1) Public Key Infrastructure
Public Key Infrastructure (KEY) is a set of policies, roles, and procedures that support the distribution and identification of public key encryption. The purpose of PKI is to facilitate secure information transfer over a range of network activities. This framework provides security services such as integrity, confidentiality, authentication, and non-repudiation. Therefore, the PKI play an important role in access control.
Integrity is the methods which ensure that the data is accurate, real and guarded against the unauthorized user modification. The integrity of data is a crucial component of information security since users should be able to trust information. Data and information which is not trusted compromises with the integrity of the data. Data that is stored in computers should remain unchanged, and it should also remain unchanged during transportation (Russ & Tim, 2001).
It is very important to ensure that the integrity of data verification mechanisms like data comparison and checksums are implemented. Public Key Infrastructure ensures that there is integrity protection by assuring the format and the source of keying material through verification. PKI that is built with integrity and security is able to provide legal protection. An example is when the user activity is in any dispute (Russ & Tim, 2001).
According to computer systems, confidentiality means allowing users who are authorized to access protected and sensitive information. Data and information which are sensitive should be disclosed only to the authorized users. So as to prevent inruders from gaining access to such information. Classification systems enable confidentiality to be enforced on sensitive data and information. For a user to access the specific information and data, they must obtain a certain level of clearance (Johannes, Evangelos, & Alexander, 2013).
Methods of role-based security can be used to help in ensuring confidentiality by ensuring that there is a viewer or user authentication. This may involve assigning an access level to specific departments in the organization. Access controls which ensure that the user actions are restricted to their roles can also be used to ascertain confidentiality of information and data. For example, the user can be defined to read but not in writing the data (Johannes, Evangelos, & Alexander, 2013).
Authentication is the process which confirms and ensures the identity of the user. This process begins when users try to access any information and data. The access rights and the identity of the user must be proven before accessing the information. Passwords and usernames are mostly used in this process (Nash, 2001).
This process of authentication can, however, be circumvented by hawkers. Biometrics is the best way of authentication since it only depends on the presences of the user and the biological features. Methods of Public Key Infrastructure use digital certificates in proving user identity. USB tokens or the key cards are the other tools used for authentication. Unsecured emails which seem to appear as if they are legit are the ones that cause the greatest threat to authentication (Nash, 2001).
Non-repudiation is a concept that ensures the receiver or sender of a message will not deny receiving or sending the message in the future. This method guarantees message encryption between parties through the use of signatures. In non-repudiation, the time stamp is a very important audit check. The time stamp is an audit check which provides all information about the time that the sender sent the message and the time that the receiver received the message (Carlise & Steve, 1999).
Non-repudiation can be achieved using digital signatures so as to prove receipt or delivery of the message. This method is however not very effective a third party can compromise the integrity of the data. The proof data authentication and origin of data can be obtained using data hash (Carlise & Steve, 1999). In addition, Non-repudation gives n assurance that an individual cannot deny something.
The thing that is compelling regarding Access Control course is that it provides a set of policies and procedures used for establishing a secure way of exchanging and transferring information. These policies also establish systems for exchanging data over unsecured networks. For example, the knowledge about the concept of Public Key Infrastructure is important since it can enable a one in ensuring the security of information is that Public Key Infrastructure uses the combination of the symmetric and asymmetric process.
Communicating parties use asymmetric encryption in protecting the secret key exchanged thus enabling symmetric encryption. Asymmetric encryption is then used for the rest of the communication process after the secret key has already been exchanged. Each of the different elements of Public Key Infrastructure can be violated independently. These elements are independent and unique and therefore require different security controls. When the availability of information is maintained, it does not mean that its utility is maintained too since information can be available, but it is useless for the intended purpose.
2) Security Services of PKI
The Public key infrastructure (PKI) is the arrangement of hardware, software, approaches, procedures, and methods required to make oversee, disperse, use, store, and deny advanced authentications and open keys (Rouse, 2018). The PKI is the establishment that empowers the utilization of innovations, for example, advanced marks, and encryption, crosswise over vast client populaces. PKIs convey the components fundamental for a protected and confided in business condition for web-based business and the developing Internet of Things. The security services provided by PKI are integrity, confidentiality, authentication, and non-repudiation.
