Samara university

COLLAGE OF ENGINEERING TECHNOLOGY

DEPARTMENTS OF COMPUTER SCIENCE

COMPUTER SECURITY GROUP ASSIGNMENT

GROUP MEMEBERS NAME

1. HAMZA ILYAS…………………….1522
2. FUKISO FULASA………….….….1441
3. ABDELA AWOL……………….…...1434
4. FOZIYA ENDRIS…………………1513
5. JEMAL RAUF……………………..1521
6. HASEN MUHUMED…….………..1581

Submitted to: Mubarek N.

Submitted date:20/09/2013
content

1. What is PKI (Public Key Infrastructure)?

2. What Are The Components Of Public Key Infrastructure?
3. The Role of Digital Certificates in PKI 
4. What Is PKI Authentication?
5. What Type of Encryption Does PKI Use?
6. How to Apply Encryption to the Different States of Data?

7. How Encryption Works?

8. What are Common Use Cases for PKI?

9. What Are Some PKI Algorithms?
10.The PKI process
11.Why is PKI so important in today’s digital age.?

1
What is PKI (Public Key Infrastructure)?
 PKI (or Public Key Infrastructure) is the framework of encryption and cybersecurity that
protects communications between the server (your website) and the client (the users). Think about
all the information, people, and services that your team communicates and works with. PKI is
essential in building a trusted and secure business environment by being able to verify and exchange
data between various servers and users. 

Through encryption and decryption, PKI is based on digital certificates that verify the identity of the
machines and/or users that ultimately proves the integrity of the transaction. As the number of
machines is increasing dramatically in today’s digital age, it’s important that our information is
trusted and protected against attacks. 

Public Key Infrastructure (PKI) is a technology for authenticating users and devices in the
digital world. The basic idea is to have one or more trusted parties digitally sign documents
certifying that a particular cryptographic key belongs to a particular user or device. The key
can then be used as an identity for the user in digital networks.

The users and devices that have keys are often just called entities. In general, anything can
be associated with a key that it can use as its identity. Besides a user or device, it could be a
program, process, manufacturer, component, or something else. The purpose of a PKI is to
securely associate a key with an entity.

The trusted party signing the document associating the key with the device is called a
certificate authority (CA). The certificate authority also has a cryptographic key that it uses
for signing these documents. These documents are called certificates. Simply Certificate is
A signed instrument that empowers the Subject. It contains at least an Issuer and
a Subject. It can contain validity conditions, authorization and delegation information

In the real world, there are many certificate authorities, and most computers and web
browsers trust a hundred or so certificate authorities by default.

2
Public key infrastructure (PKI) governs the issuance of digital certificates to protect sensitive
data, provide unique digital identities for users, devices and applications and secure end-to-end
communications.

A public key infrastructure relies on digital signature technology, which uses public key
cryptography. The basic idea is that the secret key of each entity is only known by that
entity and is used for signing. This key is called the private key.

There is another key derived from it, called the public key, which is used for verifying
signatures but cannot be used to sign. This public key is made available to anyone, and is
typically included in the certificate document.

Today, organizations rely on PKI to manage security through encryption. Specifically, the most
common form of encryption used today involves a public key, which anyone can use to encrypt
a message, and a private key (also known as a secret key), which only one person should be able
to use to decrypt those messages. These keys can be used by people, devices, and applications.

PKI security first emerged in the 1990s to help govern encryption keys through the issuance and
management of digital certificates. These PKI certificates verify the owner of a private key and
the authenticity of that relationship going forward to help maintain security. The certificates are
akin to a driver’s license or passport for the digital world.

Common examples of PKI security today are SSL certificates on websites so that site visitors
know they’re sending information to the intended recipient, digital signatures, and authentication
for Internet of Things devices.

Public-key infrastructure (PKI) is the somewhat imprecise term used to describe the
system for issuing and managing certificates. Depending on your source, a PKI may be:
• software for managing digital certificates;
• a system of hardware, software, policies and people providing security assurances;
• the technology for securing the Internet;
• a worldwide system of digital ID cards.

