1. E-Business Scenarios
1.1. Information Access
E-Business typically
starts by getting relevant information "on time", not sitting and
waiting for somebody to send it at the right spot, but proactively going to the
"black board" that discloses relevant information, timely accurate,
which then acts as the base for business decisions.
Information access is
important for any business relationship, whether this is strictly corporate
internal, among supply chain or sales channel partners, or straight with the
consumers.
Examples for
information access are
a.
corporate-internal:
–
managers accessing
the sales tracking database for the most recent order funnel
–
managers accessing
the HR database to get the most recent personnel data
b.
among business
partners (B2B):
–
checking the
warehouse of supply chain partners to trigger stock orders
–
retrieve actual
selling conditions of competing offers for best conditions
c.
in the
business-to-consumer relationship (B2C):
–
retrieve share
prices, interest conditions or account balances on-line
–
check the
availability of tickets or goods (like cars or hotel rooms).
Although a lot of
applications used for information access got their own specific client software
residing on the client desktop, the "Internet revolution" has them
replaced or at least enhanced by a web infrastructure, using the ubiquitous IP
network and the browser at the "client interface of choice". That
browser will not only be available on ordinary, networked desktop
"Personal Computers" but on a variety of personal communicating
devices, to the convenience of the user.
From an information
security angle, information access will only unfold and expand its power if the
following can be ensured:
–
the source of
information can be uniquely identified and strongly authenticated
–
the user gets
secure access to all sources in a convenient and easy way
–
the user demanding
the information is authorized
–
the network between
user and source enables information to be kept confidential on demand
–
the source and the
network are kept available 24x365 and 3rd-party interventions are
prevented
1.2. Information Interchange
Information access
becomes "Information interchange" as soon as it is shared among
different users. Then, the web technology is not only used to download data in
a one-directional byte stream, but also to submit new or updated data records
to the same source of information.
By that, the
browser/web infrastructure, as the classic "PULL" technology, more
and more merges with the messaging infrastructure, the classic "PUSH"
technology, not only using the same user interface and the same networking
infrastructure but merging towards the same backend, too. Advanced workflow
processes, in combination with web and email, complement the "triad"
of collaboration, superseding the old ways of "file and print
sharing". Collaboration not only inside the corporation but across any
organizational, national and cultural boundaries will become the strongest
driver for e-business and e‑commerce.
Examples for
information interchange are
a.
corporate-internal:
–
sales reps sharing
new opportunities using the funnel tracking database
–
researchers working
from different locations on the same project
b.
among business
partners (B2B):
–
agreeing on stock
limits before orders are triggered
–
documenting the
selling conditions after negotiations
c.
in the
business-to-consumer relationship (B2C):
–
request customized
product or service information during pre-sale
–
request product and
service flaw fixing or enhancements
From an information
security angle, information interchange will only unfold and expand its power
if the following can be ensured:
–
all collaboration
participants (users and sources) are uniquely identified and strongly
authenticated as soon as the nature of the information requires it
–
the participants
are granted access to the shared information
–
the network between
user and source allows information to be kept confidential on demand
–
messages or other
data update records are uniquely associated with the person who sent these
–
messages or other
data update records can be prevented from undetected changed while stored or in
transit and integrity can be checked in a non-disputable manner
–
the source and the
network are kept available 24x365 and 3rd-party interventions are
prevented
Note: It has become
common understanding that electronic messages (not only crossing public lines)
or shared web pages can be "hacked" and tampered to access or change
sensitive information. But instead of having everything encrypted that is put
"on the wire", customers demand both messaging features as well as an
underlying infrastructure that allow "message confidentiality and
authenticity" on demand and protect not only at the network level.
From a business
prospective, not everyone in a corporate environment needs secure messaging. In
addition, not everyone in the corporation who is authorized and enabled to use
secure messaging will actually use it for every outgoing message.
Side
notes to information access and information interchange:
1. The application and
database infrastructure today creates and stores mission-critical application
data which in nearly all cases do not need to be visible and accessible to the
IT departmental staff itself - although this is most often still the case
today!
