About Us Our Work Employment News & Events
MITRE Remote Access for MITRE Staff and Partners Site Map
edge top

February 2001
Volume 5
Number 1

Information
Assurance Issue

Securing Enterprise Resources with PKIs

How Does PKI Work?

Cyberspace Detectives Employ Intrusion Detection Systems and Forensics

Correct Cryptographic Protocols Provide Authentication and Confidentiality

Secure Infrastructure Management

Network Management System for Base Information Protection

Helping Secure United States Transportation Command Data

Defense in Depth

Information Assurance Highlights

CVE Continues to Grow

 
Home > News & Events > MITRE Publications > The Edge >
How Does PKI Work?

The foundation technology for Public Key Infrastructures (PKI) is asymmetric cryptography, so called because it uses different keys for the encryption and decryption processes. A pair of keys, one intended for private use and one intended for public use, is generated for each user. The public key is derived from the private key, yet it is computationally infeasible to derive the private key from a public key. Because of this, public keys can be made widely available without compromising the integrity of the system.

When information is encrypted with a public key, it can be decrypted only with its corresponding private key. Therefore, when the sender of a message uses the public key of the recipient to encrypt it, the sender can be sure that its contents can only be read after being decrypted by the recipient (the owner of the private key) and by no one else.

Conversely, when information is encrypted with a private key, it can be decrypted only with the corresponding public key. Therefore, the recipient of information successfully decrypted with a public key can be certain that only the private key could have encrypted it. This is the basis for a digital signature. A digital signature provides evidence on who originated the data and whether the data has been altered in any way.

A Certification Authority (CA) digitally signs and issues public key certificates. The CA's digital signature cryptographically binds the user's identity with the user's public key. The CA's digital signature can be validated to ensure that the public key certificate has been signed by a recognized and approved CA.

Security services generally associated with public-key cryptography include:

• strong authentication--cryptographic verification of the identity of an individual, device, or other entity within a computer system.

• data confidentiality--assurance that the person receiving the information is the intended recipient and that the information has not been disclosed to unauthorized entities.

• data integrity--verification that no unauthorized modification of the data has occurred.

• non-repudiation--assured undeniability of participation in a transaction.

For more information, please contact Steve Boczenowski using the employee directory.

Homeland Security Center Center for Enterprise Modernization Command, Control, Communications and Intelligence Center Center for Advanced Aviation System Development

 
 
 

Solutions That Make a Difference.®
Copyright © 1997-2013, The MITRE Corporation. All rights reserved.
MITRE is a registered trademark of The MITRE Corporation.
Material on this site may be copied and distributed with permission only.
IDG's Computerworld Names MITRE a "Best Place to Work in IT" for Eighth Straight Year The Boston Globe Ranks MITRE Number 6 Top Place to Work Fast Company Names MITRE One of the "World's 50 Most Innovative Companies"
 

Privacy Policy | Contact Us