The most widely used method for providing security online for authentication and encryption is using asymmetrical encryption systems of the public key design where authentication relies on certificates issued by certificate servers. Public Key Infrastructure (PKI) systems have known security vulnerabilities such as being susceptible to Man-in-the-Middle [MitM] attacks, because they are often implemented improperly.
The overhead of the PKI system is high, not just because of all the steps involved in the architecture, but also their choice of cryptography. The encryption strength used by the PKI has been called into question recently. Public keys are compound primes and they are always available for attack. There have been significant strides in prime numbers and factoring theory. New techniques exist to factor compound primes. Fast computers factor compound primes by simplified techniques like the “sieve” method, so what used to take years now can be done in hours. Using progressively stronger keys with public key systems becomes progressively more difficult because of the additional computational overhead introduced as keys get stronger (longer).
There are a number of reasons why security on public key systems is problematic. The Certificate Authority [CA] may not be trustworthy. The private key on a computer may not be protected. It is difficult to revoke keys (refuse network access). Revocation generally requires Third Party intervention. Asymmetric systems are difficult for the average user to understand. Also the cryptographic key information is publicly available to hackers. There are currently no methods of providing continuous, stateful authentication, continuous stateful intrusion detection and automatic denial of network access to hacking and spoofing.
A distributed encryption key is a key that has been pre-distributed by some manual means, such as courier or person to person, to the party involved. This is the most secure method of ensuring key privacy; however this is a problem when new dynamic sessions wish to be established with parties who do not have pre-shared key information.
Any topology or technologies created to provide the highest level of network security must address issues of secure key management, key creation, key exchange, authentication, detection, revocation and authorizations.
The foregoing examples of the related art and limitations related thereto are intended to be illustrative and not exclusive. Other limitations of the related art will become apparent to those of skill in the art upon a reading of the specification and a study of the drawings.