Public Key Infrastructure

Public key infrastructure or PKI is the governing body behind issuing digital certificates. It
helps to protect confidential data and gives unique identities to users and systems. Thus, it
ensures security in communications.
The public key infrastructure uses a pair of keys: the public key and the private key to achieve
security. The public keys are prone to attacks and thus an intact infrastructure is needed to
maintain them.

Managing Keys in the Cryptosystem:

The security of a cryptosystem relies on its keys. Thus, it is important that we have a solid key
management system in place. The 3 main areas of key management are as follows:
 A cryptographic key is a piece of data that must be managed by secure administration.
 It involves managing the key life cycle which is as follows:

 Public key management further requires:

 Keeping the private key secret: Only the owner of a private key is authorized
to use a private key. It should thus remain out of reach of any other person.
 Assuring the public key: Public keys are in the open domain and can be
publicly accessed. When this extent of public accessibility, it becomes hard to
know if a key is correct and what it will be used for. The purpose of a public key
must be explicitly defined.
PKI or public key infrastructure aims at achieving the assurance of public key.

Public Key Infrastructure:

Public key infrastructure affirms the usage of a public key. PKI identifies a public key along
with its purpose. It usually consists of the following components:
 A digital certificate also called a public key certificate
 Private Key tokens
 Registration authority
 Certification authority
 CMS or Certification management system
Working on a PKI:

Let us understand the working of PKI in steps.

 PKI and Encryption: The root of PKI involves the use
of cryptography and encryption techniques. Both symmetric and asymmetric
encryption uses a public key. The challenge here is – “how do you know that the public key
belongs to the right person or to the person you think it belongs to?”. There is always a risk
of MITM(Man in the middle). This issue is resolved by a PKI using digital certificates. It
gives identities to keys in order to make the verification of owners easy and accurate.
 Public Key Certificate or Digital Certificate: Digital certificates are issued to people and
electronic systems to uniquely identify them in the digital world. Here are a few
noteworthy things about a digital certificate. Digital certificates are also called X.509
certificates. This is because they are based on the ITU standard X.509.
 The Certification Authority (CA) stores the public key of a user along with other
information about the client in the digital certificate. The information is signed
and a digital signature is also included in the certificate.
 The affirmation for the public key then thus be retrieved by validating the
signature using the public key of the Certification Authority.
 Certifying Authorities: A CA issues and verifies certificates. This authority makes sure
that the information in a certificate is real and correct and it also digitally signs the
certificate. A CA or Certifying Authority performs these basic roles:
 Generates the key pairs – This key pair generated by the CA can be either
independent or in collaboration with the client.
 Issuing of the digital certificates – When the client successfully provides the
right details about his identity, the CA issues a certificate to the client. Then CA
further signs this certificate digitally so that no changes can be made to the
information.
 Publishing of certificates – The CA publishes the certificates so that the users
can find them. They can do this by either publishing them in an electronic
telephone directory or by sending them out to other people.
 Verification of certificate – CA gives a public key that helps in verifying if the
access attempt is authorized or not.
 Revocation – In case of suspicious behavior of a client or loss of trust in them,
the CA has the power to revoke the digital certificate.

Classes of a Digital Certificate:

A digital certificate can be divided into four broad categories. These are :
 Class 1: These can be obtained by only providing the email address.
 Class 2: These need more personal information.
 Class 3: This first checks the identity of the person making a request.
 Class 4: They are used by organizations and governments.

Process of creation of certificate:

The creation of a certificate takes place as follows:

 Private and public keys are created.
 CA requests identifying attributes of the owner of a private key.
 Public key and attributes are encoded into a CSR or Certificate Signing Request.
 Key owner signs that CSR to prove the possession of a private key.
 CA signs the certificate after validation.
 he process of obtaining Digital Certificate by a person/entity is depicted in the following
illustration.

Creation of Trust layers among CA Hierarchies:

Each CA has its own certificate. Thus, trust is built hierarchically where one CA issues
certificates to other CAs. Moreover, there is a root certificate that is self-signed. For a root CA,
the issuer and the subject are not two separate parties but a single party.

Security of Root CA:

As you saw above, the ultimate authority is the root CA. Hence, the security of root CA is of
huge importance. If the private key of a root CA is not taken care of, then it might turn into a
catastrophe. This is because anyone disguised as the root CA can then issue certificates. To
meet security standards, a root CA should be offline 99.9% of the time. However, it does need
to come online to create public and private keys and to issue new certificates. Ideally, these
activities should be performed 2-4 times a year.
Disadvantages of PKI:
 Speed: Since PKI uses super complex algorithms to create a secure key pair. So it
eventually slows down the process and data transfer.

