PKI AND DIGITAL SIGNATURES 1

PKI and Digital Signatures

Capella University

IAS5220 – Network Security Controls and Testing.

Jan 18, 2019

PKI AND DIGITAL SIGNATURES 2

Abstract

With interconnective of global network devices which support and run the Internet of

Things, industries and business automation processes, transactions and ordering processing unit,

social media interaction, power plant distributions processes, warehouse management and

tracking, e-commerce, the health care patient case management system, network communication

system and also the critical infrastructure of the nation. Since end users generate data or

information and it is sent over internet since there is not much internet traffic monitoring which is

very enticing to an attacker to intercept and whiles eavesdropping on the content of the network

traffic intercepted that means with proper information security policies or procedures over the

network system infrastructure and architecture it led to constant data compromise and network

security breaches.

This paper describes the analysis of the concept of creating a hash to validate the integrity

of information. Discussing the paper is “analyzing the concept of a digital signature to

authentication the source of a message. The paper will review the impact of combining a hash and

a digital signature in supporting electronic commerce. The paper will look at the areas of

vulnerability that exist within a typical PKI implementation and controls that mitigate those

vulnerabilities” (Capella, 2019, 13-14).

Keywords: digital signature, hash, PKI, Vulnerabilities, authentication, electronic

commerce.
PKI AND DIGITAL SIGNATURES 3

Table of Content

 Cover Page,

 Abstract.

 Table of Content.

 Introduction/ Body

 Conclusion

 References
PKI AND DIGITAL SIGNATURES 4

Introduction

The PKI is for information security of organization which is compliant of regulatory

requirements, NIST framework, HIPAA, EINSA, FIPS, ISO 27000, ISO 29100, FERPA, and risk

management framework 2.0. the Public Key and the Private key infrastructure are for the

decryption and encryption network system communication be in asymmetric algorithms. Since we

can provide security services through the use of PKI in it by digital signing a document,

eGovernment operations, e-commerce and business transaction process many more (SANS, 2001,

p 2-4).

So, for anyone to be able to provide and access the e-commerce functions having the

information security procedure of the digital certificates and the encryption for network

communication and traffic over the network. We can create internet ID for our generated data or

information and make the data or information unreadable in ciphertext by a mathematical

algorithm. When you combine the encryption and digital certificates we can offer information

security procedure of authentication, integrity, encryption and token verification. We can

authenticate and verified the identity of the sender of an email by encoding from the certificate

and signatures digitally. After verifying the source of the sender of email from the digital signatures

and certificates and we can able to determine the email data is altered it was sent from point A to

point B on the network communication traffic. Also, the email or data authenticates and verified

for the true source and can also ensure that when we send over the internet is unreadable and

encrypted as travel from one network point to another network point the sender encrypts the email

and the receiver will decrypt it with Public-key cryptography provide. Also, the authenticate,

verified, encrypted email can have the token verification instead of a password to access the data

(Silva, 2003, p 1-2).

PKI AND DIGITAL SIGNATURES 5

Which leads us to the understanding of Hash to validating the integrity of information, with

Hash we consider the chance sum of input which generates an outcome of the same size. Since the

input and output are of the same size since the Hash function the H receive the message of any

extent whiles the output receives constant extent of one bit. Since we can authenticate and verify

the integrity of any data and basis of any file. There are different Hash functions such as MD5,

SHA1, Tripwire, and HMAC. For you validates the integrity of the foundation of information from

the Hash function we examine the foundation of information by the properties to increase the

security or to see unsanctioned variations done to the properties of the files. With joint information

security procedures such as encryptions and hashing we able to verify the foundation of data or

information from the Message Authentication Codes and be able to defend against a replay attack.

