You are in: ECommerce-Guide > News > Trends

ECommerce-Guide Essentials eBiz FAQ Everything you need to know to start your own successful e-business. Selling on eBay How to make money in the online marketplace. PayPal Payments and More What's new in secure payments for your online store. Shopping Cart Software Solutions to close, process and track your online sales.

Growing a Tree Of Trust -- Part One
By Mark Merkow, CCP, CISSP
December 31, 1998

Protect Those Keys!

Protecting the private keys that are tied to a digital certificate''s public key, especially those keys that are used to sign lower-level digital certificates, is very serious business under any PKI uses. Without this protection, the notion of any trust goes out the window and the infrastructure will inevitably fail.

Stolen (copied) private keys from any end entity could be used to transact or communicate without any cause for suspicion. It''s the same as a stolen identity, where a thief masquerades as the legitimate key-holder without any reasons to suspect wrongdoing. Similarly, if the keys for a certificate authority were compromised, the repercussions could be severe. With a stolen (copied) CA key in hand, a would-be forger could issue bogus certificates without any way to detect the forgery. Protection of all CA keys is absolutely critical to maintain the PKI''s level of trust.

The more a private key is used to sign messages, the more instances a would-be attacker can obtain for cryptanalysis. If these keys are changed often and regularly, stored under NORAD-like conditions, and managed well they''ll remain safe from all forms of attack.

PKI cryptographic keys are extremely sophisticated in deterring would-be cryptosystem attackers. Because of its robustness, it''s not really worth the effort to try breaking the cryptography. Even with all the computers on the planet working in tandem, an attacker would still find a tough time in reverse-engineering or attempting brute-force methods (trying all possible combinations of a key) in determining the key. CAs will normally guard against such attacks anyway by using extremely long keys. They''ll also change their keys regularly and re-issue new certificates whenever they do. Rather than try to discover the key, thieves are better off trying to steal the actual key from where it''s stored, so extra precautions must be taken to assure this can''t happen. Because CAs clearly understand the value of the keys in their possession they go out of their way to keep them safe from all possible attacks, physical and logical.

Every end-entity under a PKI is responsible for the safety of their own keys and certificates. This is a central theme and cannot be over-emphasized. A PKI''s ability to guarantee assurances of authentication, message integrity, privacy, and security cannot be realized once keys get into the wrong hands. Private keys are valuable. Although some are considered more valuable than others, that doesn''t lessen the degree of care required for all keys at all times.

Tools:

Add ecommerce-guide.com to your favorites Add ecommerce-guide.com to your browser search box IE 7 | Firefox 2.0 | Firefox 1.5.x Receive news via our XML/RSS feed