Security is one of the most important aspects of any network communication because of the amount of different threats toward data in today’s high technology world. These threats are made by people hoping to exploit holes in the security architecture of an organization, and to gain access to packet information for whatever reason.
Therefore applications, protocols and certificates are needed to implement and control the verification of identities using secure private keys combined with known public keys for known organizations and authorities which identify the communication between each other over the internet using this system of encryption and ciphers.
The head of the Computer Emergency Response Team (CERT), which is a government agency dealing with network security claimed in 2000 that “Security measures that were appropriate for mainframe computers and small well-defined networks inside an organization are not effective for the Internet” (Cordesman & Cordesman, 2002, p. 47), therefore verification of identity is crucial in such elements as e-commerce, in order to identify both the buyer and seller, or the user who wants access to remotely stored information.
Trust is a key aspect to mention, because verifying the identity of someone who you haven’t met yet is difficult. If you meet someone for the first time, it is difficult to ascertain if the person is who they say they are, without asking some pertinent questions about that person which may not be polite. However, using this analogy, if a friend introduces the same person to you there is a third party element of the situation in that your friend is able to verify the integrity and authenticity of the unknown person.
Certificate authorities, also known as CA’s, which act as a high technology intermediary between two parties who want to carry out transactions on a network, are the industry standard. These certificate authorities usually provide digital signatures which can be verified using unique and identifiable information. For example a web server will hold a server certificate which has been cross checked for validity and verification with a third party authority.
A client wishing to do a transaction with this server will receive the certificate and check against a database held by the third party verification agencies, such as VeriSign, that they are honest. People are able to apply for personal certificates and devices are able to hold certificates as well as other servers which may deal with the internal application communication between an application server and a database server. The scope for implementing a public key infrastructure (PKI) is enormous, and the technology can be used on both local private networks, as well as over the most public network of them all, the internet.
The idea of having an intermediary like a CA means that verification of both parties uses the most basic concept of trust, and is dealt with by an external body. This therefore removes some of the need for an internal system of cross referencing every connection, which would cause unwanted network load as well as being a costly alternative. This could prove to be a costly addition to any network with extra servers, applications and network infrastructure if these third party intermediary functions did not exist.
Having this system in place shows that in the case of a security breach, and some particular software being used to sniff and read packet data, the security of the actual data is paramount (Cook, 2003) and that the organization takes security seriously. Privacy has become a very serious issue in the wake of such controversy as the Facebook privacy controls problem. The privacy issues that internet users face today are to do with the amount of personal data that is required to register and use some of these social networking services.
This data could be used for identity theft and fraudulent activities, should the information end up in the hands of unscrupulous webmasters. Identity theft and online fraud are becoming more prevalent, therefore social networking sites need to deal with security issues about the website, as well as ensure the security and privacy of users’ personal information. If data eavesdropping and tampering occur on these sites, then the potential for criminal activities based around banks and other financial institutions for fraudulent activities increases massively.