In this day and age, there is an exponential growth of computing devices in the modern digital world. Therefore, it is crucial that sensitive data remains secure and impenetrable by unauthorized users. Two types of encryptions exist; symmetric and asymmetric encryptions. While symmetric encryption uses a shared key pair, asymmetric encryption, also known as asymmetric cryptography, uses two keys, a public, and a private (secret) key, to encrypt and decrypt data to protect against unauthorized access. Thus, public-key encryption is asymmetric encryption, which uses digital certificates. On the other hand, encryption keys are generated by the Certificate Authority (CA) using a cryptographic algorithm based on a one-way function (Ambili & Narasimhan, 2021).
What is a Public Key Infrastructure (PKI)?
Public Key Infrastructure (PKI) is a framework that supports and manages strong authentication, electronic signatures, and data encryption to protect server-client communications using digital certificates (Sawant, 2018). PKI governs the issuance of digital certificates meant to confirm the identity of people, devices, and applications that own a private and public key pair by assigning identities to keys for proper verification, thereby resolving the issue of man-in-the-middle attacks. Rivest-Shamir-Adleman (RSA) algorithm is the cryptography used for public-key encryption. It provides the benefits of confidentiality, authenticity, and non-repudiation as it uses digital certificates to encrypt and decrypt sensitive information (Lozupone, 2018). As a result, public-key encryption is slow and puts significant strain on computing resources, thereby significantly affecting the performance of applications and network services.
What are the Components of a Public Key Infrastructure (PKI)?
There are three main components to Public Key Infrastructure (PKI);
- Digital Certificates,
- Certificate Authority (CA), and
- Registration Authority (RA)(Lozupone, 2018).
What is a Digital Certificate?
PKI is able to function because of digital certificates. A digital certificate is a type of electronic identification for websites and organizations, much like a driver’s license is for individuals. PKI enables safe connections between computers by allowing them to verify each other’s identities with digital certificates. PKI manages encryption keys to provide confidentiality, authenticity, and non-repudiation using digital certificates called X.509 (Durgawad et al., 2017). An X.509 certificate is an electronic tamper-proof certificate issued by a trusted third party with an expiry date. It contains information to prove the authenticity of a person, application, or entity and can be verified and authenticated by a Certificate Authority (CA). Digital certificates can also be traced back to the issuer.
What is a Certificate Authority (CA)?
The certificate authority (CA) is a component of the PKI ecosystem. The Certificate Authority (CA) is responsible for issuing and managing digital certificates using various policies, practices, and procedures to vet individuals and entities that request digital certificates. The CA prevents falsified entities from acquiring digital certificates. They are also responsible for managing the life cycle of a digital certificate from issuance, provisioning, discovery, inventory, monitoring, security, renewal, and revocation of digital certificates (Durgawad et al., 2017).
Registration Authority (RA)?
The last component of the PKI is the registration authority (RA). The RA is an organization authorized by the certificate authority (CA) to provide digital certificate requests to entities on a case-by-case basis. However, all the digital certificates managed by the certificate authority and the registration authority are stored in an encrypted certificate database.
Ambili, T., & Narasimhan, V. L. (2021). Symmetric and Asymmetric Encryption Algorithm Modeling on CPU Execution Time as Employed Over a Mobile Environment. International Journal of Natural Computing Research (IJNCR), 10(2), 21-41. https://doi.org/10.4018/IJNCR.2021040102
Durgawad, B. V., Mohammed Aijaz, A., Lakshmi, D. R., & Sayed Abdul, S. (2017). Mutual Authentication and Session Key Establishment for Secure Communication using Generalized Digital Certificate. International Journal of Computer Network and Information Security, 10(8), 23. https://doi.org/http://dx.doi.org/10.5815/ijcnis.2017.08.04
Lozupone, V. (2018). Analyze encryption and public key infrastructure (PKI). International Journal of Information Management, 38(1), 42-44. https://www.sciencedirect.com/science/article/abs/pii/S0268401217303195
Sawant, A. (2018). Public Key Infrastructure (PKI) Market 2018 Size, Share, Components, Industry Architecture, Development Status, Sales Revenue and Comprehensive Research Study Till 2023. M2 Presswire.