A Training Framework for the Department of Defense Public Key Infrastructure

Abstract

Increased use of the Internet and the growth of electronic commerce within the Department of Defense (DoD) has led to the development and implementation of the DoD Public Key Infrastructure (PKI). Any PKI can only serve its intended purpose if there is trust within the system. This thesis reviews the basics of public (or asymmetric) key cryptography and its counterpart, symmetric key cryptography. It outlines the DoD's PKI implementation plan and the user roles identified within the infrastructure. Because a PKI relies entirely on trust, training for all users of a PKI is essential. The current approach to PKI training within the DoD will not provide all of its users with the required level of understanding of the system as a whole, or of the implications and ramifications that their individual actions may have upon the system. The decentralized, segmented, and inconsistent approach to PKI training will result in a lack of trust within the PKI. Training for the DoD PKI must be consistent, current, appropriate, and available to all users at any time. The author proposes a web-based training framework for the DoD PKI. The basic requirements and design of the framework are presented, and a prototype is developed for further testing and evaluation. Without the proper attention to training, the DoD PKI will be at risk, and may not perform its intended functions of providing the required authenticity and integrity across the various networks upon which DoD conducts business.

Document Details

Document Type

Technical Report

Publication Date

Sep 01, 2001

Accession Number

ADA397478

Entities

Tags