Certificate Authority: Ensure the Circle of Trust

With an increase in technology large companies constantly face confidentiality threats when outsiders attempt to intercept important trade secrets by circumventing attempts to ensure a secure authentication process through the use of digital signatures and digital certificates. In What is cryptography? How algorithms keep information secret and safe, Josh Fruhlinger asserts: “ In general, in order to function securely, the internet needs a way for communicating parties to establish a secure communications channel while only talking to each other across an inherently insecure network” (Fruhlinger, 2020). He suggests a dire need to secure communication channels between communicating parties to address insecure internet concerns.

Cryptography allows programmers to utilize mathematical operations to restrict access to sensitive messages that desperate criminals constantly seek to intercept. Government and financial institutions strive to ensure confidentiality through the use of cryptography. Carefully constructed encryption algorithms accept a plaintext input from a sender and convert the sensitive information in the plaintext to ciphertext that can be transmitted across a network and decrypted with a decryption algorithm that will convert the ciphertext back to plaintext that can be read by the intended receiver (Neso Academy, 2021).

Symmetric key encryption adds an added layer of security to encryption and decryption algorithms through the use of accepting the same private key that only the sender and the receiver know as input into their algorithms in addition to the plaintext or ciphertext. While algorithms may be public, these special keys prevent dangerous hackers from intercepting sensitive information. Hackers attempt to break complex keys that serve a vital role in protecting sensitive information. Keys must be carefully constructed to prevent hackers from breaking the code. Computationally secure keys ensure that it will take more effort, time, and resources for a hacker to break a key and discover sensitive information than the information is worth. If a hacker were to gain access to the key, they would gain access to the sensitive information it protects. A key must be long enough to prevent a hacker from guessing it. Key length often determines if a key will be compromised by a dangerous hacker through a brute force attack. Ensuring an appropriate key length that is not human readable forms the base of if an encryption scheme is unconditionally secure in a cryptography process. A hacker must never be allowed to decipher the plaintext information from the ciphertext and steal company information (Neso Academy, 2021).

When other methods of securing an agreed upon shared key are not ideal, the Diffie–Hellman key exchange allows two parties to agree upon a shared key even when a man in the middle is listening. This is used to facilitate symmetric cryptography to encrypt and decrypt their messages. Many of today's foundational communication technologies use Diffie-Hellman as the basis of their encryption, such as SSH, IPSec, and TLS.

To ensure the identity of a host using public keys, I would attach a hash at the end of the document. The hash serves as a fingerprint for the document that traces where the document originates thus ensuring non-repudiation. Encrypting the hash using the signature method provides additional security for the document. A document’s message and its hash could be encrypted together using the encryption method to facilitate a secure transfer of a document. This method encourages data integrity because any change to the document will alter the hash signature (Zimmerman, 2020).

Secure certificate based connections, such as TLS, require secure exchanges of keys and depend on third party certificate validation to prevent Man in the Middle attacks. Digital certificates enhance a secure connection by binding a domain name as the origin of a public key, discouraging attackers from intentionally swapping the sender's public key for their own public key without the knowledge of the receiver and gaining access to the receiver’s Symmetric Key to encrypt access into a seemingly secure connection. To prevent data from unknowingly being intercepted and modified in transit between the sender and the receiver, digital certificates implement additional security in verifying the owner of a public key from a certificate authority (Destination Certification, 2020). I would validate that the public key is trusted by the intermediate and root certificate authorities. For self-signed certificates I would perform this validation by creating a root certificate to be installed on all of the machines in my organization (Crabbe, 2017). I would add extensions to my certificate to denote specific functions to increase the capabilities of my digital certificate.

Cryptographically secure digital certificates and signatures encourage the secure transfer of information by increasing the trust shared between a sender and a receiver. When talking with someone over the internet, an inherently insecure connection, one cannot trust the identity of the user or system on the other end. The use of mathematical concepts, cryptography, and verifiable trust authorities in protocols, such as TLS, allow a client to verify who they are talking to over an intrinsically insecure internet. The threat environment continuously changes with the discovery of new attack vectors. Cybersecurity defense must play close attention to rising trends to stay ahead of the game. Successful Man in the Middle attacks that threaten to intercept and modify sensitive information can be greatly reduced by carefully determining the point of origin and validating the certificate authorities of a digital certificate, and utilizing encrypted hash fingerprints in our digital signatures (Professor Messer, 2014).