 Private Key Compromise: Even though PKI can’t be hacked very easily but a private key
can be hacked by a professional hacker, since PKI uses Public and Private key to encrypt
and decrypt data so with user’s private key in hand and public key which is easily available
the information can be decrypted easily.
Public Key Authentication Protocols
Authentication protocols are methods or procedures used to verify the identity of a user, device,
or system. These protocols are designed to ensure that only authorized users or devices are able
to access protected resources, and to prevent unauthorized access or tampering.
Types of Authentication
There are many different types of authentication protocols in use today, each with its own
strengths and weaknesses. Here are some common types of authentication ?
 Password-based authentication ? This is the most common form of authentication, in
which a user provides a username and password to log in to a system or access a
protected resource. Password-based authentication is relatively simple to implement, but
can be vulnerable to attacks such as dictionary attacks or brute force attacks.
 Two-factor authentication ? This is a type of authentication that requires a user to
provide two forms of identification, such as a password and a security token, to log in to
a system or access a protected resource. Two-factor authentication can provide an
additional layer of security, but may be inconvenient for users and may require additional
infrastructure to support.
 Biometric authentication ? This is a type of authentication that uses physical or
behavioral characteristics,such as a fingerprint or facial recognition, to verify the identity
of a user.Biometric authentication can be highly secure, but may be expensive to
implement and may not work well for all users (e.g., due to differences in physical
characteristics).
The Most Common Authentication Protocols are:
Kerberos
LDAP
OAuth2
SAML
RADIUS
1. Kerberos :

Kerberos is a protocol that aids in network authentication. This is used for validating
clients/servers during a network employing a cryptographic key. It is designed for executing
strong authentication while reporting to applications. The overall implementation of the
Kerberos protocol is openly available by MIT and is used in many mass-produced products.
Some advantages of Kerberos :
 It supports various operating systems.
 The authentication key is shared much efficiently than public sharing.

Some disadvantages of Kerberos :

 It is used only to authenticate clients and services used by them.
 It shows vulnerability to soft or weak passwords.

2. Lightweight Directory Access Protocol (LDAP) :

LDAP refers to Lightweight Directory Access Protocol. It is a protocol that is used for
determining any individuals, organizations, and other devices during a network regardless of
being on public or corporate internet. It is practiced as Directories-as-a-Service and is the
grounds for Microsoft building Activity Directory.

Some advantages of LDAP :

 It is an automated protocol which makes it modernizing easier.
 It supports existing technologies and allows multiple directories.
Some disadvantages of LDAP :
 It requires the experience of deployment.
 The directory servers are required to be LDAP obedient for deployment.
3. OAuth2 :

OAuth as the name suggests it is an authorization framework that promotes granting limited
access to the user on its account through an HTTP service. When a user requests access to
resources an API call is made and after the authentication token is passed.

Some advantages of OAuth2 :

 It is a simple protocol and is easy to implement.
 It provides server-side authorization of code.
Some disadvantages of OAuth2 :
 It is vulnerable to manage different sets of code.
 It shows serious effects on sites connected to another affected system.

4. SAML :

SAML stands for Security Assertion Markup Language which is based on XML-based
authentication data format which provides the authorization between an identity provider and
service provider. It serves as a product of the OASIS Security Services Technical Committee.
Some advantages of SAML :
 It reduced the administrative costs for the end-users.
 It provides a single sign-in for authenticating across service providers.

Some disadvantages of SAML :

 It is dependent on the identity provider.
 All the data is managed in a single XML format.

5. RADIUS :
RADIUS stands for Remote Authentication Dial-In User Service. It is a network protocol that
provides sufficient centralized Authentication, Accounting, and Authorization for the users that
use and network services. The functioning of the protocol occurs when the user requests
access to network resources, where the RADIUS server encrypts the credentials which are
entered by the user. After this, the user credentials are mapped through the local database and
provide access.

Some advantages of RADIUS :

 It is a great mechanism for providing multiple access for Admins.
 It provides a unique identity to each user in a session.
Some disadvantages of RADIUS :
 Initial implementation for this mechanism is hard on hardware.
 It has a variety of models that may require a special team which is cost consuming.
Firewall
A firewall is a network security device either hardware or software-based which monitors all
incoming and outgoing traffic and based on a defined set of security rules it accepts, rejects, or
drops that specific traffic. It acts like a security guard that helps keep your digital world safe
from unwanted visitors and potential threats.
 Accept: allow the traffic
 Reject: block the traffic but reply with an “unreachable error”
 Drop: block the traffic with no reply
A firewall is a type of network security device that filters incoming and outgoing network
traffic with security policies that have previously been set up inside an organization. A firewall
is essentially the wall that separates a private internal network from the open Internet at its
very basic level.