The overwhelming
majority of corporations today uses anonymous superuser (root, admin, dbadmin
etc.) accounts for all IT operations, due to its ease of use. Very often,
default passwords never have been changed since software installation. Often,
the audit and tracking functionality has been disabled to gain optimum
performance, without any possibility, in case of failures and fraud, to track
back the source of intervention.
BU managers need to
force IT to keep information confidential from its creation down to its
deletion ("end-to-end") by making it accessible only
-
in justified cases
(on a "need-to-know" base)
-
through audited
applications
-
to authorized staff
only.
2. Contractors (or
"temporary workforce") easily get access to corporate assets, without
having any significant loyalty to the employer. They are tempted to abuse this
knowledge, especially if it is "process knowledge" (which always is
most powerful) rather than "data knowledge".
It often happens that
the IT is even unaware of the identity of contractors, as they use the login of
the core staff to do the job. This, again, makes it practically impossible to
track down or audit any activities conducted by a specific person in case of
failure or fraud.
3. The advent of the
Internet and its ubiquitous technologies exposes the IT department and its
services towards the outside in a way applications/services, people and
processes never have been designed for. This leads to a big cultural turnaround
- which includes a push towards a higher level of security awareness throughout
the whole organization.
Most similar to
"quality" and the various attempts in the early nineties to address
it from a holistic view, the next few years will be characterized by the move
towards a comprehensive and consistent IT security infrastructure, including
processes and people, following again a holistic view.
This move will depart from addressing IT security through a point product (like the popular firewall or anti-virus product approach). Everybody is aware that "quality" can not be achieved by just buying, installing and running a single product - for information security however, most people still think that way.
1.3. Value Interchange ("Transactions")
While accessing and exchanging information prepares business decisions, business decisions equal to transactions, now exchanging values instead "plain" information. Note: We are well aware that values are "transported and stored" as another type of information in form of bits and bytes, but - as said - as "another type", leading to legal and financial consequences and acting as the core of any business and commerce.
Most of what has been said for information interchange can be taken towards that layer, however adding now strong legally binding consequences and taking all IT processes to the core of the IT infrastructure, the mission-critical application services themselves.
Superseding paper-, phone and fax-based transaction processes, EDI has been the first attempt to address value interchange in a digital form, available to certain industries only, driven by large enterprises mainly, and technology-wise highly complex and difficult to handle.
The advent of the Internet leads worldwide to the new wave called "e-business" or "e-commerce", a simpler, more widespread and accepted way of EDI. Overseeing a variety of different, sometimes conflicting definitions of e-business or e-commerce, what at least is in common to all is:
- each business process, including any transaction, is conducted digitally, in other words: without paper
- the "user community" is as open as it can be, including the corporation itself, its suppliers and partners and its consumers
- the activity is aligned towards real business, i.e. value interchanges
Examples for value
interchange are
a.
corporate-internal:
-
any process that
requires today a signature either from an employee or his/her manager and that
will lead to a charge of the cost location.
b.
among business
partners (B2B):
-
any agreement on
business conditions and cooperation contracts
-
any supply or sale
order
c.
in the
business-to-consumer relationship (B2C):
-
any legally binding
offer to a consumer
-
any order initiated
or confirmed by the consumer
A side note on
"e-payment": Naturally, e-business and e-commerce require means to
exchange values that are equivalent to "cash". There is, of course, a
variety of ways that transport either "digital cash", or pointers to
it (including the authorization to receive it, too). E-business and e-commerce
can be completely handled without digital cash, using the existing networks of
the financial services industry. However, each value transfer has a direct or
indirect implication on cash flow (either desired, expected, or performed
ones).
From an information
security angle, value interchange (or transactions) will only unfold and
expound its power by ensuring that
-
all participants
(users and services) are uniquely identified, strongly authenticated and
explicitly approve and accept the transaction in an non-disputable way
-
the message
containing the value has not been changed while in transit
-
the initiator of
the transaction is authorized to perform the value transfer
-
the service is
authorized to accept and give a receipt for the value transfer
-
the network between
user and source can keep information confidential on demand
-
the source and the
network are kept available 24x365 and 3rd-party interventions are
prevented.
