Public Key Infrastructure (PKI)
(OBJ 1.4)
PKI Components
- An entire system involving hardware, software, policies, procedures, and people
- Based on asymmetric encryption
- Facilitates secure data transfer, authentication, and encrypted communications
- Used in HTTPS connections on websites
- PKI is pivotal in ensuring secure communication and data exchange on the Internet
Establishing a Secure Connection
-
User connects to a website via HTTPS
-
Web browser contacts a trusted third party called the certificate authority and ask them for a copy of the web server's public key
-
Web browser will generate a random shared secret key for symmetric encryption
-
The shared secret is securely transmitted using public key encryption known as asymmetrical encryption.
-
The web server decrypts the shared secret with its private key
-
Both parties use the shared secret for symmetric encryption (e.g., AES) to create a SSL-TLS secure tunnel to communicate safely and securely through that tunnel to make sure nobody can see the data you are entering in.
-
Provides confidentiality because only we have access to this shared tunnel because we both have that shared secret key
- Only my web server know how it is and what to do when you sent that code over
-
It lets your web browser know this is a trusted communication
- Adds that little pad lock in your browser.
/CAP/Security+/Visual%20Aids/Pasted%20image%2020250702205549.png)
Security Benefits
- Confidentiality
- Data is encrypted using a shared secret
- Authentication
- The web server's identity is verified using its private key
- Visual indicators like a padlock show secure communication
Public Key Infrastructure vs. Public Key Cryptography
- Public Key Infrastructure (PKI)
- Encompasses the entire system for managing key pairs, policies, and trust
- Involves generating, validating, and managing public and private key pairs that are used in the encryption and decryption process
- Ensures the security and trustworthiness of keys
- Public Key Cryptography
- Refers to the encryption and decryption process using public and private keys
- Only a part of the overall PKI architecture
Certificate Authority
- Issues digital certificates and keeps the level of trust between all of the certificate authorities around the world
Key Escrow
- Storage of cryptographic keys in a secure, third-party location (escrow)
- Enables key retrieval in cases of key loss or for legal investigations
- Relevance in PKI
- In PKI, key escrow ensures that encrypted data is not permanently inaccessible
- Useful when individuals or organizations lose access to their encryption keys
- Relevant in legal investigations
- Security Concerns
- Malicious access to escrowed keys could lead to data decryption
- Requires stringent security measures and access controls