Need For Firewall

Before Firewalls, network security was performed by Access Control Lists (ACLs) residing on
routers. ACLs are rules that determine whether network access should be granted or denied to
specific IP address. But ACLs cannot determine the nature of the packet it is blocking. Also,
ACL alone does not have the capacity to keep threats out of the network. Hence, the Firewall
was introduced. Connectivity to the Internet is no longer optional for organizations. However,
accessing the Internet provides benefits to the organization; it also enables the outside world to
interact with the internal network of the organization. This creates a threat to the organization.
In order to secure the internal network from unauthorized traffic, we need a Firewall.
History of Firewalls
 Late 1980s: Jeff Mogul, Brian Reid, and Paul Vixie at Digital Equipment Corp (DEC)
developed packet-filtering technology, laying the groundwork for firewalls by checking
external connections before they reached internal networks.
 Late 1980s - Early 1990s: AT&T Bell Labs researchers, including Presotto, Sharma, and
Nigam, developed the circuit-level gateway, a firewall that vetted ongoing connections
without reauthorizing each data packet, paving the way for more efficient security.
 1991-1992: Marcus Ranum introduced security proxies at DEC, leading to the creation of
the Secure External Access Link (SEAL), the first commercially available application-
layer firewall, based on earlier DEC work.
 1993-1994: At Check Point, Gil Shwed pioneered stateful inspection technology, filing a
patent in 1993. Nir Zuk developed a graphical interface for Firewall-1, making firewalls
accessible and widely adopted by businesses and homes
Working of Firewall
 Firewall match the network traffic against the rule set defined in its table. Once the rule is
matched, associate action is applied to the network traffic. For example, Rules are defined
 as any employee from Human Resources department cannot access the data from code
server and at the same time another rule is defined like system administrator can access the
data from both Human Resource and technical department.
 Rules can be defined on the firewall based on the necessity and security policies of the
organization.
 From the perspective of a server, network traffic can be either outgoing or incoming.
Firewall maintains a distinct set of rules for both the cases. Mostly the outgoing traffic,
originated from the server itself, allowed to pass. Still, setting a rule on outgoing traffic is
always better in order to achieve more security and prevent unwanted communication.
Incoming traffic is treated differently.
 Most traffic which reaches on the firewall is one of these three major Transport Layer
protocols- TCP, UDP or ICMP. All these types have a source address and destination
address. Also, TCP and UDP have port numbers. ICMP uses type code instead of port
number which identifies purpose of that packet.
Default policy: It is very difficult to explicitly cover every possible rule on the firewall. For
this reason, the firewall must always have a default policy. Default policy only consists of
action (accept, reject or drop). Suppose no rule is defined about SSH connection to the server
on the firewall. So, it will follow the default policy. If default policy on the firewall is set
to accept, then any computer outside of your office can establish an SSH connection to the
server. Therefore, setting default policy as drop (or reject) is always a good practice.
Types of Firewall
Firewalls can be categorized based on their generation.

1. Packet Filtering Firewall

Packet filtering firewall is used to control network access by monitoring outgoing and
incoming packets and allowing them to pass or stop based on source and destination IP
address, protocols, and ports. It analyses traffic at the transport protocol layer (but mainly uses
first 3 layers). Packet firewalls treat each packet in isolation. They have no ability to tell
whether a packet is part of an existing stream of traffic. Only It can allow or deny the packets
based on unique packet headers. Packet filtering firewall maintains a filtering table that decides
whether the packet will be forwarded or discarded. From the given filtering table, the packets
will be filtered according to the following rules:
 Incoming packets from network 192.168.21.0 are blocked.
 Incoming packets destined for the internal TELNET server (port 23) are blocked.
 Incoming packets destined for host 192.168.21.3 are blocked.
 All well-known services to the network 192.168.21.0 are allowed.
2. Stateful Inspection Firewall
Stateful firewalls (performs Stateful Packet Inspection) are able to determine the connection
state of packet, unlike Packet filtering firewall, which makes it more efficient. It keeps track of
the state of networks connection travelling across it, such as TCP streams. So the filtering
decisions would not only be based on defined rules, but also on packet’s history in the state
table.

