Computing Reviews
Today's Issue Hot Topics Search Browse Recommended My Account Log In
Review Help
Search
Introduction to public key infrastructures
Buchmann J., Karatsiolis E., Wiesmaier A., Springer Publishing Company, Incorporated, New York, NY, 2013. 208 pp. Type: Book (978-3-642406-56-0)
Date Reviewed: Mar 13 2014

Much of what happens on the Internet today--for example, the distribution of software and music, electronic commerce, and the exchange of sensitive information--would not be practical without the security provided by encryption. Public-key cryptography uses pairs of public and private keys to facilitate secure communications between parties with no need for prior contact. The effectiveness of public-key cryptography on the Internet is predicated on the secure management of these key pairs through public-key infrastructure (PKI) --the subject of this book. PKI allows millions of people to securely use the Internet each day, blissfully unaware of the complex technology and infrastructure that protects them. However, for all of this to work smoothly, private keys must be kept secret and corresponding public keys must be able to be proven genuine.

Chapter 1 introduces the concepts and goals of security, integrity, and confidentiality of data, as well as the basics of public-key encryption. Several cryptosystems are briefly discussed. Chapter 2 introduces the concept of digital certificates, the tools used to prove the identity of public keys. Good detail on the structure and content of various certificate types and certificate standards is included. Chapter 3 looks at the mechanisms and infrastructure hierarchy that allow Internet users to have a good level of trust in the authenticity of public keys, and chapter 4 discusses how the corresponding private keys are kept secure. The public-key cryptography standards (PKCS) developed by RSA Security since the early 1990s are covered in some detail. The aspects of key management discussed in these two chapters are at the heart of the success of public-key cryptography.

Chapter 5 looks at what happens when something goes wrong--that is, how certificates can be revoked. Certificate revocation lists (CRLs) and the online certificate status protocol (OCSP) are discussed in detail. Chapter 6 discusses validating digital signatures, covering both chain and shell models. Chapter 7 introduces certification service providers, covering the entities responsible for the life cycle management of certificates. Certificate authorities, registration authorities, and directory and revocation services are discussed. This chapter will be enlightening for anyone who has needed to generate secure sockets layer (SSL) certificates for their web servers. Chapter 8 deals with certificate policies, the rules that determine the applicability of certificates to particular classes of applications with common security needs. The standards that define how policies are formally structured are discussed. Chapter 9 explains the steps necessary to retrieve and validate a public key, certified within a hierarchical PKI. Several mechanisms for certificate retrieval are covered, most notably the lightweight directory access protocol (LDAP). The algorithm for validation of a certificate path is spelt out in detail in Appendix A. The final chapter provides examples of the use of PKI in practice. Important PKI-based protocols such as SSL and transport layer security (TLS) are covered. Examples of web pages secured by SSL, secure email, code signing, and virtual private networks (VPNs) are described.

Each chapter finishes with a list of references and set of exercise questions. Pleasingly, the solutions to the exercises are provided in an appendix. The layout and chapter exercises make the book suitable for use as a course textbook. In addition, the thorough index and table of contents also make it useful as a technical reference.

The authors explain the complex workings of public-key cryptography and the infrastructure necessary to support it. The chapters are well illustrated with diagrams and figures. It is not necessary to understand how PKI works to securely use the Internet, but if you do want to understand the minutia of PKI then this book will help. You may, however, need a strong coffee to help you through some parts--cryptography is not a simple topic.

Reviewer:  David B. Henderson Review #: CR142084 (1406-0404)
Bookmark and Share
  Reviewer Selected
Featured Reviewer
 
 
Public Key Cryptosystems (E.3 ... )
 
 
Number-Theoretic Computations (F.2.1 ... )
 
Would you recommend this review?
yes
no
Other reviews under "Public Key Cryptosystems": Date
Direct demonstration of the power to break public-key cryptosystems
Koyama K.  Advances in cryptology (, Sydney, Australia, Jan 8-11, 1990)211990. Type: Proceedings
Sep 1 1991
Public-key cryptography
Salomaa A., Springer-Verlag New York, Inc., New York, NY, 1990. Type: Book (9783540528319)
Feb 1 1992
Computation of discrete logarithms in prime fields
LaMacchia B., Odlyzko A. Designs, Codes and Cryptography 1(1): 47-62, 1991. Type: Article
Apr 1 1992
more...

E-Mail This Printer-Friendly
Send Your Comments
Contact Us
Reproduction in whole or in part without permission is prohibited.   Copyright 1999-2024 ThinkLoud®
Terms of Use
| Privacy Policy