Public key infrastructure: a micro and macro analysis

https://doi.org/10.1016/S0920-5489(03)00043-6Get rights and content

Abstract

The Internet has increasingly been used for communication between people. Most users have no problem relaying messages, which do not contain confidential information, over a network. Yet, for it to be accepted as a medium of conducting monetary transactions there will need to be a higher degree of confidence in the technology's reliability and security. No one will agree to send his or her financial information over the Internet if there is any doubt in the security of that medium. Likewise, companies involved in E-commerce must have a means to verify the customers using the Internet to order goods and services. Public Key Infrastructure, PKI, attempts to provide the answer to the reliability question, as a method of digital security. PKI provides the ability to verify the sender and the recipient of electronic messages, protecting against E-commerce fraud, corporate espionage, and the theft of intellectual property.

Introduction

As technology increasingly plays a key role in how people communicate and do business, the authentication and the verification of that information becomes an important issue to consider. The Internet is used to store, inform, communicate, and transact data on an everyday basis. The security of that data is essential to most companies and individuals. Corporate espionage, E-commerce fraud, and the theft of intellectual property have given rise to digital security. PKI is seen as the answer to electronic security, ensuring the authenticity of the communicators' identities, and protecting the privacy of the information. Many predict that the growth of public key cryptography will allow E-commerce to flourish providing the necessary security blanket to waylay consumers' fears of online fraud.

The Internet population has risen from 144 million in 1998 to 327 million in 2000. Still, this figure is predicted to jump to 1 billion users by the year 2005 [22]. Additionally, online retail sales were nearly $3 billion in 2000, and expected to jump to over $8 billion in 2005. In order for this growth to occur, users must be totally convinced in the reliability, security, and authenticity of transacting online [23].

The following paper will examine public key infrastructure starting with an overview of PKI. The overview will define what PKI is and also discuss the components, characteristics, and functions of public key infrastructure. The paper then will examine the internal factors affecting PKI. A third section will look at the current developments of public key infrastructure; looking at its organizational, commercial, global affects, and a case study of a Public Key solution provider. The paper will then discuss the future implications of PKI, detailing the obstacles to its adoption as well as the legal implications that it offers.

Section snippets

PKI: an overview

For a means of communication to be accepted, it must offer the reliability of traditional methods, such as sending a letter or making a phone call. Likewise, in order for that new technology to be accepted as a method of conducting business transactions, it must also be as reliable as traditional means of purchasing: cash, check, or credit card. There is no question that new technology and the Internet can speed the delivery of information and online transactions. Yet, without the proper

PKI: strengths and weaknesses

PKI has proven to be very extensive in its definition and in its framework. Many of the benefits of using PKI have already been mentioned, verification of sender and recipient, securely transferring data online, providing legal basis to conduct Internet transactions, and providing authenticity to web communication. Private Key Infrastructure offers additional benefits as well. Users of PKI can expect to save time conduction online communication and transactions. They no longer have to spend

PKI: a micro-analysis

In order to understand Public Key Infrastructure, it is important to look at the internal factors that come into play. These factors include the hardware and software, the system needed to properly implement a digital security system, the involved parties to PKI adoption, and related technologies.

PKI: a macro-analysis

Also important in understanding a Public Key Infrastructure is looking at the external factors that have been affected by the system and which have also played a role in the system's adoption. The macro-analysis will conclude with a case study of VeriSign, a leader in PKI. While the security system is certainly not in a mature stage, some industries seem to have a greater curiosity than others do at this present time.

PKI: a case study

VeriSign is a leader in digital IDs, offering various PKI solutions and acting as a Certificate Authority as well. The company looks to be the hub in a company's PKI integration, providing digital certificates to employees and trading partners, while maintaining a secure environment for the company.

VeriSign offers an outsourced solution for companies looking to implement a Public Key Infrastructure. The company maintains the responsibility of issuing digital certificates while the client

PKI: future implications

Many see PKI as providing consumers with the necessary confidence in conducting business transactions over the Internet. As public key systems are increasingly adopted and used, E-commerce is believed to grow. Yet, there are still many questions regarding Public Key Infrastructure and not everybody is so excited in regards to its possibilities.

Conclusions

At present, there is a need for a digital security system such as PKI. As more data is being stored and communicated electronically, it has become essential to protect that data. The greatest impact can be seen in E-commerce. For online transactions to grow in adoption, companies and consumers must be comfortable with the technology and at the same time have confidence that the transaction information is secure. While it is easy to see the growing comfort that the global population has with the

References (23)

  • Anonymous

    1 in 3 Internet Users Banks Online

  • Anonymous, Digital Signature Guidelines, American Bar Association, Section of Science and Technology, Information...
  • Anonymous

    Electronic signatures

  • P. Alterman

    The U.S. federal PKI and the federal bridge certification authority

  • M. Benantar

    The internet public key infrastructure

    IBM Systems Journal

    (2001)
  • Birch, D., E-commerce: Sign on the Dot: from today, digital signatures in the EC are as legally valid as handwritten...
  • B. Bobbitt

    PKI policy pitfalls

  • K.P. Bosworth et al.

    Public key infrastructures—the next generation

    BTexact Technology

    (2001 (July))
  • L. Cohen

    Click on the dotted line: E-signatures come of age and make the future of E-commerce a little brighter

    New Jersey Law Journal

    (2001 (August 20))
  • P. Dowd et al.

    Network security: it's time to take it seriously

    Computer

    (1998 (September))
  • D. Fisher

    Standards slow embedded PKI growth

    eWeek

    (2001 (July 23))
  • Cited by (7)

    • Increment of insecure RSA private exponent bound through perfect square RSA diophantine parameters cryptanalysis

      2022, Computer Standards and Interfaces
      Citation Excerpt :

      To date, the Internet population has risen from 144 million in 1998 to approximately 4.66 billion as of January 2021. Thus, the execution of information transfer over multiple channels in our daily life has demanded an efficient exchange of secure information [2]. This prime need for information security has led to the emergence of a variety of cryptographic algorithms to implement security in different dimensions and for various purposes [3].

    • An all-in-one mobile drm system design

      2010, International Journal of Innovative Computing, Information and Control
    • The benefits of PKI application and competitive advantage

      2008, WSEAS Transactions on Communications
    • Secure internet access to gateway using secure socket layer

      2006, IEEE Transactions on Instrumentation and Measurement
    • Managing information systems security and privacy

      2006, Managing Information Systems Security and Privacy
    View all citing articles on Scopus
    1

    Tel.: +1-513-529-4826; fax: +1-513-529-9689.

    2

    Tel.: +886-5-272-1500; fax: +886-5-272-1501.

    View full text