2. E-Business Security Needs
The following sections identify and define the security issues that need to be addressed to provide a secure solution for the scenarios described earlier.
First a word of caution: computer security is never complete. Given enough resources, or just plain luck, any available computer security solution can be broken. However, the chance of a successful attack can be reduced to such a small number, that a potential attacker is discouraged from attempting to break the security in place. If the resources necessary to break a security solution are (much) higher than the protected information, then it can be argued that a solution is secure enough.
In the remainder of this document, the word user is to be seen in an abstract sense, the user of systems, information, or functions. This can be both, a person or a computer.
2.1. Authentication, Authorization
Authentication is the process of ensuring that a communication partner (user) is who she claims to be. In the non-electronic world this is typically done using a form of ID card, for example a driver’s license. The authentication can be of varying strength, depending on the needs of a particular situation. For example, to change the billing address for the telephone bill, a simple phone call is enough. To withdraw money from a bank account, a picture id must be presented in person and a signature given.
Using computers, authentication is used similarly. A communication partner identifies herself and then proves her identity. To prove the identity, the user will be required to use a certain authentication method, e.g. a password.
Authentication methods are separated into three factors: something you know (username, password), something you have (security token, e.g. smart card), and someone you are (biometrics, e.g. fingerprint). The last factor applies only to human beings, the former two can be used by computers, as well. To achieve a stronger authentication, more than one factor may be used.
For example, a two-factor authentication can be implemented by requiring a smart card and a PIN to unlock the card. Someone who steals the card cannot unlock it for use. Someone who happens to oversee the PIN entered still needs to gain possession of the card to get system access.
Authorization information is used to allow or deny access to systems, information, or functions. Authorization relies on authentication for ensuring the user’s identity, which provides the base information for determining what a particular user is authorized to access.
To ease the administrative burden of managing the authorization information for a constantly changing IT infrastructure and user base, role-based access control (RBAC) is commonly used. RBAC involves the definition of roles that users can take on and assigning these roles to users or groups of users. A user’s authorization level is determined by the roles assigned to a user. All authorization changes are made to the roles, which then reflect on the users.
Authentication and authorization together provide the means for access control. The ability to control access to valuable information is the single most important enabler that allows the placement of (valuable) information resources on the intranet and extranet. Of course, the more valuable this information is, the stricter the requirement for a strong access control solution.
2.2. Confidentiality
Confidentiality assures that information does not fall into the wrong hands. This is different than access control, because access control determines what a user is allowed to access, while confidentiality protects information from unauthorized users who attack the system to obtain access. Typically, the protected information is encrypted for protection from attackers, for example eavesdroppers on a network. However, confidentiality need not be restricted to the network. There could be a strong business case for keeping data on a laptop computer confidential in case of theft.
A major issue with confidentiality is the exchange of keys that are used to encrypt the information. The protected information is only as secure as the key exchange method. For example, an encrypted message transferred to an intended receiver can easily be decrypted if the encryption key is intercepted. Therefore, a secure channel for key exchange must be established. With many communicating parties, establishing the necessary the secure channels becomes very expensive.
2.3. Authenticity, Integrity, Non-repudiation
Information authenticity is the proof of the information origin. This can be done by validating a digital signature associated with the information. Therefore, the sender of information, which may be an e-mail, an electronic transaction, etc, must sign the information and the receiver must have a means to validate the sender’s signature.
Information integrity assures that information has not been changed since it was sealed. Therefore, the receiver of information can be sure that no attacker has been able to change the information contained in a message. This is especially important in situations where the information contained is valuable, e.g. research results, electronic transactions.
Non-repudiation services provide unforgeable evidence that a specific action occurred. The specific action can be referring to the origin, or delivery of a piece of information. Non-repudiation of origin gives the receiver proof of who sent the information. Non-repudiation of submission gives the sender proof that the information was sent (submitted to the network for sending). Non-repudiation of delivery gives the sender proof that the information was delivered to the receiver. These proofs must be demonstrable to a third party.
