Pizza prank on Bob and Digital Certificate

As we all know there are some familiar names when we considering the information security. Bob, Alice, Rudy and some others like that, and that’s why I also use that name as Pizza Prank on Bob. Pizza prank, Digital certificate where we meet these kinds of words and as I mentioned above these are related to the information security phase.  So let’s look what’s going on with this prank and how will the Digital certificate related to the prank.

Let’s see about this. Now this is a kind of a cheat done by an outside party and as a result of it bob has to face a difficult situation with a pizza shop.

This is the Scenario

Alice is a worker in a pizza shop and she is responsible person for getting orders from the customers. One day Alice got a message like this, “I want two large pizza from deviled chicken and another one with only cheese” with the name of Bob.

Now I will tell the original situation of this scenario.

Rudy is the man who really places the order. Rudy place the order and make a hashed message (encrypted with Rudy’s private key) and send that message as saying I’m the Bob.

Then what has Rudy does she go to the server where public keys have stored and rename that Rudy’s public key as Bob’s public key and however remove Bob’s original public key. Then what happens is Alice decrypt the order message with Bob’s public key (changed by Rudy) and she got an almost similar hash value with the hash value of the received message. So she will not get any doubt about the message sender and she will place the order.

(If the hash values are almost similar it means the message hasn't changed on the way)

Now the real problem begins, when pizza shop goes for fulfilling the order, surely Bob will be confused with that because he totally doesn’t know about the pizza order and sometimes he will not like pizza almost too.

Now, what happens? , Bob and Alice both parties have to face real trouble and we call it as Pizza prank. It's such kind of a situation that an outside party used public keys and do something to make people uncomfortable.

And that’s why we need a secure place to store our public keys to reduce that kind of problems.

So let see about what is the place we can store our public keys securely and we call it as public key infrastructure. (PKI)

Public Key Infrastructure

PKI is the place where public keys are storing securely. All users who use PKI to store their public keys are getting a certificate signed by an authorized party in the PKI.

PKI mainly consists of two parties, they are the certificate and the certificate authority.

Digital Certificate

Let's see how the Digital certificate is work.

As I told public keys are stored in the PKI. Then what to do is message sender's public key is encrypted by the certificate authority's private key and certificate authority issues a certificate and that is the digital certificate.

So the sender will not have a public key any longer and only have a certificate authorized by the CA.

If someone try to change or decrypt the message or the public key it will not be an easy task, because if someone wants to do ,he will want to know CA's public key to decrypt the digital certificate first.

It will not possibly happen because the CA is an authority and they depend on their trust. So they will never loose their trust.

So these are very simple and basic stuff and later we will go further about the digital certificate.