Overview of Public Key Infrastructure (PKI)

In a digital world with Cyber breach becoming a common challenge, validating and trusting an Identity becomes one of the most important aspect of Cyber Security. As such Public Key Infrastructure creates a security ecosystem by acting as the center of trust for all system by issuing Digital identities in the forms of Digital Certificates. In addition to creating digital identity, these devices also authenticate and encrypt digital communication by use of cryptographic keys in the combination of symmetric and asymmetric encryption. A public key and a private key is owned and obtained by the specific certificate or key owner. The goal of PKI is to attain trust by issuing and managing digital certificates where secure trust is created within an environment. Within this secure environment, the PKI will establish a structured system giving the ability of certain technologies.

Certificates act as a driver’s license displaying all the information needed to ensure identification of the particular user, server, or issuing authority as well as ownership of the public key as well.

 Top 3 Use Cases of PKI from our Experience:

1. Confidentiality
   • SSL/TLS encryption
   • S/MIME Email Encryption
2. Authentication
   • Web page authentication
   • Machine & User authentication
   • Two Factor Authentication
3. Data Integrity
   • Document/Code signing
   • S/MIME Email Signing

Below are the Top 3 Risks of PKI from our Experience

1. Failure to properly protect or store Encryption Keys
   • Stolen or Irrecoverable encryption keys
2. Issuing Certificates to an unintended party/multiple parties
   • Failure of trust in an incorrect certificate
   • Failure of trust in the entire PKI environment
3. Failure to Issue, Renew, or revoke certificates within the environment
   • PKI Services failure in a prompt manner