An exploration of public key infrastructure applications across diverse domains: a comparative analysis
DOI:
https://doi.org/10.20535/2411-1031.2023.11.2.293496Keywords:
Public Key Infrastructure, Digital Certificates, Web Security, Internet of Things, Authentication, EncryptionAbstract
This article delves into the vital role of Public Key Infrastructure (PKI) in securing and authenticating communications across a multitude of fields. PKI has evolved from a mere technical concept into a cornerstone of secure digital communications, playing a central role in various domains such as web security, healthcare, finance, the Internet of Things (IoT), and government services. PKI employs cryptographic techniques and digital certificates to establish trust, ensure data integrity, and enable secure communications, thus acting as the backbone of digital security. In the wake of the digital revolution, the demand for reliable and robust security solutions has skyrocketed. The diversity and scale of modern digital platforms necessitate adaptable security solutions, a challenge which PKI tackles through its flexible implementation. Despite sharing core principles, the implementation of PKI demonstrates divergences influenced by factors such as scale, complexity, resource constraints, regulatory environments, and trust models. This article offers an extensive comparison of PKI's utilization across various domains, highlighting the commonalities and divergences. It explores how PKI is tailored to meet the unique requirements and challenges of each sector and discusses the certificate lifecycle management in varying contexts. Moreover, it provides an analysis of the current state of PKI applications and challenges, offering insights into the evolving landscape of threats and technologies. Not only does the article address the current state of PKI, but it also presents a forward-looking perspective on its potential future developments. As the digital landscape continues to evolve and expand, it is crucial to anticipate the emerging challenges and devise strategies for proactive adaptation. This article thus serves as a comprehensive resource for understanding the role and impact of PKI in the contemporary digital infrastructure. Ultimately, the article seeks to underline the importance of PKI and highlight the need for continued research and development in this area. As our reliance on digital communications and transactions continues to grow, the role of PKI in safeguarding these interactions becomes increasingly significant. This comprehensive review serves as a valuable resource for researchers, practitioners, and policymakers in understanding the diverse applications of PKI and its critical role in securing the digital world.
References
W. Stallings, Cryptography and Network Security: Principles and Practice. Pearson, 2017.
R. Roman, J. Zhou, and J. Lopez, “On the features and challenges of security and privacy in distributed internet of things”, Computer Networks, vol. 57, no. 10, 2013, pp. 2266-2279. doi: https://doi.org/10.1016/j.comnet.2012.12.018.
R. J. Anderson, Security Engineering: A Guide to Building Dependable Distributed Systems. Wiley, 2008.
E. Rescorla, “The Transport Layer Security (TLS) Protocol Version 1.3”, IETF Trust, 2018, 160 p. [Online]. Available at: https://datatracker.ietf.org/doc/html/rfc8446. Accessed on: Aug. 03, 2023.
T. Dierks, and E. Rescorla, “The Transport Layer Security (TLS) Protocol Version 1.2”, RFC 5246, IETF, 2008, 104 p. [Online]. Available at: https://www.rfc-editor.org/rfc/rfc5246.html. Accessed on: Aug. 03, 2023.
C. Evans, C. Palmer, and R. Sleevi, “Public Key Pinning Extension for HTTP”, Internet Engineering Task Force (IETF), 2015, 27 p. [Online]. Available at: https://datatracker.ietf.org/doc/rfc7469/. Accessed on: Aug. 08, 2023.
R. Gajanayake, R. Iannella, and T. Sahama, “Privacy oriented access control for electronic health records”, Electronic Journal of Health Informatics, vol. 8, no. 2, 2014, 9 p. [Online]. Available at: https://www.researchgate.net/publication/267805570_Privacy_Oriented_Access_Control_for_Electronic_Health_Records. Accessed on: Aug. 12, 2023.
A. Mense, P. Urbauer, S. Sauermann, and M. Frohner, “Integration von Personal Health Records (PHR) in die österreichische elektronische Gesundheitsakte (ELGA)”, in Proc. eHealth2013, May 23-24, Vienna, Austria, 2013, pp. 45-51. [Online]. Available at: https://www.dhealth.at/wp-content/uploads/scientific-papers/2013/mense.pdf. Accessed on: Sep. 08, 2023.
