Webcast Title: Digital Certificates – A Critical Line of defense Against Cybercrime
Presenters:
- Ted Shorter from is CTO at Certified Security Solutions (CSS)
- John Grimm is Senior Director – Product Marketing at Thales E-Security
Scheduled Time: December 16, 2015
Duration: 1 Hour and 1 Minute
Summary:
The webinar/webcast is highlighting one of the very important security topics about digital certificates which are more and more used to protect our privacy.
The presenters had very good experience through presenting and discussing the topic of Digital Certificates and PKI (Public Key Infrastructure). The presentation is very good and they divided the presentation between them in very good way which you will be interested to follow up.
They covered the following agenda items:
- PKI beginnings – solving a simpler problem
- PKI evolution – solving today’s problems
- Preparing for what’s coming tomorrow
The presenters gave a list of resources which are available on their websites as well as in the presentation itself.
Review:
The webcast is well organized the presenter started with a carton with a fog using the computer with a statement “On the Internet, nobody knows you’re a dog” and sked the audience which year this carton created and the right answer was 1993. This is a good start to explain why digital certificate is needed to solve the issue.
Then, they explained the history of using PKI from 1995 till 2015 in three periods from 1995 to 2002: Beginnings of PKI, then from 2003 to 2010: The Enterprise PLI Emerges and finally from 2011 to 2015: New Uses and Growing Pains. Using PKI is increased dramatically over periods and they need management and protection from hackers.
They explained some use cases like E-Ticketing, Digital Cinema and Manufacturing.
The good things that the presenter’s shows statistics figures about reliance on PKI, applications use PKI credentials which SSL certificates for public facing websites and services are the higher percentage about 78%, and mobile authentication is the lower percentage at 49% but still big use. Challenges to enable applications to use PKI, future trends which shows cloud-based services is used 64% based on the study (31:30), SSL Certificate Research which shows how many certificates, how they issued whether through Certificate Authority or Self-Signed, when they will have expired and if they are already expired. Another one shows Top Ten Issuer of SSL Certificate and Go Daddy is number one in the number of issued certificates.
At (44:31) they explained how can Thales and CSS help? The two companies that are working in this field and made this webcast available. Thales products provide strong key management by providing hardware to store PKI and centralize and control services and CSS makes PKI easier by providing software and expertise.
The digital certificates will continue despite all the issues around them and it will be increased. The private key should be protected as well.
Conclusions:
The aim of the webinar/webcast to highlight the importance of the PKI and how it used increasingly from the past till now. Also, to link this need with what are the solutions offered by the two companies?
The presentation is valid and in line with today’s use of digital certificates. (Brands, 2000) says “In the near future, digital certificates may be built into any device or piece of software that must be able to communicate securely with other devices or with individuals. This includes mobile phones, watches, televisions, cars, and conceivably even computerized household appliances.”
“As infrastructure of authentication on open networks like the internet, public key infrastructure (PKI) is well known. In PKI, a user generates a pair of keys which are private key and public key. The user enrolls the pair of keys to certificate authority (CA). By verifying a public key certificate (PKC) which CA issues, service providers can authenticate user who has valid pair of keys (Zhou, 2005). “
References:
Brands, S. A. (2000). Rethinking Public Key Infrastructures and Digital Certificates : Building in Privacy. Cambridge, Mass: The MIT Press.
Zhou, J. (2005). Applied Public Key Infrastructure : 4th International Workshop: IWAP 2005. Amsterdam: IOS Press.