Ensuring CIA triad using EJBCA solution digital certificate trust model

Abstract

At present ensuring confidentiality, integrity and availability of information is a big challenge. Cyber-attacks such as man in the middle attack, eavesdropping, spoofing is commonly known inside threats. Leakage of information often results in devastative financial losses as well as loss of company profile. Our project has addressed the above mentioned problem. In order to address and solve this problem we have demonstrated an architecture of secure infrastructure which shall encrypt the communication between user and web application. We have implemented a Public Key Infrastructure solution which is a set of roles and policies to create, manage, distribute, use, store and revoke digital certificates and manage public-key encryption. In the absence of digital certificate, an entity will not be trusted by the web applications and thus it will not get access to the web site. The project consists of web application, an infrastructure which will generate digital certificate based on institutional requirement and algorithmic strength to ensure CIA between user and web application. To proof that CIA is ensured in our architecture we have demonstrated an exercise which we have described in this paper.