- Shopping Bag ( 0 items )
Ships from: fallbrook, CA
Usually ships in 1-2 business days
Ships from: acton, MA
Usually ships in 1-2 business days
The practical, results-focused PKI primer for every security developer and IT manager.
Public Key Infrastructure (PKI) and related standards give you powerful new ways to solve your toughest e-commerce and Internet security problems. Now there's a comprehensive PKI primer for both technical and nontechnical professionals. IBM security expert Messaoud Benantar delivers the in-depth guidance developers and managers need to make PKI work, including coverage of important related topics such as ASN.1 and PKCS. From start to finish, Benantar focuses on getting results—and on answering your most critical questions about PKI deployment, operation, and administration. Coverage includes:
Benantar's detailed real-world scenarios give developers, administrators, and decision-makers unprecedented insight for deploying effective PKI/PKIX systems. If you plan to use these breakthrough Internet security technologies, there's no better resource.
|Ch. 1||Secret Key Cryptograpy||1|
|Ch. 2||Secret Key Distribution and Management||15|
|Ch. 3||Public Key Cryptography||25|
|Ch. 4||Public Key Establishment - the PKIX Way||45|
|Ch. 5||X.509 Certificate and CRL Extensions||91|
|Ch. 6||Trust Establishment in PKIX||119|
|Ch. 7||PKIX Topology and Operational Protocols||143|
|Ch. 8||PKI Certificate and CRL Repositories||183|
|Ch. 9||PKI Credentials Management||199|
|Ch. 10||PKI-Based Security Applications||213|
Modern secret key cryptography draws strength from the secrecy of keys. This characteristic is not arrived at by choice, rather it is an imposed one. Consider the case of shedding secrecy around a particular cryptographic algorithm. First, the algorithm becomes unavailable for public scrutiny. In the absence of technical scrutiny, the algorithm may hide its weaknesses and thus serves the undesirable principle of security by obscurity. Further yet, such a hiding of the strength or the weakness in a cryptographic algorithm cannot go on for an indefinite period of time. Sooner or later someone will arrive at reverse-engineering the processing logic embedded in a software or a hardware cryptographic module. The outcome will indeed signal the end of that particular algorithm.
Secret keys require distribution to communicating partners and the more often a secret key is distributed the more likely it is to become compromised. Distribution of long-term secret keys goes against the core premise of secret key cryptography, otherwise known as symmetric key cryptography. Transport of secret keys requires the establishment of secure channels. Human transport can be a solution but is certainly one that does not lend itself to large scale distributions. Online distributions require highly secure cryptographic channels, and thus the bootstrapping nature of the secret key distribution problem arises.
In order to alleviate the extent of the secret key distribution problem, the concept of central key distribution (KDC) entity emerged as a somewhat of a natural progression. This entity represents the sole agent that is trusted by every other entity. It plays the roleof both the keeper of secret long-term keys and the distributor of short-term session keys intended for use between two communicating entities. This latter role is dubbed as the introduction of entities to one another and is accomplished using cryptographic channels established between each respective entity and the third party agent based upon a shared long term secret key. Albeit this approach has evolved into the most elegant third party key distribution center, it lacks the flexibility of today's Internet ubiquitous computing paradigm.
Now we're back to the future, to exploiting the concept of public key cryptography that had emerged long before concepts such as the KDC existed. In the basic yet far-reaching concept of public key cryptography, encryption keys come in related pairs, private and public. The private key remains concealed by the key owner, while the public key is freely disseminated. The premise is that it is computationally infeasible to compute the private key by knowing the public key. Data encrypted by the public key can only be decrypted by the private key. With such an appealing characteristic, public key cryptography finally seemed to hold the promise of solving the secret key distribution problem. It certainly did so with the elegant key exchange scheme such as Diffie-Hellman's. Public key Public key cryptography, however, is intended to achieve not only key exchange protocols but to render various security services such as digital signatures, non-repudiation and data enciphering using the well known public key algorithms such as RSA.
The premise of freely disseminating a public key comes with a cost; that of trust. Security services that are based on public key cryptography rely on the single foundation of trusting that a particular public key material is indeed bound to its legitimate user. A promising solution for public key trust-establishment lies in the digital certification provided by X.509 which is adopted as an Internet standard. This book is intended to be a single source covering the major aspects of the Internet public key certification.
Posted June 26, 2002
Mr Messaoud Benantar - Congratulations for your recent book ' Introduction to the Public KeyInfrastructure for the Internet ' . >It was missing somebody to discuss the subject at ASN.1 syntax level and finally a software engineer did the task with wisdom. >Your book is an advance in relation to all the others in the market and a very important >tool for engineers working in that field . > >Cordially >Miguel Carvalho >SEPIN/MCT/BrazilWas this review helpful? Yes NoThank you for your feedback. Report this reviewThank you, this review has been flagged.