Skip to main content Accessibility help

We use cookies to distinguish you from other users and to provide you with a better experience on our websites. Close this message to accept cookies or find out how to manage your cookie settings.

Close cookie message
×
Hostname: page-component-848d4c4894-x24gv Total loading time: 0 Render date: 2024-05-18T02:05:37.232Z Has data issue: false hasContentIssue false

4 - Public key infrastructure (PKI) systems

from II - E-system and network security tools

Published online by Cambridge University Press:  11 September 2009

Mohammad Obaidat  and
Noureddine Boudriga
Mohammad Obaidat
Affiliation:
Monmouth University, New Jersey
Noureddine Boudriga
Affiliation:
Université du 7 Novembre à Carthage, Tunis
Get access

Summary

Data that can be accessed on a network or that are transmitted on the network, from one edge node to another, must be protected from fraudulent modification and misdirection. Typically, information security systems require three main mechanisms to provide adequate levels of electronic mitigation: enablement, perimeter control, and intrusion detection and response. Enablement implies that a cohesive security plan has to be put in place with an infrastructure to support the execution of such a plan. The public key infrastructure (PKI) being discussed in this chapter falls under the first approach.

Introduction

One of the most decisive problems in business transaction is the identification of the principal (individual, software entity, or network entity) with which the transaction is being performed. As the traditional paperwork in business is moving to electronic transactions and digital documents, so must the reliance on traditional trust objects be converted to electronic trust, where security measures to authenticate electronic business actors, partners, and end-users before their involvement in the exchange of information, goods, and services are provided. Moreover, the obligation to provide confidentiality and confidence in the privacy of exchanged information is essential. Extending this list of security services should include the necessity to establish the non-repudiation of transactions, digitally attest the validity of transactions by trusted third parties, or securely time-stamping transactions.

Type
Chapter
Information
Security of e-Systems and Computer Networks , pp. 75 - 98
Publisher: Cambridge University Press
Print publication year: 2007

Access options

Get access to the full version of this content by using one of the access options below. (Log in options will check for institutional or personal access. Content may require purchase if you do not have access.)

References

Adams, C., S. Farrell, T. Kause, and T. Mononen (2004). Internet X.509 Public Key Infrastructure – Certificate Management Protocol (CMP). IETF, draft-ietf-pkix-rfc2510bis-09.txt.
Cooper, M., Y. Dzambasow, P. Hesse, S. Joseph, and R. Nicholas (2004). Internet X.509 Public Key Infrastructure: Certification Path Building. IETF, draft-ietf-pkix-certpathbuild-04.txt.
Housley, R., W. Polk, and W. Ford (2002). Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. IETF, RFC 3280 (available at http://www.faqs.org/rfcs/rfc3280.html).
Information Security Committee (2001). PKI Assessment Guidelines, PAG v0.30, public draft for comment. American Bar Association.
Lloyd, S. (2002). Understanding Certification Path Construction, PKI Forum (available at www.pkiforum.org/pdfs/Understanding_Path_construction-DS2.pdf).
Polk, W. T. and N. E. Hastings (2000). Bridge Certification Authorities: Connecting B2B Public Key Infrastructures. National Institute of Standards and Technology (available at cscr/nist.gov.pki/document/B2B-article.pdf).
J. Schaad (2004). Internet X.509 Public Key Infrastructure Certificate Request Message Format (CRMF). IETF, draft-ietf-pkix-rfc2511bis-07.txt.

Save book to Kindle

To save this book to your Kindle, first ensure coreplatform@cambridge.org is added to your Approved Personal Document E-mail List under your Personal Document Settings on the Manage Your Content and Devices page of your Amazon account. Then enter the ‘name’ part of your Kindle email address below. Find out more about saving to your Kindle.

Note you can select to save to either the @free.kindle.com or @kindle.com variations. ‘@free.kindle.com’ emails are free but can only be saved to your device when it is connected to wi-fi. ‘@kindle.com’ emails can be delivered even when you are not connected to wi-fi, but note that service fees apply.

Find out more about the Kindle Personal Document Service.

Available formats
×

Save book to Dropbox

To save content items to your account, please confirm that you agree to abide by our usage policies. If this is the first time you use this feature, you will be asked to authorise Cambridge Core to connect with your account. Find out more about saving content to Dropbox.

Available formats
×

Save book to Google Drive

To save content items to your account, please confirm that you agree to abide by our usage policies. If this is the first time you use this feature, you will be asked to authorise Cambridge Core to connect with your account. Find out more about saving content to Google Drive.

Available formats
×