PKI: Ten Years Later

1
PKI Ten Years Later

• Carlisle Adams
• School of Information Technology and Engineering
• University of Ottawa
• Mike Just
• Treasury Board of Canada, Secretariat

2
Outline

• Motivation
• Public key technology and PKI
• PKI examples
• PKI criticisms
• PKI evolution and a current definition
• The road ahead

3
Motivation

• We have reached an anniversary in PKI
• Has our understanding of this technology grown in
  any way? If so, how?

4
PK Technology and PKI

• Public key technology
• Each entity in a collection has a pair of keys
• Alice has pubA, privA
• Enc, d-sig. possible (mathematical operations)
• Public Key Infrastructure (PKI)
• Makes PK technology available to applications and
  environments that wish to use it
• Enc, d-sig. possible (security operations)
• Key pair bound to an entity identifier in a way
  that makes it useful to a variety of apps

5
PKI (contd)

• Identifier
• Uniquely specifies entity within some context or
  environment (no ambiguity), but need not reveal
  actual identity
• Anonym (single-use identifier no mapping to
  entity)
• Pseudonym (multiple-use identifier no mapping to
  entity)
• Veronym (multiple-use identifier clear mapping
  to entity)
• Context/environment need not be global in scope
  (depends on apps that will use keys)

6
PKI (contd)

• Binding of key pair and identifier
• Validity of bindings
• Authority (making breaking)
• Issuance process (syntax dissemination)
• Termination process (alerting)
• Use of bindings
• Anchor management process (augment diminish)
• Private key management process (fit for
  purpose)
• Binding validation process (trusting someone
  elses key)

7
Outline

• Motivation
• Public key technology and PKI
• PKI examples
• PKI criticisms
• PKI evolution and a current definition
• The road ahead

8
PKI Examples

• Over the past ten years, there have been several
  different approaches to modeling and implementing
  a PKI
• These approaches can be compared based on the 6
  components of the binding concept
• We look at the following
• X.509, PGP, X9.59, SPKI

9
Sample Comparisons(see paper for others)
10
Sample Comparisons(see paper for others)
11
PKI Criticisms

• Many criticisms have been leveled at this
  technology
• Probably the best-known collection is the 10
  Risks paper by Ellison Schneier
• But criticisms cannot always be taken at face
  value need to consider whether the flaw being
  criticized is actually related to PKI or not

12
PKI Criticisms (contd)

• Examples
• Authentication versus authorization
• Security of computing platforms
• Linkage between identifier and real entity (John
  Robinson problem)

13
PKI Criticisms (contd)

• Understatement alert PKI has had its share of
  critics over the years
• A number of criticisms have been unjustified, and
  a number have been misdirected (aimed at PKI when
  the actual problem is elsewhere)
• The remainder have been very beneficial, driving
  evolution and leading to a deeper understanding
  of this technology

14
Outline

• Motivation
• Public key technology and PKI
• PKI examples
• PKI criticisms
• PKI evolution and a current definition
• The road ahead

15
Evolution

• Ten years ago, the 1993 version of the ISO/IEC
  CCITT/ITU-T IS X.509 began to be disseminated,
  recognized, and implemented in small-scale
  environments
• Late 1993 / early 1994 was effectively the birth
  of PKI (although the acronym was yet to be
  coined)
• Infrastructural considerations were paramount
  (how to make PK technology available to a wide
  variety of applications)

16
Evolution (contd)

• Initial definition (1994)
• Authority always and only a CA
• Issuance X.509 syntax DN X.500 Directory
• Termination CRL X.500 Directory
• Anchor root of CA hierarchy
• Private key CA gen. OOB reg. local storage
• Validation large, special-purpose s/w toolkit

17
Evolution (contd)

• After ten years of extensive discussion,
  research, and implementation by numerous
  interested parties world-wide
• Each of the 6 components has broadened quite
  considerably with deeper understanding
• BUT, the same 6 components comprise the core of
  the definition (i.e., the essential
  characteristics of the definition remain
  unchanged)

18
Evolution (contd)

• Current definition (2004)
• Authority multiple choices (incl. end entity)
• Issuance multiple choices (syntax dissem.)
• Termination multiple choices (incl. online)
• Anchor multiple choices (augment diminish)
• Private key multiple choices (gen., reg.,
  storage)
• Validation mult. choices (thin client native
  apps)

19
Outline

• Motivation
• Public key technology and PKI
• PKI examples
• PKI criticisms
• PKI evolution and a current definition
• The road ahead

20
Future of PKI

• Moving from theory to practice
• Over ten years, innovative thinking, fruitful
  technical discussion, constructive criticism, and
  implementation efforts have driven the
  recognition of the need for options
• Research into secure architectures and secure
  protocols have made options possible
• BUT options have yet to be embraced in a
  significant way in real products

21
Future of PKI (contd)

• Example identifier bound to public key
• Sometimes there are valid reasons for the
  identifier to be a veronym sometimes a
  pseudonym sometimes an anonym
• Standards (in their language and syntax) do not
  preclude different identifier types
• However, history and tradition have made rigid
  interpretations PKI deployments are almost
  exclusively one type or another
• WHY NOT HAVE CAs THAT CAN BIND KEYS TO ANY OF THE
  THREE TYPES, AS REQUIRED?
• This would make PKIs more suited to real-world
  needs

22
Conclusion

• The goal of this work has been to demonstrate
  that the PKI community has significantly
  broadened its understanding of this technology
  over the past ten years
• The challenge now is to translate that
  understanding to real PKI deployments that solve
  authentication challenges in real, heterogeneous
  environments