3
How Does Public Key Infrastructure Work?
Okay, so now that you know what PKI is and how it relates to public key cryptography, it’s time
to talk about what it does and how it does it. There are a few key things to know about how PKI
works:

1. PKI authenticates you and your server. It allows your site users’ web browsers
to authenticate your server before connecting with it (so they can verify that they’re
connecting to a legitimate server). You can also use client certificates to limit access to
authenticated users. This gives you greater control over your network and other IT systems.

2. PKI facilitates encryption and decryption. PKI enables you to use digital
certificates and public encryption key pairs to encrypt and decrypt data or the transmission
channels you use to send it using the secure SSL/TLS protocol.

3. PKI ensures the integrity of your data. PKI lets users, their browsers or their
devices know whether the data you send has been tampered with.

Of course, doing any of these things requires the use of a public encryption keys that have strong
entropy. Every key is a randomly generated string of binary numbers — a random series of 1s
and 0s — that’s used to determine how plaintext transforms into ciphertext. So, when we talk
about entropy, what we mean is that the keys are generated with enough randomness that it
would take thousands — if not millions — of years for even modern supercomputers to guess.

4
 What Are The Components Of Public Key Infrastructure?
So how does PKI authentication work?
There are three key components:
 digital certificates,
 certificate authority,
 Registration authority.

By hosting these elements on a secure framework, a Public Key Infrastructure can protect the
identities involved as well as the private information used in situations where digital security is
necessary, such as smart card logins, SSL signatures, encrypted documents, and more. These
elements are vital in securing and communicating digital information and electronic transactions. We
go over these elements in more detail below.
1. Digital Certificates
PKI functions because of digital certificates. A digital certificate is like a driver’s license—it’s a form
of electronic identification for websites and organizations. Secure connections between two
communicating machines are made available through PKI because the identities of the two parties
can be verified by way of certificates.
So how do devices get these certificates? You can create your own certificates for internal
communications. If you would like certificates for a commercial site or something of a larger scale,
you can obtain a PKI digital certificate through a trusted third party issuer, called a Certificate
Authority.
2. Certificate Authority
A Certificate Authority (CA) is used to authenticate the digital identities of the users, which can
range from individuals to computer systems to servers. Certificate Authorities prevent falsified
entities and manage the life cycle of any given number of digital certificates within the system.
Much like the state government issuing you a license, certificate authorities vet the organizations
seeking certificates and issue one based on their findings. Just as someone trusts the validity of your
license based on the authority of the government, devices trust digital certificates based on the
authority of the issuing certificate authorities. This process is similar to how code signing works to
verify programs and downloads

5
3 . Registration Authority
Registration Authority (RA), which is authorized by the Certificate Authority to provide digital
certificates to users on a case-by-case basis. All of the certificates that are requested, received, and
revoked by both the Certificate Authority and the Registration Authority are stored in an encrypted
certificate database.

Certificate history and information is also kept on what is called a certificate store, which is usually
grounded on a specific computer and acts as a storage space for all memory relevant to the certificate
history, including issued certificates and private encryption keys. Google Wallet is a great example
of this.

The Role of Digital Certificates in PKI 

PKI governs encryption keys by issuing and managing digital certificates. Digital certificates are
also called X.509 certificates and PKI certificates. However, you refer to them, a digital
certificate has these qualities: 
 Is an electronic equivalent of a driver's license or passport 
 Contains information about an individual or entity 
 Is issued from a trusted third party 
 Is tamper resistant 
 Contains information that can prove its authenticity 
 Can be traced back to the issuer 
 Has an expiration date 
 Is presented to someone (or something) for validation

What Is PKI Authentication?

PKI authentication (or public key infrastructure) is a framework for two-key asymmetric encryption
and decryption of confidential electronic data. By way of digital certificate authorization,
management, and authentication, a PKI can secure private data that is exchanged between several
parties, which can take the form of people, servers, and systems.

6
 There are two things PKI does to secure communications:

 Authentication:-This ensures that the other party is the legitimate server/individual that
you’re trying to communicate with.
 Encryption:-This makes sure that no other parties can read your communications.

What Type of Encryption Does PKI Use?

PKI merges the use of both asymmetric and symmetric encryption. Both symmetric and
asymmetric encryption have their own strengths and best use case scenarios, which is what makes
the combination of both so powerful in Public Key Infrastructure.