Integrity is given in PKI through cryptographic strategies. For example, a digital signature or a message validation code. It guarantees that the archive or information that was gotten was not messed with or changed. It guarantees the beneficiary is accepting the message in its unique arrangement. For example, if a fingerprint of the document is provided and if it matches, then the document was not altered.
Integrity services upheld by a PKI utilize cryptographic procedures to permit parties expecting to keep up the uprightness of their information transmissions to guarantee accepting gatherings (Brink, Duane, & Joseph, 2001). The information they get is the information that was planned and that it was sent from whom it was proposed. By preparing, like the information cryptography in privacy benefits, a PKI by and large backings symmetric-key cryptographic components that guarantee information trustworthiness "under the covers" in a correspondences situation that is confirmed utilizing public key cryptography. This information integrity service normally makes itself known just when information is found to have been suddenly modified, requiring a contribution from the information, buyer to deal with the defiled information.
Confidentiality is given in PKI through encryption. Confidentiality services upheld by a PKI rely upon a blend of cryptographic strategies used to secure the information correspondences between parties (Nash, 2001). These services normally depend on public key cryptography to give an open and preparation methods for obscure gatherings to approve secret information trade with each other. They depend on another type of cryptography "under the covers" to "cover up" and ensure the genuine information in the interchanges from access by unapproved parties.
It is possible for a PKI to help secrecy administrations utilizing open key cryptography alone. However, usage of privacy benefits quite often incorporates a symmetric-key cryptography part for down to earth reasons. With a confidentiality service upheld by a PKI, one of the numerous customers in the undertaking can confirm interchanges with a given server. They can trade information with that server with sensible certainty that the information won't be captured and perused by any unapproved specialist, including different customers talking secretly with a similar server.
Authentication services for a PKI are upheld by uneven key cryptography to affirm identity matches. Public key cryptography depends on the presence of a particularly coordinated key pair. Each key speaks to a way to remarkably coordinate a personality characterized by the other key (Wiesmaier, Karatsiolis, & Buchmann, 2013). One gathering has a private key from the key pair that is known just to that party and that distinguishes its character extraordinarily to every single other gathering.
Every single other gathering shares an open key from that key pair known to every one of them that can extraordinarily verify the gathering that possesses the coordinating private key. This gives an advantageous way to enable numerous obscure gatherings to validate correspondences with a gathering that has a given personality. PKI authentication services support all other center security administrations utilized by a PKI, just as progressively subordinate security administrations. For example, nonrepudiation, which guarantees that a creator who produces information can't later deny having delivered it.
Non-repudiation is an idea, or a way, to guarantee that the sender or recipient of a message can't deny either sending or accepting such a message in future. PKI guarantees that a creator can't discredit that they marked or encoded a specific message once it has been sent, accepting the private key is verified (Czagan, 2018). Here Digital signatures connect senders to their messages. Just the sender of the message could sign messages with their private key. All messages marked with the sender's private key began with that person. It is vital that the time source is verified when digital signatures are utilized for non- repudiation.
One of the vital review checks for non- repudiation is a time stamp. The time stamp is a review trail that gives data of the time the message is sent by the sender and the time the message is gotten by the recipient. One must guarantee that the time source can be trusted and is secure all together for non- repudiation to be effective. A PKI can be designed to confirm that no valid operation can be repudiated.
About the course
The most compelling part in this course is residency weekend. Gained knowledge on group topic fingerprint biometric access control with the help of team members. Other groups also have done an excellent job, and all the members in class have gained knowledge about different topics. Professor has clearly explained how to write in APA format and use in-text citations.
Every week in the discussion board on a topic every student has posted their different view and opinion. Participating in the discussion board has enhanced the learning ability. There is nothing uncertain about this course. Thanks to the professor for making this course easy and giving knowledge on different segments.