Digital Certificate Technology and Its Criticisms in the Recent Times - Coursework Example

DIGITAL CERTIFICATE TECHNOLOGY AND ITS CRITICISMS IN THE RECENT TIMES Introduction In modern times, many people can acknowledge that information and technological advancements have been the cornerstone of the success of most businesses as social institutions. Technology enhances efficiency and effectiveness of economic and social systems by developing structures and systems that increase service delivery. Additionally, technology has been effective in ensuring that various programs are developed to enhance security, business management, marketing, security surveillance among many other important functions. Schwalbe (2000) says that the development of security programs has been thought as an effective approach by which important information can be kept away from any unauthorized persons. All organisations and other institutions try to ensure that they safeguard their information as much as they can because it is the key to their mainstay (Sui 2006, p. 76); especially for businesses, they often carry out market research, in a process of understanding the characteristics of their perceived markets and strategies by competitors, which they hope to counter and create their market share. One of the ways of ensuring proper security of information and other company systems is creation of digital certificates, which give the authenticity of people using certain kinds of systems (Schneier 2000, p. 34). Additionally, the most important reason for creation of digital certificates is to prevent personification. Gustin (2004) says that some people, especially technology experts like hackers have realized that some people and businesses do not have much knowledge about information technology (Eilam 2005, p. 63); for this reason, they can sometimes create ways of gaining entry into personal and private data and making away with crucial information that had been kept away from unauthorized persons. This paper examines the concept of digital certificates, focusing on how they have become prevalent and the criticisms that continue to be raised against them in recent times. Digital certificates According to Schwabach (2014), digital certificates, also called identity or public key certificates are electronics documents that are used in proving the authenticity and ownership of public keys. The certificate comprises information about the owner’s identity, the key itself as well as the digital signature of the entity that verified the contents of the certificate (Brands 2000, p. 45). When the signature is found to be valid, then the individual that examines the certificate gets to trust the signer. In this regard, the certificate can be used in communicating with the particular owner as shown in the schematic diagram. Fig 1. How digital certificate technology works (Brands 2000) According to Atreya (2002), when it comes to a public-key infrastructure approach, the signer is often regarded as the certificate authority (CA), such that it becomes the company charging customers in issuance of certificates on their behalf. For the web of trust approach, the signer can be respective owner (self-signed certificate) or can be any other user (endorsement) that the individual examining the particular certificate seems to trust and know very well. Alexander (2008) explains that certificates are very important components of the Transport Layer Security (TLS), which is also referred to as a Secure Socket Layer. In this case, they are known to prevent attackers from impersonating websites that are very secure and other servers too. Additionally, certificates are essential and effective in many other applications like code signing, encryption and email, where people seem to communicate most, especially in the economic and social functions (Alexander 2008, p. 31). Digital certificates and website security One of the places that digital certificates are commonly used is in the HTTPS-based web sites online. The web browser has the main purpose of validating that the Transport Layer Security used for a web server is valid and authentic. This understanding makes the users to feel more secure that their interaction and dealings with websites does not have eavesdroppers and that the particular website belongs to the people that claim to own it. This kind of security therefore becomes very important and essential especially when it comes to electronic commerce where in the past, many people have been conned and duped into deals that seemed lucrative. Sometimes, people that have ulterior motives of conning people in the online businesses create websites that are not verified, the put nice graphics of products that they purpose to sell. After people seeing the lucrative, they end up engaging in those deals only to realize that the websites have disappeared instantly from online. It is this realization that has created the need for digital certificates in order to restore people confidence in internet-based businesses that are becoming the norm of the day with the globalisation. In actual practice, web site developers often get their digital certificates by applying them from certificate providers (CA that often presents themselves as commercial retailers of those certificates) with requests for signing. It is important to realize that the certificate request is simply a document processed electronically and contains the particular name of the website, contact addresses, information about the company as well as the respective public key (for purposes of security a private key is not often included in the request, for this reason, it is not given to the particular certificate authority). Before giving the certificate, the certificates provider inspects all the information given and appends his signature, a action that often provides the much needed public certificate. In the course of web browsing, the public certificate is often given to any kind of web browser, which gets connected to the particular web browser (Harrington 2005, p. 108). In this regard, the certificate is aimed at proving to the web browser or any other online user that the website provider has great belief in the information and contents therein as shown below. Fig 2. How digital certificate technology works (Brands 2000) Before the certificate is issued the CA often takes the responsibility of requesting email address and other essential contact details for that particular website from the public domain name registrar. After getting this information, he