Authenticity, integrity, and non-repudiation all provide a foundation to establishing trust. A person who is engaging in information or value interchange must be able to rely on the source of the information, that it has been correctly received, and that a proof can be provided in case of trouble. This is, of course, trust in the underlying infrastructure, not the communication partner itself.
Take the example of electronic banking: The bank is usually a trusted business partner. In face-to-face, or even telephone banking transactions, the customer has something tangible, a building, or a phone number that can be trusted to be correct. But the internet was not built to provide the trusted infrastructure. Since “on the internet no one knows you are a dog”, additional measures must be taken to establish the secure infrastructure needed for a trust relationship.
2.4. Availability (IT Infrastructure Protection)
As said earlier, the Internet wave exposes the IT organization and the IT infra- structure to the outside world in a way the infrastructure originally never has been designed and built for.
Leased lines are expensive. With the ubiquity of the Internet around the globe it makes sense to have business data transported through public lines, much cheaper than ever before - as long as the risk given is smaller than the cost advantage and can be mitigated down to an acceptable level.
The computing infrastructure in many cases has become vital to the company business, or even mission critical. To reflect that fact, fortunes have been invested in sophisticated "network and system management" (NSM) packages and frameworks, to keep that infrastructure "up and running".
With the data center, offices, home offices and mobile users connected via and communicating through public lines, another threat scenario enters the availability stage. To protect the corporate information that is stored or in transit on systems, nodes and networks and that is accessed and changed by users and services, elaborate security solutions are available simply
- to keep the existing or new IT services available, AND
- to keep the IT security infrastructure available, too, as it is mission-critical from day one of deployment.
3. What can PKI do?
The public key infrastructure (PKI) is an emerging technology that can be used to address most of the formerly mentioned security needs. While PKI is relatively complex, its asymmetric algorithms solve an issue that symmetric-key algorithms inherently have: key distribution.
3.1. How does PKI cryptography work?
As mentioned before, PKI is based on asymmetric cryptography. This means that not one key is used to encrypt and later decrypt data, but a key-pair. One key in the key-pair is used for encryption and the other key must be used for decryption.
In addition, a PKI uses the concept of a public key, which is available to anyone who wants it, and a private key, which must be a well kept secret of the owner of the key pair. Each key-pair therefore consist of a public and a private key. The security of the private key, the strength of the algorithm and its implementation, and the key length are the main determining factors of the security provided by public key cryptography.
To publish the public key together with the owner’s information, a certificate is used. The certificate is an electronic equivalent to an ID card, because it contains information about the holder, the public key (much like the signature on an ID card), an expiration date, the purpose of use, and an authority’s seal of validity. The certificate is typically published by a directory service and can be requested by anyone who has access to the directory (typically a large group of users).
Both keys in a key-pair can be used for encryption or decryption of data, only the respective other key has to be used for the reverse operation. The decision about which key to use depends on the purpose. For example, to encrypt data for confidentiality purposes, the public key of the intended receiver is used. Only the receiver has the private key and can decrypt the message. To digitally sign a message, the sender uses the private key to encrypt. The signed message can be decrypted by everyone with the corresponding public key, proving the origin of the message. In combination with the certificate that is issued by a trusted party, the originator of the message is clearly identified.
3.1.1. Encryption / Decryption with Asymmetric Keys
The following figure gives a simple example of transmitting an encrypted message. In the example Alice wants to send a secret message to Bob. So Alice gets Bob’s widely available public key and uses it to encrypt the message. Only Bob has the corresponding private key and can decrypt the message.
In practice, asymmetric encryption and decryption are much slower than their symmetric equivalents. Therefore, to combine the fast operation of symmetric cryptography with the key distribution capability of asymmetric cryptography an intermediate step is introduced. This step involves the generation of a symmetric key for encrypting the plaintext. The symmetric key, which is typically much smaller than the plaintext, is then encrypted using the asymmetric key. The symmetric key is transmitted in encrypted form separately or together with the message ciphertext. Only the intended receiver can decrypt the symmetric key and use it to retrieve the message plaintext.