References:

Crabbe, D. (2017). Intro to Digital Certificates [Video]. YouTube. https://www.youtube.com/watch?v=qXLD2UHq2vk&t=618s

Destination Certification. (2020, March 27). Digital Certificates Explained - How digital certificates bind owners to their public key [Video]. YouTube. https://www.youtube.com/watch?v=5rT6fZUwhG8

Fruhlinger, J. (2020). What is cryptography? How algorithms keep information secret and safe. CSO (Online), https://proxy.library.maryville.edu/login?url=https://www.proquest.com/trade-journals/what-is-cryptography-how-algorithms-keep/docview/2451249651/se-2

Neso Academy. (2021, April 17). Cryptography [Video]. YouTube. https://www.youtube.com/watch?v=6_Cxj5WKpIw

Professor Messer. (2014, September 23). Digital Certificates - CompTIA Security+ SY0-401: 6.3 [Video]. YouTube. https://www.youtube.com/watch?v=hq56tXhTnLg&t=130s

Zimmerman, R. (2020). Problem with digital signatures [Video]. YouTube. https://www.youtube.com/watch?v=8t-dbqUMIWQ&list=PLdfBRDjssB2Y7ajMShcQjOKntcnj0jJzS&index=60

Comments

Post a Comment

Popular posts from this blog

SalonAboutBeauty: Less Integration for Consistent Styling Across Components

Ensuring Consistent Variables Less provides several advantages for organizing CSS to ensure consistency across a website. The variables.less file defines reusable properties that allow a developer to easily communicate and maintain styles according to a style guide or theme.  The Less Web Development Cookbook describes properties in the variables.less file in relation to other programming languages: “Variables in Less are defined as the equivalent to statics in other programming languages. You assign a value to a variable once and use it everywhere in your code” (Meyghani & Jobsen, 2015, p. 50). It suggests that less allows a developer to set properties, such as colors and length, to variable names that retain their meaning and can be used everywhere in the code. Examples: @base-color: red, @primary: green.  By providing these definitions in a central location, developers create code consistency in all areas of the website. Creating an Organized File St...
Read more

Why “Human Error” Is Usually a System Design Problem

In complex systems, failure rarely comes from a single bad decision. It comes from problems that evolve slowly, cross boundaries, and remain unresolved while everyone involved behaves reasonably. Managing risk in these environments means managing trajectories, not just incidents. When ownership is divided strictly by role, function, or severity threshold, gaps are inevitable. Those gaps are where issues linger, age, and quietly accumulate risk, not because they were ignored, but because no one was responsible for carrying them forward end to end. This is common in healthcare, where delay is often necessary. A patient may require observation, referrals, or time to clarify diagnosis. The failure is not that care takes time; it is that the trajectory of care becomes fragmented. Each clinician escalates correctly within scope, yet no one owns the evolving picture across visits, domains, and decisions. The patient is evaluated repeatedly, reassured locally, and sent away without continuity ...
Read more

Challenges in Prosecuting Deep Web and Darknet Crimes: The Case of Ross Ulbricht and the Silk Road

  The deep web represents online information that is not easily accessible through search engines. Prosecuting crimes on the deep web is no more challenging than prosecuting crimes for any standard website because law enforcement can still track the user's location through a domain or IP address. Alternately, the darknet poses a challenge for law enforcement to address illicit activity because while the darknet is a web-based system, it is accessible only through the Tor protocol that encapsulates HTTP and HTTPS traffic, much like a VPN that hides a user’s location and identity. The Tor protocol, often called the Onion Router, contains methods for encrypting and routing traffic between peers. The purpose of the Tor protocol is to make web browsing anonymous by routing each request through multiple peers and altering encryption at various steps until the request reaches its destination. Subsequent requests may hop through different peers, making traffic appear random, unpredictable,...
Read more