What is Digital Certificate in Network Security?

June 9, 2018 Author: munishmishra04_3od47tgp
Print Friendly, PDF & Email

Digital certificates are a core component in the provision of secure data communications. Gaining an understanding of the nature, creation and operation as well as the variety of these certificates is an essential step for students of computer, information or network security. Digital Certificates provide a means of proving your identity in electronic transactions; much like a driver license or a passport does in face-to-face interactions. With a Digital Certificate, you can assure friends, business associates, and online services that the electronic information they receive from you are authentic.



Basic Overview of Digital Certificate

A Digital Certificate is an electronic “password” that allows a person, organization to exchange data securely over the Internet using the public key infrastructure (PKI). Digital Certificate is also known as a public key certificate or identity certificate.

Digital certificates provide a mechanism to authenticate and secure information on open networks. Applications using this mechanism include secure email, secure web communications, digital signing of software files, smart card authentication, and encrypting file systems. Certificates are a key building block for providing security services within an IT infrastructure, usually referred to as a public key infrastructure (PKI). Such contexts support:

  • the binding of public keys to entities
  • the distribution of public key certificates
  • verification of entity public key certificates via a third party (the certificate authority)

Digital certificates are the equivalent of a driver’s license, a marriage license, or any other form of identity. The only difference is that a digital certificate is used in conjunction with a public key encryption system. Digital certificates are electronic files that simply work as an online passport. Digital certificates are issued by a third party known as a Certification Authority such as VeriSign or Thawte. These third party certificate authorities have the responsibility to confirm the identity of the certificate holder as well as provide assurance to the website visitors that the website is one that is trustworthy and capable of serving them in a trustworthy manner.

digital certificate

Figure: Digital Certificate

While creating the certificate, this information is digitally signed by the issuing CA. The CA’s signature on the certificate is like a seal on packaging — any altering with the contents can easily be detected. Digital certificates are based on public-key cryptography, which uses a pair of keys for encryption and decryption. With public-key cryptography, keys work in pairs of matched “public” and “private” keys.




In this, public key can be offered to anyone without the fear of getting compromised but, the private key should remain only with its owner. These keys works in pair, anything encrypted through public key can only be decrypted with its relative private key and vice versa. A digital certificate can securely bind your identity, as verified by a trusted third party, with your public key.

Significance of Digital Certificate

Digital certificates are based on public-key cryptography, which uses a pair of keys for encryption and decryption. With public-key cryptography, keys work in pairs of matched “public” and “private” keys. In cryptographic systems, the term key refers to a numerical value used by an algorithm to alter information, making that information secure and visible only to individuals who have the corresponding key to recover the information.

Digital certificates have two basic functions. The first is to certify that the people, the website, and the network resources such as servers and routers are reliable sources, in other words, who or what they claim to be. The second function is to provide protection for the data exchanged from the visitor and the website from tampering or even theft, such as credit card information.

The public key can be freely distributed without compromising the private key, which must be kept secret by its owner. Since these keys only work as a pair, an operation (for example encryption) done with the public key can only be undone or decrypted with the corresponding private key, and vice-versa. A digital certificate can securely bind your identity, as verified by a trusted third party, with your public key.

Who Use Digital Certificates?

Digital Certificates can be used for a variety of electronic transactions including e-mail, electronic commerce, groupware and electronic funds transfers. Netscape’s popular Enterprise Server requires a Digital Certificate for each secure server. For example, a customer shopping at an electronic mall run by Netscape’s server software requests the Digital Certificate of the server to authenticate the identity of the mall operator and the content provided by the merchant. Without authenticating the server, the shopper should not trust the operator or merchant with sensitive information like a credit card number. The Digital Certificate is instrumental in establishing a secure channel for communicating any sensitive information back to the mall operator Virtual malls, electronic banking, and other electronic services are becoming more commonplace, offering the convenience and flexibility of round-the-clock service direct from your home. However, your concerns about privacy and security might be preventing you from taking advantage of this new medium for your personal business. Encryption alone is not enough, as it provides no proof of the identity of the sender of the encrypted information. Without special safeguards, you risk being impersonated online. Digital Certificates address this problem, providing an electronic means of verifying someone’s identity. Used in conjunction with encryption, Digital Certificates provide a more complete security solution, assuring the identity of all parties involved in a transaction. Similarly, a secure server must have its own Digital Certificate to assure users that the server is run by the organization it claims to be affiliated with and that the content provided is legitimate.



References

[1] Vivek kumar, “Digital certificates”, available online at: https://webuser.hs-furtwangen.de/~heindl/ebte-08ss-digital-certificates-Vivek-kumar.pdf

[2] Reshma Afsha, “Digital Certificates (Public Key Infrastructure)”, Indiana State University October 2015

[3] O’Brien, Mick, and George RS Weir, “Understanding digital certificates”, In Proceedings of the 2nd International Conference on Cybercrime Forensics Education & Training. 2008.

[4] “Understanding Digital Certificates & Secure Sockets Layer (SSL): A Fundamental Requirement for Internet Transactions”, Entrust, Inc. February 2005.

[5] “What are digital certificates? How are they created?” available online at: https://www.quora.com/What-are-digital-certificates-How-are-they-created

No Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

Insert math as
Block
Inline
Additional settings
Formula color
Text color
#333333
Type math using LaTeX
Preview
\({}\)
Nothing to preview
Insert