3. Application Layer Firewall

Application layer firewall can inspect and filter the packets on any OSI layer, up to the
application layer. It has the ability to block specific content, also recognize when certain
application and protocols (like HTTP, FTP) are being misused. In other words, Application
layer firewalls are hosts that run proxy servers. A proxy firewall prevents the direct connection
between either side of the firewall, each packet has to pass through the proxy.
4. Next Generation Firewalls (NGFW)
NGFW consists of Deep Packet Inspection, Application Inspection, SSL/SSH inspection and
many functionalities to protect the network from these modern threats.
5. Circuit Level Gateway Firewall
This works as the Sessions layer of the OSI Model's . This allows for the simultaneous setup of
two Transmission Control Protocol (TCP) connections. It can effortlessly allow data packets to
flow without using quite a lot of computing power. These firewalls are ineffective because they
do not inspect data packets; if malware is found in a data packet, they will permit it to pass
provided that TCP connections are established properly.

6. Software Firewall
A software firewall is any firewall that is set up locally or on a cloud server. When it comes to
controlling the inflow and outflow of data packets and limiting the number of networks that
can be linked to a single device, they may be the most advantageous. But the problem with
software firewall is they are time-consuming.

7. Hardware Firewall
They also go by the name "firewalls based on physical appliances." It guarantees that the
malicious data is halted before it reaches the network endpoint that is in danger.
8. Cloud Firewall
These are software-based, cloud-deployed network devices. This cloud-based firewall protects
a private network from any unwanted access. Unlike traditional firewalls, a cloud firewall
filters data at the cloud level.
Importance of Firewalls
So, what does a firewall do and why is it important? Without protection, networks are
vulnerable to any traffic trying to access your systems, whether it's harmful or not. That's why
it's crucial to check all network traffic.
When you connect personal computers to other IT systems or the internet, it opens up many
benefits like collaboration, resource sharing, and creativity. But it also exposes your network
and devices to risks like hacking, identity theft, malware, and online fraud.
Once a malicious person finds your network, they can easily access and threaten it, especially
with constant internet connections.
Using a firewall is essential for proactive protection against these risks. It helps users shield
their networks from the worst dangers.
What Does Firewall Security Do?
A firewall serves as a security barrier for a network, narrowing the attack surface to a single
point of contact. Instead of every device on a network being exposed to the internet, all traffic
must first go through the firewall. This way, the firewall can filter and block non-permitted
traffic, whether it's coming in or going out. Additionally, firewalls help create a record of
attempted connections, improving security awareness.
What Can Firewalls Protect Against?
 Infiltration by Malicious Actors: Firewalls can block suspicious connections, preventing
eavesdropping and advanced persistent threats (APTs).
 Parental Controls: Parents can use firewalls to block their children from accessing
explicit web content.
 Workplace Web Browsing Restrictions: Employers can restrict employees from using
the company network to access certain services and websites, like social media.
 Nationally Controlled Intranet: Governments can block access to certain web content
and services that conflict with national policies or values.
By allowing network owners to set specific rules, firewalls offer customizable protection for
various scenarios, enhancing overall network security.
Advantages of Using Firewall
 Protection From Unauthorized Access: Firewalls can be set up to restrict incoming
traffic from particular IP addresses or networks, preventing hackers or other malicious
actors from easily accessing a network or system. Protection from unwanted access.
 Prevention of Malware and Other Threats: Malware and other threat prevention:
Firewalls can be set up to block traffic linked to known malware or other security concerns,
assisting in the defense against these kinds of attacks.
 Control of Network Access: By limiting access to specified individuals or groups for
particular servers or applications, firewalls can be used to restrict access to particular
network resources or services.
 Monitoring of Network Activity: Firewalls can be set up to record and keep track of all
network activity.
 Regulation Compliance: Many industries are bound by rules that demand the usage of
firewalls or other security measures.
 Network Segmentation: By using firewalls to split up a bigger network into smaller
subnets, the attack surface is reduced and the security level is raised.
Disadvantages of Using Firewall
 Complexity: Setting up and keeping up a firewall can be time-consuming and difficult,
especially for bigger networks or companies with a wide variety of users and devices.
 Limited Visibility: Firewalls may not be able to identify or stop security risks that operate
at other levels, such as the application or endpoint level, because they can only observe and
manage traffic at the network level.
 False Sense of Security: Some businesses may place an excessive amount of reliance on
their firewall and disregard other crucial security measures like endpoint security or
intrusion detection systems.
 Limited adaptability: Because firewalls are frequently rule-based, they might not be able
to respond to fresh security threats.
 Performance Impact: Network performance can be significantly impacted by firewalls,
particularly if they are set up to analyze or manage a lot of traffic.
 Limited Scalability: Because firewalls are only able to secure one network, businesses that
have several networks must deploy many firewalls, which can be expensive.
 Limited VPN support: Some firewalls might not allow complex VPN features like split
tunneling, which could restrict the experience of a remote worker.
 Cost: Purchasing many devices or add-on features for a firewall system can be expensive,
especially for businesses.