information security pki



Information Security Papers

This section covers an in-depth guide to information security and data security.  

Topics include PKI (public key infrastructure), passwords, secure email and S/MIME, spoofing, Internet fraud and web security,
SSL and biometrics.

For papers in PDF format click on the it security icon
      



PUBLIC KEY INFRASTRUCTURE (PKI)

PKI FAQs   it security
Everything you wanted to know about PKI. Certificates, digital signatures, public and private keys, Certificate Authorities (CAs), cross-certification.

Solving problems in PKI   public key infrastructure
The big players in PKI make you believe, by advertising, that there are no problems implementing PKI.  This paper exposes some of the real problems and some practical solutions.

PKI Certificates - a source of confusion?   pki certificates
There is a lot of misleading information on the Internet about certificates, public &  private keys, digital signatures, etc. - when and how you use them.  This paper sets the record straight using terminology for the non-technical person.   

PKI - Managing Liability   pki security
One of the frequently quoted concepts of PKI is that of being able to do business  with people you don’t know, with certainty. Who is held liable for these transactions?

PKI - A Technology or a hype too far?   pki encryption
PKI has been getting a lot of bad press of late, but is it justified? Has the technology failed or is it a problem of implementation?

Making PKI simple   simple pki
There are much simpler things that can be done with PKI if you don’t set out to conquer the world.



EMAIL SECURITY

S/MIME - the reality of interoperability   s/mime
People assume that when they buy an S/MIME compliant email application they can send digitially signed and encrypted emails to any other S/MIME compatible client.
The reality however is somewhat different...

The problems with Secure Email   secure email
Find out why "Silver Bullet" Email security is problematic. Learn to fully protect your data simply and securely while avoiding complex interactions between proprietary systems.



GENERAL SECURITY

Self-extracting exe files - the hidden dangers   self-extracting exe
Self-extracting (decrypting) EXE files were developed so you didn’t have to install proprietary software in order to share protected files. But they also pose a significant, hidden risk to your organization, making them more flawed than the cryptographic algorithm DES already abandoned by industry.

Security can be Simple and Secure   simple security
There has always been an attitude of 'no pain, no gain' in the security industry. If one was to believe some of the comments made then you could be forgiven into thinking that security has to be complex in order to be secure...

ID & Password or PKI for your security?   passwords or PKI
This paper reviews the arguments for and against each mechanism.

The problems with Passwords   passwords
Most current Internet password systems are flawed.  This paper explains how such  systems came about and a new route forwards.



INTERNET SECURITY

Spoofing - Arts of attack and defense   spoofing
How to spot and avoid potential spoof attacks.  Covers DNS spoofing, IP address spoofing, email address spoofing, link alteration, name similarity and content theft.

How do you deal with Internet fraud?   internet fraud
Covers fraud that uses Internet technology as an integral part of the fraud and fraud that is already taking place by other means where the Internet is merely  another method of delivery.

The changing face of web security   web security
Are we winning or losing the battle of web security?  Read this white paper backed by industry figures to ensure you are aware of the facts.

Authentication - who's site is it really?   internet authentication
Whilst a lot of work seems to have been done on personal authentication, little or no  work has been done over or about web site authentication to users.  Users should be  just as entitled to authenticate web sites as web sites are to authenticate them.

How do you know where information came from?   authentication
In the ordinary world of the Internet you don’t really know where information comes from - a web site that you first linked to, or a completely different site.  Hackers can  also alter information without you being aware of any change. How can the person receiving the information to be aware that anything is wrong?

A matter of trust or is it?   web site security
Who do you know who you are really dealing with when disclosing your personal / credit card  details over the Internet? This explains the current methods available for proving the identity of a  web site and explains why they fail. It offers an alternative solution to the problem of web site authenticity.

Why web site logos are phony security   security
Probably the worst possible kind of Internet security we have today is the ‘secure site logo’.  Read why.

It can't be fraud - or is it?   web fraud
Bad commercial behaviorand practice may be no different from fraud as far as the customer is concerned.



SSL (SECURE SOCKETS LAYER)

SSL - A false sense of security   ssl
There are a lot of misleading statements about what SSL actually protects.  This spells out the truth.

Why SSL is not enough to secure your credit card details   ssl ecommerce
SSL is the security technology everyone uses to be sure that their web connections are secure.  But it does not provide the security that users believe?

SSL - The condom that protects the pipe   ssl security
For the last five or so years, SSL has been paraded as the technology that secures the Internet.  All you have to do is look and see the padlock on the bottom of the  screen and you can be sure it’s safe.  Is it true?

What does SSL 128 bit encryption achieve?   128 bit encryption
Is 128 bit SSL encryption secure or is the implementation at fault?



BIOMETRICS

Biometrics - A problem or a solution?   biometrics
Biometrics are a security approach that offers great promise, but also presents users and implementers with a number of practical problems.