages and private systems—such as your virtual private network (VPN), internal Wi-Fi, wiki pages, and other services that support MFA (Multi-factor Authentication )
Common use cases for PKI include, but are not limited to-
- Securing web pages
- Encrypting files
- Authenticating and encrypting email messages using S/MIME
- Authenticating nodes connecting to a wireless network
- Authenticating connections to your VPN
- Authenticating connections to sites and services containing corporate data using TLS mutual authentication.
key benefits-
- Authentication: Validate identities to ensure only authorized users and devices have access to a server.
- Encryption: Use a certificate to create an encrypted session, so information can be transmitted privately.
- Data Integrity: Ensure any messages or data transferred to and from devices and servers are not altered.
Type of Encryption PKI use
PKI merges the use of both asymmetric and symmetric Both symmetric and asymmetric encryption have their own strengths and best use case scenarios, which is what makes the combination of both so powerful in Public Key Infrastructure.
1. symmetric encryption
Symmetrical encryption protects the single private key that is generated upon the initial exchange between parties—the digital handshake, if you will. This secret key must be passed from one party to another in order for all parties involved to encrypt and decrypt the information that was exchanged. This secret key can be in the form of a password, or it can be a series of random numbers or letters generated by a random number generator (RNG).
2. Asymmetric encryption
Asymmetric encryption is fairly new to the game and you may know it better as “public key cryptography.” Asymmetric encryption uses two keys, one public and one private. The public key encrypts and the private key decrypts.
Steps to Implementing Your PKI-
1. Certificate Authority (CA):
This serves as the ‘root of trust’ and helps authenticate the identity of an individual, computer or entity in the network.
2. Registration Authority (RA):
This is often called a subordinate CA as well, as it is certified by a root CA to issue out certificates for uses designated and permitted by the CA.
3. Certificate Database:
This saves all certificate requests that been issued, as well as all certificates that have been revoked from the RA or CA. It serves fundamentally as a log of all security certification transactions within the system.
4. Certificate Store:
This saves all issued certificates as well as any temporary pending or rejected certificate requests from the local computer. Certificates that are not signed by an authority in the local certificate store will not be trusted by the local system.
5.Key Archival Server:
This saves encrypted private keys in a certificate database. This is used generally for disaster recovery purposes as a backup in case the original Certificate Database is lost or becomes damaged somehow.
There are four major advantages to PKI authentication:
- you are able to authenticate the source of the data. A third party is able to ensure that you are dealing with a secure, trusted party.
- You can maintain the privacy of your data. No one without the private keys will be able to unencrypt and view your data.
- Your data cannot be interfered with. A "middleman" attack cannot be launched that changes the data being sent or received.
- You can validate the source of the data. Not only is it authenticated, but you can prove you received that data from the given party.

Comments
Post a Comment