1 Symmetrical Encryption 
Symmetrical encryption protects the single private key that is generated upon the initial exchange
between parties—the digital handshake, if you will. This secret key must be passed from one party to
another in order for all parties involved to encrypt and decrypt the information that was exchanged.
This secret key can be in the form of a password, or it can be a series of random numbers or letters
generated by a random number generator (RNG). 
If any one’s key is compromised, all keys need to be replaced

Not practical or cost effective for Internet environments

7
 2. Asymmetric Encryption 
Asymmetric encryption is fairly new to the game and you may know it better as “public key
cryptography.” Asymmetric encryption uses two keys, one public and one private. The public key
encrypts and the private key decrypts. 
It allows you to create a public key for the party who is reporting to you, so that they may encrypt
their incoming information, after which you will be able to decrypt the information with a private
key. 
 Public-Key Cryptography is an encryption scheme that uses mathematically related, but not
identical keys.

 Each user has a key pair (public key/private key)

Information encrypted with the public key can only be decrypted using the private key.

How to Apply Encryption to the Different States of Data?

When we talk about data states, we aren’t talking about locations. There are three main states of data —
data in transit, data at rest, and data in use. For the purpose of this article, however, we’re just going to
talk about two of those data states here. Why? Because even though it’s possible to run computations on
encrypted data in use through something called homomorphic encryption (more specifically fully
homomorphic encryption), it’s a slow process that doesn’t scale well using current technologies. So,
we’re going to put a pin in that one for now and focus on the other two data states. Regardless of whether
or not you know it, encryption is in use all around you to secure data in transit and data at rest:

 Data in transit (aka data in motion) — Data in transit encryption creates a secure

channel through which information can transmit from one party to another. An example of

8
 encrypting data in transit is when you use an SSL/TLS certificate to encrypt the communication
channel between a customer’s browser and your website’s server. This process ensures that users
connect to your site using a secure HTTPS connection instead of the insecure HTTP protocol.
 Data at rest — Protecting data at rest encryption involves the use of file or device
encryption. A great example of encrypting data at rest is when you use an email signing
certificate to encrypt an email before hitting “send.”
 This encrypts the data of the message itself (and any attachments) so that it even if
someone hacks your mail server, they can’t read the message if they don’t also have the
corresponding private key.  

An illustration of the secure, encrypted communication channel offered by HTTPS.

Here’s an illustration of how installing an SSL/TLS certificate on a server facilitates a secure,

encrypted connection between a website visitor’s client and the web server it connects to.

How Encryption Works?

An easy-to-understand encryption is an old-fashioned shift cipher (substitution cipher), or what’s
more commonly known as the Caesar cipher.

In this type of encryption, plaintext letters “shift” a set number of spaces depending on the secret
key. For example, the word “CERTIFICATE” becomes the ciphertext “IKXZOLOIGZK” if your
key is “6” because you’ve shifted each letter six spaces.

9
 A basic
example of how a shift cipher (Caesar cipher) works.

Of course, this is encryption in one of its most basic forms. Modern cryptographic techniques
have come a long way from the days of ancient Rome where notes were delivered by horse or
boat. After all, we now have supercomputers and technology on our side to help us encrypt (and
decrypt) data, messages, and other sensitive information.

PKI Works by Ensuring Data Integrity

One of the most critical aspects of how public key infrastructure works is that it helps to ensure that data
comes from a legitimate source and hasn’t been altered in any way. One of the ways it does this is by
giving you the ability to apply a digital signature to your email, software, or files. Furthermore, every
digital certificate itself is signed using the CA’s private key. Basically, what a digital signature does is
inform the user or their client about whether a file, email, or document:

 Has been signed by the true, authenticated individual or business, and that it

 Hasn’t been modified since it was initially signed.

 Don’t worry, we aren’t going to get into all of the specifics of hashing and checksums here.
Frankly, it’s too involved and we still have other things to talk about relating to how PKI works.

What are Common Use Cases for PKI?

A wide variety of use cases exist for PKI. Some of the most common PKI use cases include: 

10
  SSL/TLS certificates to secure web browsing experiences and communications 
 Digital signatures on software 
 Restricted access to enterprise intranets and VPNs 
 Password-free Wi fi access based on device ownership 
 Email and data encryption

One of the most explosive uses for PKI that is just now taking off centers around
authenticating and securing a wide variety of IoT devices.