then has to make a counter-checking of the published addresses against those emails provided in the certificate that is being requested. This process is very essential in that it can enable the certificate provide to tell the authenticity and motive of the website, which is important before allowing it to carry out transactions with the public (Bryan 2013, p. 64). When the certificate authority realizes any bad intentions with the website, especially those being generated for public exploitation and manipulation in negative ways, the he can fail to give the request or advice the people making the request to change or modify their objectives. Therefore, it can be comfortably said that any form of https website can be regarded as being secure to the degree that the particular users are very sure that those websites are operated by people who are in contact with those persons that registered the respective domain name for the websites. For instance, when a web browser happens to connect to https:www.forinstance.com/ using their different browsers, when those browsers do not provide certificate warnings over the use of this site (McCrackan 2005, p. 45), the web browser can be very sure that by interacting with this site, it is the same as dealing with the entity that is in contact with the particular address listed. The listed address is therefore under given under the name “forinstance.com” with the respective public registrar, inasmuch as the particular address may not be seen anywhere displayed on the internet in its many websites (Merkow & Breithaupt 2000, p. 89). Disadvantages of the digital certificate technology In modern times, it is good to point out that the digital certificate technology is playing an important role especially for and organisations that have embraced the internet as a means of running their economic and many other social activities. The digital certificates being produced using this technology are instrumental in creating and enhancing security over the intent. The certificates enable their owners and administrators to prove their authenticity and genuineness. In this regard, one can therefore make software updates, sign different applications in order to prove that their origin is from that particular person or business organisation. This makes the person to effectively communicate with his clients by means of encryption. In as much these certificates seem to be playing such crucial roles, they often have certain disadvantages that make some people not to prefer them in their online activities. First, one of the disadvantages of these certificates and the technology creating them is that in case something goes wrong, potential fallout that may arise is often very disastrous. Preston (2001) posits that criminals can get the opportunity of developing many fraudulent websites, which may appear to be very similar to the original one. In this approach, they often come up with special malware that has the ability to indicate that the website is coming from you (Grant 2007, p. 91). In this process, if the organisation or company was running a company that sells goods online, these fraudsters use the opportunity to get credit card information from people that cannot the difference between the unsecure and unsafe website from the original and real one. In the end, they realize that their money and other important information is being stolen and start engaging the original company in unending court battles that taints the image of the business. Criticisms against digital certificates Many criticisms have been rising in the recent times over the work of these certificates and their advantage in the online business. In this regard, they have been thought as ineffective in ensuring the security of information of companies and people that are fond of making their transactions online. Many problems and challenges have been thought to stem from this digital certificate technology, which have the capacity to affect people in their online dealings as well as companies that transaction on the same platform. First the certificate authority can often be heavily compromised. When this process happens like the case of DigiNotar, the Dutch certificate authority in 2011, hackers often get a perfect opportunity to develop and issue their malware, which is malicious and seems to have been signed by the particular certificate authority. The certificates that are developed in this kind of approach have the ability to give false proof that a particular website belongs to a certain business organisation or bank. In this regard, the organisation may begin signing some software on order to prove that they come from a certain company like Microsoft or any other reputable company while in actual sense; it could just have been developed by the malware. This process has caused many companies to credibility from people that have for a long time been conned by such fake and malicious websites. Therefore, this process places a burden on people. As far as criticisms raised against the concept of digital certificate technology is concerned; it is important to understand that companies, that often use digital certificates from trusted certificate authorities are also a big source of problems and other challenges (Brookes 2015, para 7). This is because, when hackers manage to penetrate their trusted networks, they can make away with much important information, which is not meant for public consumption. These hackers can then use the information they get in creating websites and other online platforms that resemble those of the company. Alternatively, they can also end up creating malicious software, which are duly signed as coming from the company. As seen from the foregoing discussion, this process amounts to impersonation, this is illegal in domestic and international law. Solutions to some of the challenges from the digital certificate technology Demetriades (2003) says that one of the important questions that has kept emerging concerns some of the ways in which an individual or company can secure its websites from being hacked by hackers who have ulterior motives of making away with important information from other people and organisations. It is unfortunate that so far, there seems little that can be done in order to offer direct protection of the website and other online platforms from hackers and other technology experts of the same level. According to Gritzalis (2006), the established internet customer software has been “hard wired” into trusting certificates from