J. L. Fernandez-Aleman, I. C. Senor, P. A. O. Lozoya, and A. Toval, “Security and privacy in electronic health records: A systematic literature review”, Journal of Biomedical Informatics, vol. 46, no. 3, 2013, pp. 268-286. [Online]. Available at: https://www.sciencedirect.com/science/article/pii/S1532046412001864?via%3Dihub. Accessed on: Sep. 08, 2023. doi: https://doi.org/10.1016/j.jbi.2012.12.003.
M. Sayal, “Providing A Secure Environment For E-Commerce Sites Using SSL Technology”, Journal of Education and Science, vol. 29 (1), pp. 174-191. [Online]. Available at: https://edusj.mosuljournals.com/article_164371.html. Accessed on: Aug. 17, 2023. doi: https://doi.org/10.33899/edusj.2020.164371.
C. Narendiran, S. A. Rabara, and N. Rajendran, “Public key infrastructure for mobile banking security”, in Proc. 2009 Global Mobile Congress, Shanghai, China, 2009, pp. 1-6. [Online]. Available at: https://ieeexplore.ieee.org/document/5295898. Accessed on: Sep. 17, 2023. doi: https://doi.org/10.1109/GMC.2009.5295898.
S. Sicari, A. Rizzardi, L. Grieco, and A. Coen-Porisini, “Security, privacy, and trust in Internet of Things: The road ahead”, Computer Networks, vol. 76, 2015, pp. 146-164. [Online]. Available at: https://www.sciencedirect.com/science/article/abs/pii/S1389128614003971?via%3Dihub. Accessed on: Aug. 15, 2023. doi: https://doi.org/10.1016/j.comnet.2014.11.008.
I. Lee, and K. Lee, “The Internet of Things (IoT): Applications, investments, and challenges for enterprises”, Business Horizons, vol. 58, no. 4, 2015, pp. 431-440. [Online]. Available at: https://www.sciencedirect.com/science/article/abs/pii/S0007681315000373?via%3Dihub. Accessed on: Sep. 21, 2023. doi: https://doi.org/10.1016/j.bushor.2015.03.008.
T. Heer, O. Garcia-Morchon, R. Hummen, S. L. Keoh, S. S. Kumar, and K. Wehrle, “Security Challenges in the IP-based Internet of Things”, Wireless Personal Communications, vol. 61, no. 3, 2011, pp. 61-76. Online]. Available at: https://link.springer.com/article/10.1007/s11277-011-0385-5. Accessed on: Sep. 23, 2023. doi: https://doi.org/10.1007/s11277-011-0385-5.
United States Government, “Federal Public Key Infrastructure (PKI) Trust Infrastructure Overview”, Federal PKI Policy Authority. [Online]. Available at: https://www.idmanagement.gov/fpki. Accessed on: Aug. 23, 2023.
Ministry of Government Administration, Reform and Church Affairs, “Requirements specification for PKI in the public sector”. [Online]. Available at: https://www.regjeringen.no/en/dokumenter/requirements-specification-for-pki-in-th/id611085. Accessed on: Aug. 23, 2023.
C. Adams, and S. Lloyd, Understanding PKI: Concepts, Standards, and Deployment Considerations, Addison-Wesley Professional, 2002.
A. Alshehri, S. Alharbi, M. Khayyat, and O. Aboulola, “Global E-government Trends, Challenges and Opportunities”, SAR Journal, vol. 4(1), 2021, pp. 175-180. [Online]. Available at: https://www.sarjournal.com/content/44/SARJournalDecember2021_175_180.html. Accessed on: Aug. 23, 2023. doi: https://doi.org/10.18421/SAR44-04.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2023 Collection "Information Technology and Security"
This work is licensed under a Creative Commons Attribution 4.0 International License.
The authors that are published in this collection, agree to the following terms:
- The authors reserve the right to authorship of their work and pass the collection right of first publication this work is licensed under the Creative Commons Attribution License, which allows others to freely distribute the published work with the obligatory reference to the authors of the original work and the first publication of the work in this collection.
- The authors have the right to conclude an agreement on exclusive distribution of the work in the form in which it was published this anthology (for example, to place the work in a digital repository institution or to publish in the structure of the monograph), provided that references to the first publication of the work in this collection.
- Policy of the journal allows and encourages the placement of authors on the Internet (for example, in storage facilities or on personal web sites) the manuscript of the work, prior to the submission of the manuscript to the editor, and during its editorial processing, as it contributes to productive scientific discussion and positive effect on the efficiency and dynamics of citations of published work (see The Effect of Open Access).