Security Limitations Of PKI

With all of the strengths of a Public Key Infrastructure, there is room for improvement. As it
currently stands, PKIs rely heavily on the integrity of the associated Certificate Authority and
Registration Authority, which aren’t always functioning at the ideal level of diligence and scrutiny.
PKI management mistakes are another weak link that needs to be addressed.
Another current security limitation of Public Key Infrastructures today (or rather, a security risk) is
the obvious lack of multi-factor authentication on many of the top frameworks. Regardless of the
world’s increasing ability to blow through passwords, PKIs have been slow to combat this threat
with various levels of authorization before entry.
Furthermore, the overall usability of Public Key Infrastructure has never been ideal. More often than
not, PKIs are so remarkably complicated that users would rather forgo the addition PKI authorization
in exchange for a more convenient and realistic security process.

What Are Some PKI Algorithms?

AES 256 CERTIFICATE:

The AES 256 certificate is an algorithm and the current encryption standard. The previous
standard was AES 128. AES 256 keeps track of vulnerabilities and when the encryption has been
breached, a higher standard of encryption will be implemented.

11
The higher the standard encryption, the better cryptic the public/private key pair is. An AES 256
certificate is a long length key that causes brute force attacks by would-be credential thieves
virtually impossible.

DIFFIE HELLMAN:
Diffie Hellman, also known as exponential key exchange, is a method of encryption that uses
numbers raised to specific powers that produce decryption keys on the basis of components that
are never directly shared, making it overwhelming for potential threats to penetrate.

The algorithm creates a mathematically complex encryption that is shared between two parties
over a secret communication over a public network so that they can allow an exchange of a
private encryption key.

RSA KEY EXCHANGE

RSA, named after its inventors Ron Rivest, Adi Shamir, and Leonard Aldeman, is much like the
Diffie Hellman algorithm and factors large integers that are the product of two large prime
numbers. RSA key exchange uses public and private keys, while the public key can be shared
with everyone, the private key must be kept secret. However, in RSA cryptography either of the
public or private key can be used to encrypt a message while the other is used to decrypt.

DSA:
The DSA, or digital signature algorithm, is used to create digital signatures. DSA was created in
1991 by the National Institute of Standards and Technology and is the standard for government
agencies.

The pitfall of the DSA algorithm is that it can only do digital signatures and not public key
encryption. However, the advantage lies within the algorithms speed of producing a digital
signature.

12
The PKI Process

Now that we have a basic understanding of the elements of a PKI, we can see how exactly the
pieces fit together to provide a secure exchange of data.

In this example, Patrick is attempting to send a secure message to Micah.

First, Patrick sends his message using a hashing algorithm to create a fixed size hash of the
message. Once the hash has been created, Patrick can use his private key to sign the message,
creating a unique signature for the message being sent.

Patrick will encrypt the message with a one-time use symmetric key to overcome the problem of
key distribution. The symmetric session key is encrypted with Micah’s public key, ensuring that
Micah is the only person who can decrypt and use the symmetric session key.

Micah then decrypts the symmetric session key by using his private decryption key.  He uses this
to decrypt the message and performs a new hash on the message to obtain a message digest.

Lastly, Patrick’s signed document is verified by using the original hash compared to the fresh
hash created by Micah. If the two match, the message is valid and is successfully sent.

13
Why is PKI so Important in Today’s Digital Age?

PKI is so important in today’s digital age because there are now millions of applications and
connected devices that require certification. Properly authenticating and maintaining certificates
for these technologies is essential to keeping our highly connected world secure. To fully
illustrate the importance of PKI in today’s digital age, let’s track its evolution since it first came
about in the mid-1990s. 

reference
1.  http://news.netcraft.com/archives/2015/05/13/counting-ssl-
2.certificates.htmlhttps://www.pentasecurity.com/blog/how-pki
3. work/https://www.thesslstore.com/blog/how-pki-
works/
 4. Sullivan, Nick (10 July 2^014). "Introducing CFSSL - Cloudflare's PKI
toolkit". CloudFlare's Blog. CloudFlare. Retrieved 18 April 2018.

14
5. "Should We Abandon Digital Certificates, Or Learn to Use Them
Effectively?". Forbes.

15