various certificate authorities that are trusted, unless those particular certificates or the particular certificate authority are revoked using effective software updates or they just happen to expire after their active life. In this regard, it is evident that trust for the certificate will be in continuity until the time when the breach is realized and that particular certificates happens to be added to the CRL (Dimsey 2002, p. 52), the browsers being used then expire or have to get fresh and new updates. Therefore, one of the ways that a person can take in order to ensure that they quite safe from these malwares arising from the digital certificate technology is to make sure that software clients that a particular client uses have the latest and effective security updates that are actively installed every time they become present. Brown (2011) says that this means that can simply fail to make the updates for those software that may be undesirable. A certificate that has already expired is very worthless, this is due to the fact that client software and other browsers generally give warnings to users when the certificates in use have expired such that one can make a decision to use or discard them, which is essential especially when the certificate was not genuine (Pour 2005, p. 67). However, in as much as expired certificates may not be preferred by some people, others often still prefer to use them since they tend to make an assumption that someone may just have forgotten to renew them, especially when the certificate was just valid the previous day (Buege & Taylor 2002, p. 94). The question that they contemplate on is why it should not be used when it was very active and effective the previous day. Ho (2002) posits that inasmuch as this argument may seem logical, it should not be used often because the people that make those certificates know the duration that they will stay before losing their effectiveness, which renders them useless and ineffective. It is important to realize that by trusting a certificate which is expired, one tends to ignore the risks that are associated with that expired certificate that was active the previous day (Camp 2000, p. 123). This is the reason why it makes sense for the staff of a company to stop its installation when its license has reached its expiry date, even when the expiry is just a few seconds ago. Conclusion In conclusion, it is important to acknowledge that the digital technology has played a big role in ensuring that people can learn to distinguish between genuine and fake software as well as websites in their online and technology based interactions. This process has made it possible for people to increase their confidence in activities like online trading, which is becoming very common in modern time businesses. However, inasmuch as there seems to be these many advantages, the criticisms emerging for this technology has been great. Winch & Mularien (2012) says that people need to ensure that they embrace some of the ways of avoiding dubious technology experts like hackers in order to stay away from being hacked and losing important information, which may be critical to the mainstay and success of the business. For instance, some of the suggested ways like avoid software installations from expired programs can prove effective towards reaching this objective. Generally, it is important to ensure that all online dealings are done in a safe and secure environment that encourages ethical business practices. The proposition for the use of these digital technologies has so far been approved for use in various online transactions, although a lot still need to be done in order to ensure their effective functioning and use. Bibliography Alexander, P. 2008. Information security a managers guide to thwarting data thieves and hackers. Praeger Security International, Westport, Conn. Atreya, M. 2002. Digital signatures. McGraw-Hill/Osborne, Berkeley, Calif. Brands, S. 2000. Rethinking public key infrastructures and digital certificates building in privacy. MIT Press, Cambridge, Mass. Brookes P. 2015. Advantages and disadvantages of digital certificates. Accessed 4 April 2015. Brown, B. 2011. How to stop e-mail spam, spyware, malware, computer viruses, and hackers from ruining your computer or network: The complete guide for your home and work. Atlantic Pub. Group, Ocala, Fla. Buege, B., & Taylor, A. 2002. Hacking exposed J2EE & Java: Developing secure applications with Java technology. McGraw-Hill/Osborne, New York. Bryan, V. 2013. Technology use and research approaches for community education and professional development. Information Science Reference, Hershey, PA. Camp, L. 2000. Trust and risk in Internet commerce. MIT Press, Cambridge, Mass. Demetriades, D. 2003. Information technology. Oxford University Press, Oxford. Dimsey, D. 2002. Heinemann digital information technology units 1 & 2. Heinemann/Reed Education Australia, Port Melbourne. Eilam, E. 2005. Reversing the hackers guide to reverse engineering. Wiley, Hoboken, N.J. Grant, G. 2007. Understanding digital signatures: Establishing trust over the Internet and other networks. McGraw-Hill, New York. Gritzalis, S. 2006. Privacy and anonymity in the digital era. Emerald, Bradford, England. Gustin, J. 2004. Cyber terrorism a guide for facility managers. Fairmont Press, Lilburn, Ga. Harrington, J. 2005. Network security a practical approach. Elsevier, Amsterdam. Ho, M. 2002. Digital certificates and signatures: Microsoft corporation. Centre for Asian Business Cases, School of Business, University of Hong Kong, Hong Kong. Merkow, M., & Breithaupt, J. 2000. The complete guide to Internet security. AMACOM, New York. McCrackan, A. 2005. Practical guide to business continuity assurance. Artech House, Boston. Pour, M. 2005. Encyclopedia of information science and technology. Idea Group Reference, Hershey, PA. Preston, P. 2001. Reshaping communications technology, information and social change. SAGE, London. Schneier, B. 2000. Secrets and lies: Digital security in a networked world. John Wiley, New York. Schwabach, A. 2014. Internet and the law technology, society, and compromises (2nd ed.). ABC-CLIO, Santa Barbara. Schwalbe, K. 2000. Information technology project management. Course Technology, Cambridge, Ma. Sui, D. 2006. Geospatial matters: Exploring the implications of a digital earth. GeoTec Media, San Francisco, Calif. Winch, R., & Mularien, P. 2012. Spring Security 3.1 secure your web applications from hackers with the step-by-step guide. Packt Pub, Birmingham, UK. Read More