Abstract
M.Comm.
With the phenomenal increase in the use of the Internet for transmitting business
transactions, a need for strong authentication has arisen. This need has resulted from
both the risk that unauthorised transactions could be submitted for processing, as well
as the risk that transactions submitted may later be denied by the originators.
In addition, to providing secret communications, public key cryptography provides
features for ensuring the authentication and non-repudiation of transactions.
However, by merely implementing public-key cryptography, authentication and nonrepudiation
are not ensured. The surrounding management controls need to be
audited to provide assurance that the environment in which the cryptography is
applied is stable and reliable.
The objective of this short dissertation is the development of an audit model that will
link the security attributes of public-key cryptography to the standard audit objectives.
In addition, it serves to provide the auditor with an explanation of the security features
provided by RSA public-key cryptography and to explain the management issues of
concern.