Public Key Infrastructure (PKI) is a system that helps entities secure transactions and communications over networks. Commonly, it involves a trusted third party called a Certificate Authority (CA) which verifies ownership of a server’s public key by validating an entity’s certificate.
PKI’s most basic use is to verify the authenticity of public keys used to establish secure channels of communication.
In the context of PKI, a certificate refers to a digitally-signed document that verifies the authenticity of a public key.
Certificate authorities operate in a hierarchical structure. The basic structure of the hierarchy is:
Root CA -> Intermediate CA -> Issuing CA
Certificates for Root CAs are installed on devices, such as your computer. You wouldn’t be able to use HTTPS if your computer didn’t have those certificates!
A certificate authority is a trusted 3rd-party that creates and signs certificates for public-key infrastructure. Some certificate authorities sign certificates for things like websites, while others sign certificates for other certificate authorities.
In Cybersecurity, we usually talk about PKI in the context of web security. PKI is what lets protocols like SSL and TLS (and by extension HTTPS) work.
However, the concept of PKI is widely applicable, and can be used for:
Pretty much any time you want to securely exchange public keys.
Blockchains consist of blocks of data that are cryptographically linked together in a chain. It is difficult to retroactively modify a block without rendering the chain invalid, making the chain tamper-resistant.
They are of limited use in cybersecurity, and many of the problems they can be used to solve have other, more efficient solutions.
Cryptography is the process of encrypting and decrypting data in order to keep that data safe when storing or transmitting it.
Encryption is a way of hiding data by converting it to an encoded format.
Decryption is a way of revealing encrypted data by decoding it from its encoded format.
Ciphers can be symmetric or asymmetric.
Asymmetric ciphers can be slower than symmetric ciphers but have additional use-cases in authentication and non-repudiation.
Hashing is a one-way process that takes data of any size and represents it as a unique hash value of a fixed size. No matter how large or complex your file is, hashing provides a fast, reliable way to compare files and verify their authenticity.
Hashing lets you check if two pieces of information are the same, without knowing what the information itself actually is.
Hashing can be used to store sensitive data in a secure way.
Ephemeral keys are keys that are discarded after being generated and used.
This means that there is little benefit to an attacker who steals the key because the key quickly becomes useless!
One of the most important security principles is the CIA triad, which stands for Confidentiality, Availability, and Integrity.
Cryptography is a powerful tool for maintaining both confidentiality and integrity. Powerful ciphers prevent unauthorized parties from accessing information without the appropriate key, while cryptographic hashing algorithms make it easy to see if information has been altered, maliciously or otherwise.
Given enough time, any encryption can be broken using brute force. The ciphers we use today are designed to take an extremely long time to be cracked, but computing power is always growing.
Design flaws can allow a cipher to be cracked much faster than would be possible using brute force alone. Cryptography needs to be implemented and applied correctly to work. Strong ciphers are useless if the key is easily stolen, or the data they encrypt is stored in plaintext elsewhere.