Running Head: Public Key Directories and Certificates

1

Public Key Directories and Certificates LaRon Walker Master of Information Technology and Internet Security May, 2010

2

ABSTRACT Due to the amount of information being transmitted over the Internet, having secure and reliable means of sending and receiving messages is essential. Message encryption has become more and more of a concern for consumers and corporations alike. Implementing encryption can be approached in a number of ways, each possessing their own benefits and drawbacks. Public key distribution is one way to approach this need. Public key distribution plays a vital role when developing a public key infrastructure (PKI). . Using public key directories and public key certificates are two methods to distribute encryption keys securely amongst message senders and recipients. Both of these techniques encompass their individual strengths and weaknesses however are the more commonly key distribution techniques used in today¶s digital world.

3

Public Key Directories and Certificates LaRon Walker Master of Information Technology and Internet Security May, 2010 To help ensure messages securely reach their destinations you must consider implementing a message encryption strategy. A public key infrastructure (PKI) can help accomplish this task. A PKI is a system for securing transactions over insecure networks (such as the Internet) that entails the use of unique identifying keys for authentication (Keston, 2009). Along with this system, you must also consider how these keys will be distributed to its participants. There are many different techniques that can be used to distribute public keys. A few of these methods include, but are not limited to public key directories, public key authorities, and public-key certificates. Each of these methods can be applied to a PKI, however to be effective, the distribution of encryption keys must be controlled and monitored. The more commonly used methods to distribute public encryption keys are by way of public key directories and public-key certificates. When using public key directories to distribute encryption keys, a publicly available key directory distributes keys dynamically to its users, which is controlled and maintained by a trusted authority (Stallings, 2011). Distributing these encryption keys dynamically makes them more difficult for outsiders to guess as well as keep them changing in the event a public key is compromised. There are four specific criteria that must be met for a public key directory to exist. These components are as follows:

4

1. The directory authority must maintain a directory with the name and public key of its participants 2. The participants must register a public key with the authority in person or other securely authentication channels 3. A participant may change or replace a public key at any time 4. Participants must also have the ability to access the directory electronically, and secure authenticated communication between the authority and participants is required (Stallings, 2011). Although using the public key directory strategy may seem secure, using public key certificates can add more control and security over the distribution of public keys. Public key certificates consist of a combination of public keys distributed by a public key infrastructure, and a digital signature from a third party certificate authority (CA). Using this method, a participant securely submits a public key to the CA, and a digital signature is attached to every message containing that public key, creating the certificate (Tidd and Heesacker, 2008). The user publishes the certificate, allowing other users needing the public keys to obtain this information via the certificate. The certificate can be used to transmit key information to message recipients from the CA or directly between the message sender and its recipient. Also, when using public key certificates, the CA is responsible for facilitating the distribution of public keys to message recipients, verifying the private key owner¶s identity, and revoking the private key¶s credentials if the key¶s security has been compromised in any way (Tidd and Heesacker, 2008). This technique allows for fast resolution in the event a private key is compromised helping to insure message and sender integrity.

5

References Keston, G. (2009). Public Key Standards. Faulkner Information Services. Retrieved May 16, 2010 from Faulkner Information Services database. R. Tidd, R., & Heesacker, G. (2008). Digital Signatures and Certificates. CPA Journal, 78(5), 60. Retrieved May 16, 2010 from MasterFILE Premier database. Stallings, W. (2011). Cryptography and Network Security Principles and Practice (5th ed.). Upper Saddle River, NY: Prentice Hall.

Master your semester with Scribd & The New York Times

Special offer for students: Only $4.99/month.

Master your semester with Scribd & The New York Times

Cancel anytime.