Digital Certificates Can They Be Trusted
Digital Certificates Can They Be Trusted
Table of Contents
Introduction We now live in a world where we as consumers are free to shop 24/7. The world wide web has given us greater access to consumer goods than ever before. As more and more purchases are taking place virtually, where there is no face to face interaction between a buyer and a seller, the need to ensure that online transactions have been made securely is vital to the online shopping community. For e-commerce to prosper, consumers must have absolute confidence that when they pay for goods or services online that the confidential information that they are entering will not be stolen or used maliciously. The use of digital certificates and the public key infrastructure (PKI) has emerged as the de facto standard for conducting secure transaction over the public internet. It has become increasing clear that the security infrastructure on which most of e-commerce is based is actually quite fragile. This paper will focus on the framework surrounding the usage of digital certificates and some of the security issues that have recently emerged.
Background
Most consumer business that is conducted online is made through the use of a web browser. Some of the top browsers currently on the market are Google Chrome, Mozilla Firefox, Microsoft Internet Explorer, Apple Safari and Opera. In an e-commerce application, the browser will need to make a secure connection to the web server so that the consumer’s private and financial data will not be stolen. Cryptographic techniques are used to ensure that even if a message was intercepted by an adversary the information contained the message would be indecipherable. The PKI is what allows users of the public internet to make secure transactions through the use of public/private key pairs, digital certificates and certificate authorities.
Public and Private Keys Digital certificates make use of asymmetric public and private key pairs. This
Table of Contents
Introduction We now live in a world where we as consumers are free to shop 24/7. The world wide web has given us greater access to consumer goods than ever before. As more and more purchases are taking place virtually, where there is no face to face interaction between a buyer and a seller, the need to ensure that online transactions have been made securely is vital to the online shopping community. For e-commerce to prosper, consumers must have absolute confidence that when they pay for goods or services online that the confidential information that they are entering will not be stolen or used maliciously. The use of digital certificates and the public key infrastructure (PKI) has emerged as the de facto standard for conducting secure transaction over the public internet. It has become increasing clear that the security infrastructure on which most of e-commerce is based is actually quite fragile. This paper will focus on the framework surrounding the usage of digital certificates and some of the security issues that have recently emerged.
Background
Most consumer business that is conducted online is made through the use of a web browser. Some of the top browsers currently on the market are Google Chrome, Mozilla Firefox, Microsoft Internet Explorer, Apple Safari and Opera. In an e-commerce application, the browser will need to make a secure connection to the web server so that the consumer’s private and financial data will not be stolen. Cryptographic techniques are used to ensure that even if a message was intercepted by an adversary the information contained the message would be indecipherable. The PKI is what allows users of the public internet to make secure transactions through the use of public/private key pairs, digital certificates and certificate authorities.
Public and Private Keys Digital certificates make use of asymmetric public and private key pairs. This
Cited: 1. White, Bill, Mike Ebbers, Demerson Ciloti, and Gwen Sandra. IBM z/OS V1R11 Communications Server TCP/IP Implementation Volume 4: Security and Policy-Based Networking. N.p.: IBM Redbooks, 2011. 39-40. 2. Schwartz, Mathew J. “Are Digital Certificates Doomed?”. InformationWeek, 6 Sept. 2011. Web. 20 Sept. 2013. . 3. Constantin, Lucian. “One year after DigiNotar breach, Fox-IT details extent of compromise”. Computerworld, 31 Oct. 2012. Web. 19 Sept. 2013. . 4. Wheatman, Vic, and Eric Ouellet. “Certificate Authority Breaches Impact Web Servers, Highlighting the Need for Better Controls”. Gartner, 18 Oct. 2011. Web. 25 Sept. 2013. .