Public Key Infrastructure, Research Paper Example

Public Key Infrastructure is a framework that is used to create a secure method for exchanging of information via a public network based on public key cryptography. It is primarily founded on the certification authority. A certification authority issues a digital certificate to organizations and individuals, which is used to authenticate their identity over public networks such as the internet. This certificate is also used to sign messages, which ensures that they have not been tampered with. The framework also makes use of directory services meant to store or revoke digital certificates (Rouse, 2006).

A Public Key Infrastructure works by use of public key cryptography, a method commonly used on the internet for message encryption and authentication. Cryptography traditionally entails the creation and sharing of a secret key, used when sending, and encrypting of messages as well as receiving and decryption of the same message. It, however, runs the risk of someone else being able to decrypt the message if they intercept the key. Public Key Infrastructure consists of a Certificate Authority (CA), which assigns and validates digital certificates, a Registration Authority (RA), which validates the certificate authority before issuing of an electronic license to a requester, a directory that holds the certificates, and a system that manages certificates. A digital certificate includes information about the public key or the public key itself (Rouse, 2006).

Rouse (2006), explains that the framework works through generation of a public and private key using the same algorithm by a certificate authority. The public key is made available to the public through a directory that can be publicly accessed. This forms part of the digital signature. The private key is only given to the requesting party and is not made public, shared with another party or sent via the internet. Anyone who can find the public key from the public directory can send an encrypted message. The private key is then used to decrypt the sent message. In addition to encrypting of the message on transit, the sender can authenticate himself or herself using their private key to encrypt the digital certificate.

Certificate Authorities can be either in-house or public. Public Certificate Authorities are third-party companies that can issue and revoke compromised digital certificates to requesting organizations. In-house certificate authorities are an implementation of an organization used, by the organization, to authenticate employees accessing the organization’s network infrastructure. An in-house certification authority is advantageous in that it is simple and easy to manage. Since there are no third party bodies to depend on for certification, it eliminates the cost per certificate expense when issuing certificates, and is cheaper to configure and expand the public key infrastructure. Most importantly, an internal certificate authority can be integrated in Active Directory with a Microsoft Windows environment. In addition, the auto-enrollment feature, in Windows Server 2003 and above, can be used to simplify issuing of certificates further. The only drawbacks for an internal CA are that implementation of the internal CA is more complicated than with an external one, the organization shoulders all accountability and security issues of their network, certificate management overhead is meant by the company, and other organizations may find it hard to trust certificates from internal CAs. The benefits of an external CA are that the external party handles accountability and network security, organizations find it easier to trust certificates signed by trusted external CAs, and the overhead of certificate management is cheaper on the organization. However, its disadvantages are limited integration of an external CA’s infrastructure with the organization’s infrastructure, the cost per certificate incurred when issuing digital certificates and the reduced flexibility experienced configuring, expanding and managing the certificates (Comparison between Internal and External Certificate Authorities, 2010).

Given the specific organization and its infrastructure, it stands to reap more benefits with an in-house certificate authority for their public key infrastructure framework. The main reason is that, the organization is already using a Microsoft Server 2008 Active Directory. With this, the integration of an in-house certificate authority becomes much easier for them and in addition, issuing of certificates will be simplified further by the use of the auto-enrollment feature in Windows Server already embedded in their infrastructure. This will significantly reduce the cost of implementation and management given their lean stuffing on network administrators. The cost of starting the public key infrastructure is greatly reduced by the already existing hardware and software components within the company and thus the best option is to establish an in-house certificate authority (Posey, 2006).

References

(2010). Comparison between Internal and External Certificate Authorities. mniSecu.com.

http://www.omnisecu.com/security/public-key-infrastructure/comparison-between-internal-and-external-certificate-authority-ca.htm

Posey, B. (2006). Determining Whether an In-house or an External Certificate Authority is

More Appropriate for your Company. Window Security.com. Retrieved from http://www.windowsecurity.com/articles-tutorials/authentication_and_encryption/InHouse-External-Certificate-Authority-More-Appropriate.html

Rouse, M. (2006). PKI (Public Key Infrastructure). Retrieved from

http://searchsecurity.techtarget.com/definition/PKI