Network security
Network security

This free course is available to start right now. Review the full course description and key learning outcomes and create an account and enrol if you want a free statement of participation.

Free course

Network security

8.2 Certification authorities and digital certificates

There are snags to this procedure, however: for example, Charlie could generate a key pair for himself and publish the public key using Bob's name. Some additional assurance is required that irrevocably binds together the true identity of a person with a public key. This assurance can be provided by a trusted third party, known as a certification authority, which is able to vouch for Bob. Certification authorities can be independent organisations, system administrators, or companies (such as Verisign) that specialise in validating the identity of an entity and issue a digital certificate that binds the identity with a public key. The certification authority knows only the public key of the entity and not the private key, which should of course be kept secret at all times. The entity may not be a person – it could also, for example, be a computer, a website, or a network resource such as a router. Once the digital certificate has been issued, the entity can append it to messages it sends in order to provide assurance about its identity.

Activity 12

Can you think of a problem that might arise with this arrangement?

Answer

An entity, say Charlie, could create his own digital certificate, which he claims has been issued by a certification authority and which allows him to masquerade as Bob. Alternatively, he could modify Bob's authentic certificate by substituting his own public key in place of his.

So a digital certificate itself needs some form of authentication to provide assurance that it is valid.

Activity 13

How could a certification authority provide assurance about the validity of a digital certificate?

Answer

The certification authority could include its own identity and digital signature in the digital certificate.

Typically, a digital certificate includes the information illustrated in Figure 12. It may also include the level of trust that the certification authority is prepared to recommend. The emerging standard for digital certificates is ITU-T X.509.

Figure 12 Format of a typical digital certificate

A user will need to obtain the certification authority's public key in order to validate its signature. In turn, the binding of the certification authority's identity to a public key will itself need to be the subject of validity assurances, and thus the system of authentication depends on an extended structure and often relies on a chain of certificates.

Certification authorities form part of what is known as a public key infrastructure – a combination of services and encryption techniques that together are used to protect the security of data over networks. At the time of writing, the definition of a public key infrastructure is rather loose, but it is generally accepted that it will include:

  • a registration authority, which checks and verifies the credentials of a user before a digital certificate can be issued

  • a certification authority that issues and verifies digital certificates

  • directory services for the publishing of public keys and certificates

  • certificate management and key management services.

T823_1

Take your learning further

Making the decision to study can be a big step, which is why you'll want a trusted University. The Open University has over 40 years’ experience delivering flexible learning and 170,000 students are studying with us right now. Take a look at all Open University courses.

If you are new to university level study, find out more about the types of qualifications we offer, including our entry level Access courses and Certificates.

Not ready for University study then browse over 900 free courses on OpenLearn and sign up to our newsletter to hear about new free courses as they are released.

Every year, thousands of students decide to study with The Open University. With over 120 qualifications, we’ve got the right course for you.

Request an Open University prospectus