3.1.2. Digital Signature
A digital signature is generated similarly as an encrypted message, only the use of keys is different and a message digest is introduced. The message digest is generated by a one-way hash function. It represents the complete message, because the hash function is designed to calculate a different message digest even if the slightest portion of the original message is changed. The following figure shows the flow of generation and validation of a digital signature.
In the figure. Alice wants to send a digitally signed message to Bob. Alice generates the message digest and encrypts it using her private key. This is the digital signature, the message itself remains unchanged. The message and the message digest are transmitted to Bob, who decrypts the message digest using Alice’s public key. Since he is sure that Alice’s public key really belongs to Alice (as proven by the certifcate that contains the key), he knows that only Alice with her private key could have encrypted the message digest. Bob also computes the message digest again from the received message and compares the two message digests. If they match, Bob is not only sure that the document was sent by Alice, but also that it has not changed during transmission (integrity check). The integrity is ensured, because only Alice has the private key to sign the message digest.
3.1.3. Combining Digital Signature and Encryption
Combining digital signatures and encryption involves just one more step: the original message has to be encrypted before transmission. This is shown in the following figure.
3.1.4. Certificates
Certificates are small
chunks of data to prove the identity of an individual or a computer. They can
live on the hard disk of a PC, laptop, server, or inside a smart card.
Certificates are issued and notarized by certificate authorities (CAs) run by
trusted third parties TTP like government agencies, banks, or employers. They
contain identity information -- such as name and account number -- plus a public
key to encrypt and decrypt data.
The following figure
shows the process of certificate issuance. Basically, Alice sends a request for
a certificate which contains her public key to the certification authority
(CA). The CA decides whether to issue the certificate, based on the CA’s
issuance policies and conditions. Upon approval, the CA signs Alices’s public
key using the CA’s private key and creates a certificate for Alice. Alice
obtains this issued certificate via e-mail, HTTP or other means.
Certificates are
stored in X.509 version 3 standard format to ensure interoperability between
PKI components. The X.509v3 certificate is usually published in a directory for
easy availability to other users.
In addition to issuing a certificate, a CA also needs to be able to revoke it. Certificate revokation is necessary for a number of reasons. Among them are that the security of a user’s private key may have been compromised, the user has lost the private key, the information in the certificate is outdated (e.g. user name, e-mail address have changed), or the user is no longer a member of the community served by the trusted third party (e.g. the employee has left the company).
While certificate revocation lists (CRLs) are currently the most common approach for implementing certificate revocation, they are not very scalable. A CRL contains all revoked certificates in a sequential list, which has to searched to determine if a particular certificate has been revoked. The CRL is published at regular intervals using a directory.
To remedy the scalability issue, other methods for implementing certificate revocation are emerging. The most promising one among them is currently the OCSP (online certificate status protocol), which allows to check a particular certificate’s revocation status when necessary.
3.2. PKI Components
The components that make up a PKI are listed in the following sections.
3.2.1. Registration Authority
The registration
authority (RA) is the front end for the certificate authority (CA). The RA
authenticates users prior to registration and is responsible for certificate
management functions. These functions are: submission of certification
requests, certificate renewal requests, and certificate revocation requests to
the CA, as well as making the issued certificates available to the users.
Optionally, the RA can also be responsible for key-pair generation and
archival.
Different
user-authentication methods exist: in-person, using a web browser (typically
with a password), using e-mail, etc. The strength of the authentication method
determines how reliable the certificate is and what it should and should not be
used for. For example, the user who requested a certificate using a web-based
authentication method could have been provided a wrong identity. Consequently,
this certificate should not be available for authorizing high-value
transactions.
3.2.2. Certification Authority
The certification
authority (CA) issues digital certificates, that are the electronic equivalent
of id cards. To generate a certificate the CA signs the combination of the user
information, the user’s public key, and some certificate policy information and
certifies thereby that the public key user belongs to this particular user.
Anyone who trusts the organization maintaining the certificate authority now
also trusts that the certificate is valid. Note that trust must always be
associated with a purpose. A certificate that has a medium security level
should not be trusted for applications requiring a high-security level.
Other responsibilities
of a CA are:
–
certificate renewal
- certificates typically expire after a certain period of time
–
certificate
revocation – if the certificate becomes invalid for some reason (private key is
lost, compromised; user has left company, etc.)
–
publishing
certificates and certificate revocation lists – usually using a directory
–
issue, publish, and
revoke cross-certificates – establishing a trust relationship among two CAs
–
archiving keys
(optional) – for key escrow and key recovery
The CA must be highly secure to ensure reliability of the issued certificates. Therefore, special care is usually taken to protect network and physical access. These measures can include a firewall, secure OS, secure building, and special procedures for CA access and operation (e.g. four-eyes principle). The CA’s own key is usually longer than keys of users and can be stored in special hardware for extra security. Also, all CA operations are typically logged. All these security factors are determined by the purpose of the CA and the policy that results from it.
3.2.3. Directory
The directory service
provides an online repository for publishing certificates and certificate
revocation lists (CRLs). The certificates and CRLs are stored in the directory
by the CA and retrieved by business applications (PKI clients). Therefore, the
CA needs read-write access and the PKI clients need read-only access to the
directory. Both, CA and PKI clients access the directory using the lightweight
directory access protocol (LDAP).
The information contained
in the directory is public and can easily be validated. As a result, stringent
security is not as important for the directory. However, availability of the
directory is crucial, because it is a mission critical component that must be
available during operational hours of the PKI infrastructure.
Of course, the
security directory can be part of a larger, corporate-wide directory used, for
example, for telephone entries. This would allow utilization of the investments
already made and provides an integrated information source for employee data. In
larger installations, the directory consists
of numerous cooperating servers, which distribute or replicate the information
throughout the organization to ensure timely response to information requests.
3.2.4. Personal Security Environment
The personal security environment (PSE) stores private keys and certificates. The PSE can be implemented using hardware (security tokens, e.g. smart card) or software. A hardware-based PSE can be implemented with its own processing capability, so that the private key never needs to leave the device. Software-based PSEs are cheaper, but are also not as secure as tamper-resistant hardware. In servers, the PSE can reside in a special crypto-accelerator, which not only protects the key, but also speeds up the PKI operations to increase the server capacity.
3.2.5. PKI Plug-ins, Toolkits
Plug-ins or toolkits
are used to integrate PKI with business applications. A toolkit provides access
to PKI facilities via software libraries, insulating business applications from
the low-level cryptographic details. A plug-in goes a step further and uses
predefined interfaces for a particular application to offer a ready-made PKI
intergration. The functionality offered usually includes symmetric and
asymmetric algorithms and supporting utilities such as hash (message digest)
functions.
3.2.6. Optional Components
The following PKI components are not necessary to operate a PKI, but they enhance the security services a PKI can provide.
3.2.6.1. Smart Cards
Smart cards are credit-card size security tokens that are used to secure the PSE and make it more portable. A smart card used for security purposes contains a tamper resistant memory and processor. It stores the user’s key-pair and certificate, and is able to execute cryptographic functions. A smart card offers a high level of security, because the private key never needs to leave the card. Data to be encrypted or decrypted are transferred to the card, the appropriate operations are done on the card, and the result is returned to the hosting computer. Therefore, a smart card allows a user to take her PSE with her for accessing any appropriate computer.
To allow users to effectively use a smart card, a smart card management system (SCMS) is necessary. The SCMS allows personalization of cards and provides support capabilities. To personalize a card, the necessary information needs to be stored in the card, the users identification printed on the card, the issuance information stored in a database, and the card issued in a secure manner to the user. In case the card is lost, damaged, or stolen, the smart card support organization needs to be able to revoke the certificate of the user and issue a new card.
To reduce the occurrence of forgotten cards, smart cards can be combined with other purposes. The cards can serve as company id, as building access cards, or to pay for cafeteria services to give some examples. For this reason, the chip on a smart card can be combined with a magnetic strip, or even a contactless system.
