Cyber Security Interview Prep. Q13: "Public Key Infrastructure"

Category: Security

Question: What is Public Key Infrastructure (PKI) and why is it important?

Public Key Infrastructure is a system composed of different elements that work together to manage both digital certificates and public key encryption.

The two most important elements of PKI are keys and certificates. We look at each of these in greater depth in different blog posts.

PKI provides a way to both encrypt web traffic and validate the identity of those who are communicating (through the use of digital certificates).

The first point- to encrypt web traffic- means that traffic in transit should be encrypted so that only the desired recipient can understand the contents of the data. In the event that the data is captured by someone for whom it was not intended, they would have the encrypted data but should not be able to make sense of it. A future blog post will explore this in greater depth. Looking at the CIA Triad, a common Cyber Security framework, encryption of web traffic would fall into the category of confidentiality; the data in transit should remain a secret to all except the intended recipient.

This second point- to validate identity- essentially means that digital certificates allow users to know that the websites they are communicating with are who they say they are. The digital certificates that form part of PKI use asymmetric encryption (Cyber Security Interview Prep. Q4: "Digital Signatures") and ensure non-repudiation. Looking again at the CIA Triad, to confirm the identity of the site as a legitimate one and not a spoofed site falls into the category of Authenticity.

Further Reading:

What is PKI? And how it secures just about everything online | CSO Online