Home arrow Security arrow Page 3 - PKI: Looking at the Risks

Private key protection - Security

Public key infrastructure (PKI) is an excellent technology to help users certify that the people or companies they are corresponding with are who they say they are. It has proven itself invaluable in e-commerce among other areas. As with any technology, however, it is not without its own security risks. Eliana Stavrou discusses these risks, and ways to minimize them.

  1. PKI: Looking at the Risks
  2. Trust establishment
  3. Private key protection
  4. CRL availability
  5. Key generation
  6. Legislation compliance
By: Eliana Stavrou
Rating: starstarstarstarstar / 9
January 24, 2005

print this article



The cornerstone of the PKI is the private key you use to encrypt or digitally sign information. One of the most significant things a PKI has to offer is non-repudiation. Non-repudiation guarantees that the parties involved in a transaction or communication cannot later on deny their participation. Imagine how vital this requirement is for e-commerce; as a consumer or a seller you have warranties that you will get what you have paid for or even that you will be paid as agreed.  

Assuming that your private key is stolen, this will lead to the compromise of the authentication and non-repudiation gained through PKI because the attacker can use your private key to digitally sign documents and pretend to be you. This is obviously a situation you do not want to face. Imagine how much damage (economically, credibility etc.) can be caused by someone else running around masquerading as you!    

Compromising the private key is a threat that involves not only the holders of the digital certificate but the CA itself. Compromising the CA’s private key may lead to dramatic consequences if it is not detected immediately. The attacker can use the CA’s private key to generate numerous fraudulent digital certificates that may then be used for illegal purposes. 

How to minimize the risk: Both the holders of a digital certificate and the issuing authority must protect the computers, storage devices or whatever they use to keep the private keys. A combination of security solutions can be used to achieve a high-level of protection such as strong passwords, anti-virus, firewalls, intrusion detection tools etc.

>>> More Security Articles          >>> More By Eliana Stavrou

blog comments powered by Disqus
escort Bursa Bursa escort Antalya eskort


- Secure Your Business for Data Privacy Day
- Google Testing Security Fob Password Alterna...
- Security News Highlights Concerns
- Going to Extremes for Data Security
- Skipfish Website Vulnerability Scanner
- Critical Microsoft Visual Studio Security Pa...
- US Faces Tech Security Expert Deficit
- LAN Reconnaissance
- An Epilogue to Cryptography
- A Sequel to Cryptography
- An Introduction to Cryptography
- Security Overview
- Network Security Assessment
- Firewalls
- What’s behind the curtain? Part II

Developer Shed Affiliates


Dev Shed Tutorial Topics: