- The public key infrastructure (PKI) validates the trust between two entities for the secure exchange of data.
- Hackers compromise digital certificates, which are an essential part of this infrastructure, to perform malicious activities.
What is a public key infrastructure?
A public key infrastructure (PKI) provides public-key encryption and digital signature services. It allows organizations to build a trustworthy networking environment by managing keys and certificates.
- The pair of public and private key form a critical part of PKI.
- In the SSL protocol, the public key is used to encrypt data and the private key is used to decrypt it.
- A public key certificate (or digital certificate) is issued by a trusted party known as certificate authority. This certificate proves the validity of the public key sender’s authorization and name.
Threats to PKI
Compromising the process or the public key certificate itself could lead to various security incidents in the PKI. Let’s look at a few threats to the PKI.
- Security flaws: Bugs in the software used to certify a public key could be exploited to make an unsecured network seem otherwise.
- Not compliant with standards: Some certificate authorities may not comply with Root Program Requirements.
- Procedural error: These are errors caused by faulty procedures or related entities.
- Human error: Manual mistakes in the entry of data or related operations are called human errors.
Why does it matter?
Hackers who’ve compromised a certificate authority can perform a number of malicious activities such as:
- Stealing the digital certificate of a trusted vendor and using it to sign malicious code. This would improve the probability of the malware being undetected.
- Performing man-in-the-middle attacks in secure connections. The victims would be under the impression that they are accessing a secure site, while the hackers would in fact be listening to the traffic behind the scenes.
- Performing identity or financial theft.