The Secure Hash Algorithm 1 and Message Digest 5 algorithm all these algorithms can generate

extended digests from 128 bits, 256 bits to 512 bits and they are not known collisions of finding

it. It will take an attacker a while to find the computation to get the digests collision of MD5 and

SHA1 algorithms. We can use SHA1 one of its algorithm to generates greater outputs in case the

collision is found, which will take a while in time for an attacker to find the collision. When one

establishes the file integrity by quickly examining the properties of the file hash to see is not be

altered such as if an attacker alters the transaction accounts files all security administrator must do

is to see the files altered digest to validates the files integrity (Silva, 2003, p 3-5).

Digital signatures are when you can achieve encryption and decryption by using keys to a

digital fingerprint which plain-text, media context. With attached encrypted message has a hash

message with sender’s private key for decryption of the encrypted message or unmodified

message. The weakness with digital signatures is that man-in-the-middle attacks where an attacker

can intercept the sender’s encrypted messages public key and encrypted message or unmodified
PKI AND DIGITAL SIGNATURES 6

data and send a different modified data or message with substituted hash message private key to

the receiver believing are unaltered message or data. In summary, we use digital signatures to

authenticates the foundations of the message be it encrypted or unmodified (RSA, 1978, p 120-

123).

Combination of the Hash function and Digital signature for e-commerce, we are to secure

the e-commerce transaction process, which is security administrators can authenticate and verify

the sender of transaction process from his digital signature and the properties of the file they will

know whether is altered or not from the hash function algorithms. Such as an attacker who have

intercepted bank payment files of e-commerce transaction order and have made variations to files

properties before sending over it e-commerce receiver, the administrator needs to check and see

the change files properties and digest to see the changes done to the files. Also, the benefits of the

combine Hash function and Digital signatures to e-commerce security administrators can

authenticate and verified sender’s and receiver’s by digital signatures and Hash message attached

to encrypted data or unmodified data which were possible by the E-sign and National Commerce

Act of 2000 (RSA, 1978, p 124-126).

Areas of vulnerabilities which are within PKI such as when certificates of digital

certificates from information security procedure is revoked or is Certificates Revocation list is

must constantly review and adjusted accordingly for proper accounting valid and invalid

certificates. There is also the proper vetting of the email address certification. Also, when file

properties contain a random bit hash which makes ease to alter the file hash bit properties without

it being visible to anyone. Also, another PKI vulnerability is when public and private key becomes

public verifiable the integrity of the encrypted data or message, the data digest is easily

distributable to the public. There PKI vulnerabilities if the Public and private key is assessable to
PKI AND DIGITAL SIGNATURES 7

man-in-the-middle.
PKI AND DIGITAL SIGNATURES 8

References

Oracle Sun Microsystems. (n.d). Access Control, Authentication, and Encryption. Date retrieved

01/16/2019, https://docs.oracle.com/cd/E19901-01/817-7607/aci.html

SANS (2001) Institute History of Encryption, Date retrieved 01/16/2019,

https://www.sans.org/reading-room/whitepapers/vpns/history-encryption-730

RSA: Rivest, Shamir, and Adleman, ``A method for obtaining digital signatures and public key

cryptosystems'', Communications of the ACM, Feb. 1978, pp. 120-126.

Silva, J. E. (2003). An Overview of Cryptographic Hash Functions and Their Users. Date

retrieved 01/16/2019, https://www.sans.org/reading-

room/whitepapers/vpns/overview-cryptographic-hash-functions-879

Dougherty, C.R. (2008) Vulnerability Note VU# 836068 MD5 Vulnerable To Collision Attacks’,

Date retrieved 01/16/2019, https://www.kb.cert.org/vuls/id/836068

Capella University, 2019, Courseroom, unit 2, Hash and Digital Signatures, Date retrieved

01/16/2019,

https://courserooma.capella.edu/webapps/blackboard/content/listContent.jsp?course_id=_

162482_1&content_id=_7268977_1&mode=reset
PKI AND DIGITAL SIGNATURES 9
PKI AND DIGITAL SIGNATURES 10