Security without Obscurity

Book description

Most books on public key infrastructure (PKI) seem to focus on asymmetric cryptography, X.509 certificates, certificate authority (CA) hierarchies, or certificate policy (CP), and certificate practice statements. While algorithms, certificates, and theoretical policy are all excellent discussions, the real-world issues for operating a commercial or

Table of contents

  1. Preface
  2. Authors
  3. Chapter 1: Introduction
    1. 1.1 About This Book
    2. 1.2 Security Basics
    3. 1.3 Standards Organizations
  4. Chapter 2: Cryptography Basics
    1. 2.1 Encryption
    2. 2.2 Authentication
    3. 2.3 Nonrepudiation
    4. 2.4 Key Management
    5. 2.5 Cryptographic Modules
  5. Chapter 3: PKI Building Blocks
    1. 3.1 PKI Standards Organizations
    2. 3.2 PKI Protocols: SSL and TLS
    3. 3.3 PKI Protocol: IPsec
    4. 3.4 PKI Protocol: S/MIME
    5. 3.5 PKI Methods: Legal Signatures and Code Sign
    6. 3.6 PKI Architectural Components
  6. Chapter 4: PKI Management and Security
    1. 4.1 Introduction
    2. 4.2 Publication and Repository Responsibilities
    3. 4.3 Identification and Authentication
    4. 4.4 Certificate Lifecycle Operational Requirements
    5. 4.5 Facility, Management, and Operational and Physical Controls
    6. 4.6 Technical Security Controls
    7. 4.7 Certificate, CRL, and OCSP Profiles
    8. 4.8 Compliance Audits and Other Assessments
    9. 4.9 Other Business and Legal Matters
  7. Chapter 5: PKI Roles and Responsibilities
    1. 5.1 Certificate Authority
      1. 5.1.1 Root CA
      2. 5.1.2 Online CA
      3. 5.1.3 OCSP Systems
    2. 5.2 Registration Authority
    3. 5.3 Policy Authority
    4. 5.4 Subscribers
    5. 5.5 Relying Party
    6. 5.6 Agreements
      1. 5.6.1 Certificate Authority Agreements
      2. 5.6.2 Registration Authority Agreements
      3. 5.6.3 Subscriber Agreements
      4. 5.6.4 Relying Party Agreements
  8. Chapter 6: Security Considerations
    1. 6.1 Physical Security
    2. 6.2 Logical Security
    3. 6.3 Audit Logs
    4. 6.4 Cryptographic Modules
  9. Chapter 7: Operational Considerations
    1. 7.1 CA Architectures
    2. 7.2 Security Architectures
    3. 7.3 Certificate Management
    4. 7.4 Business Continuity
    5. 7.5 Disaster Recovery
    6. 7.6 Affiliations
  10. Chapter 8: Incident Management
    1. 8.1 Areas of Compromise in a PKI
      1. 8.1.1 Offline Root CA
      2. 8.1.2 Online Issuing CA That Has Multiple CA Subordinates
      3. 8.1.3 Online Issuing CA That Does Not Have Subordinate CAs
      4. 8.1.4 Online RA
      5. 8.1.5 Online CRL Service HTTP or HTTPS Location for Downloading CRLs
      6. 8.1.6 OCSP Responder
      7. 8.1.7 End User’s Machine That Has a Certificate on It
        1. 8.1.7.1 Private Key Compromise
        2. 8.1.7.2 Private Key Access
        3. 8.1.7.3 Limited Access to the Private Key
        4. 8.1.7.4 Other Attacks
    2. 8.2 PKI Incident Response Plan
    3. 8.3 Monitoring the PKI Environment Prior to an Incident
    4. 8.4 Initial Response to an Incident
    5. 8.5 Detailed Discovery of an Incident
    6. 8.6 Collection of Forensic Evidence
    7. 8.7 Reporting of an Incident
  11. Chapter 9: PKI Governance, Risk, and Compliance
    1. 9.1 PKI Governance
    2. 9.2 Management Organization
    3. 9.3 Security Organization
    4. 9.4 Audit Organization
    5. 9.5 PKI Risks
    6. 9.6 Cryptography Risks
      1. 9.6.1 Aging Algorithms and Short Keys
      2. 9.6.2 Modern Algorithms and Short Keys
      3. 9.6.3 Aging Protocols and Weak Ciphers
      4. 9.6.4 Aging or Discontinued Products
    7. 9.7 Cybersecurity Risks
      1. 9.7.1 Framework Core
      2. 9.7.2 Framework Profile
      3. 9.7.3 Framework Implementation Tiers
    8. 9.8 Operational Risks
      1. 9.8.1 Monitoring
      2. 9.8.2 Capacity
      3. 9.8.3 Continuity
      4. 9.8.4 Resources
      5. 9.8.5 Knowledge
    9. 9.9 PKI Compliance
    10. 9.10 Evaluation Criteria
    11. 9.11 Gap Assessment
    12. 9.12 Audit Process
  12. Chapter 10: Advanced PKI
    1. 10.1 Industry Initiatives
    2. 10.2 Certificate Trust Levels
    3. 10.3 Relying Party Unit
    4. 10.4 Short-Term Certificates
    5. 10.5 Long-Term Certificates
  13. Bibliography
    1. B.1 ASC X9
    2. B.2 ETSI
    3. B.3 IETF
    4. B.4 ISO
    5. B.5 NIST
    6. B.6 PKCS
    7. B.7 Miscellaneous

Product information

  • Title: Security without Obscurity
  • Author(s): Jeff Stapleton, W. Clay Epstein
  • Release date: February 2016
  • Publisher(s): Auerbach Publications
  • ISBN: 9781498788212