3.2.6.2. Time Stamp Service
A time-stamp service allows the PKI clients to affix time stamps to digitally signed information, sealing data in time. This service should be provided by a trusted party to allow trusted verification of that time/date. The time-stamp is especially useful for electronic transactions, but provides added value for information interchange (e.g. e-mail interaction with third-parties), as well.
3.2.7. Simplified PKI Architecture
The following figure shows the PKI components in a simple architecture. The architecture shows a three-tier network, with the border between tiers protected by a firewall. While the firewalls shown are not direct components of a PKI, they are typically used to protect the PKI servers from attacks. The optional PKI services, smart card management and time-stamp services are shaded.
Not shown in the architecture are redundant servers for high availability, and other support infrastructure, such as management components, for example for backup and restore. These are often necessary, because the security services provided by the PKI are mission critical.
3.3. How are Business Security Needs fulfilled by PKI?
3.3.1. Authentication, Authorization
Public key cryptography is very well suited to provide authentication. With each user identified by an individual certificate the identity of a user is proven by demonstration of possession of the private key. Because no exchange of secret keys is necessary, this is a simple process.
To strenghten the authentication level of a user, several parameters can be tuned. One is of course the key length. The longer the key, the smaller the chance that the private key that corresponds to a public key will be found. Another on is the security of key-storage. Using a tamper-proof hardware device to store the key, such as a smart card, will protect the key from many attacks. In addition, the authentication level can be enhanced by combining the PKI authentication with other factors, such as password, and / or biometrics.
User authorization is not directly addressed by PKI. While different approaches exist to provide priviledge certificates, these are not directly related to PKI. Of course, access control requires authentication as a pre-requisite, so that a strong authentication solution increases the security of the access control solution.
3.3.2. Confidentiality
PKI is very well suited to provide confidentiality, because it solves the issue of key exchange. For example, for a secure e-mail solution with thousands of users it would be infeasible to have users secretly exchange keys before transmitting messages. The management overhead would be prohibitive, not to speak of the cost of establishing secure channels for key exchange. Therefore, there is no feasible alternative to PKI in situations where confidentiality is required for a large number of users.
3.3.3. Authenticity, Integrity, Non-repudiation
Digital signatures, made possible by public-key cryptography, provide authenticity that is good enough to replace handwritten signatures. The German Signature Law, passed in Oct. 1998, provides a legal base for using digital signatures for legally binding contracts. Efforts in this respect are underway in a number of countries. This is, of course, an important foundation for not only electronic transactions, but also in a lesser form for all kinds of information interchange applications.
Message integrity, which is provided by a digitally signed message digest, is important in e-commerce, and information interchange scenarios. As with confidentiality, PKI solves the key-exchange issues that are present in symmetric cryptography algorithms. In addition, if a digital signature is used for authenticity, message integrity is automatically provided.
Non-repudiation can play an important role in electronic transactions, because it provides the “receipts” people are accustomed to in traditional transactions. If the appropriate laws are in place, PKI provides the security basics for non-repudiation: it can be used to prove authenticity and integrity of a receipt.
3.3.4. Availability (IT Infrastructure Protection)
Among the infrastructure security solutions are firewalls, anti-virus packages, intrusion detection systems, vulnerability scanners, and secure versions of operating systems ("trusted OS"). This is the market spot for security products.
The issue here is that these point products typically are not integrated among each other in a way desired by the IT, and product suites may guarantee a higher grade of integration sacrificing the "best-of-breed" desire.
While most of these infrastructure availability solutions are not yet fully PKI-aware, the technology is starting to utilize the capabilities of a PKI, as the underlying mechanism provision to get the point products closer together.
This includes security at the network level, for example with IPSec, as well as at the application level with firewall and virtual private network (VPN) solutions integrated for strong authentication and data confidentiality.
Vice versa, some of these availability solutions, like trusted OS, may assist in preventing the PKI and some of its highly critical and sensitive pieces, like the certificate authority, from attacks and unplanned downtimes.
In sum: In the segment of availability there will be a tight integration of current, proven IT security solutions with the next-generation technologies, led by PKI, towards a comprehensive and consistent IT security infrastructure.