Public Key Infrastructure (PKI) is a solution to manage digital keys which are used to provide a mechanism for securing electronic transactions and securing the exchange of information in public networks. PKI provides confidentiality and integrity of information, along with identity authentication by performing digital signatures and other cryptography functions, combined with registration and verification processes.
Long ago I was privileged enough to participate in PKI projects. One of them was for sure one of the most interesting projects I ever did. Under tight security procedures a Public Key Infrastructure was built following what is known as a Root Key Generation Ceremony. The RKGC is a set of strict steps carried out under tight security and careful assessment by international auditors. This resulted in a cross certification with one of the industry PKI vendors. The project was executed during 18 months and the security spectacle known as the ceremony took 48 hours. During the project the auditors reviewed documented policies, standards, and, procedures and ensured that the generation of the Root Certificate Authority (CA) keys adhered to the strictest and most rigorous globally-recognized standards. A remarkable project, I still remember the gigantic amount of documentation produced, documents such as Certificate Policies (CP) and Certificate Practices statement (CPS) were completed along with the development of security policies, operational procedures, business continuity routines, support and other documentation.
History apart, PKI can be a very interesting but also a complex topic. There is plenty of literature available on this topic but would like to write about key security mechanisms that form the foundations of a PKI. Eventually will be easier to start understanding and to familiarize with the concepts. Let’s start the high level description of 4 key security mechanism that a PKI can offer, using the terminology from the Internet Security Glossary [RFC 2828] :
- Authentication: The process of verifying an identity claimed by or for a system entity.
- Confidentiality : The property that information is not made available or disclosed to unauthorized individuals, entities, or processes.
- Integrity: The property that data has not been changed, destroyed, or lost in an unauthorized or accidental manner.
- Non-repudiation : A security service that provide protection against false denial of involvement in a communication.
How can a PKI solution offer such things?
Trough the usage of public key encryption and digital signatures. Lets looking into more detail how a PKI provides those security mechanism :
- Authentication can be ensured trough the usage of digital signatures which are used to verify the senders identity. A combination of username and password can be used to establish identify but is better to use public-key signatures because they offer strong authentication mechanism. DSA, RSA and ECDSA are examples of digital signatures algorithms. in a PKI the digital signature will associate the users identity to a users public key. In addition that association with additional set of properties will be signed by a certification authority (CA) wrapping all together in a certificate.
- Confidentiality can be ensured trough the usage of asymmetric and symmetric encryption. The symmetric encryption uses the same key for cipher and decipher. AES and DES are examples of symmetric encryption algorithms. This is analogous to your house door key which can be used to lock and unlock the door. On the other hand the asymmetric encryption (also called public-key algorithms) uses a pair of keys that are different but mathematically related. One of the keys is private and the other is public. RSA and Diffie-Helman are examples of asymmetric encryption algorithms.
- Integrity can be ensure through the usage of hash functions (MD5, SHA-1), Message Authentication Codes (MAC) and Keyed HASH Message Authentication Codes (HMAC). These mechanisms will ensure the data is not altered while in transit or stored. In practical a digital signature can provide integrity because it uses hash functions (also called. message digests or fingerprints).
- Non-Repudiation can be ensured trough the use of digital signatures which bind the identity of a party to a transaction so that the participation on that transaction cannot be denied. With this property when a transaction occurs either the sender or the receiver can prove that the alleged sender sent the message. To digitally sign a message you need to use your private key therefore guaranteeing the origin of the message.
With this I have introduced the four principal security mechanisms that form the foundations of a PKI. Much more and in much more detail can be written. In the future I plan to further write about PKI components and give illustrations so you can become more familiar with the terms and the security mechanisms used behind the scenes.
B. Schneier, Applied Cryptography: Protocols, Algorithms, and Source Code in C, 2nd ed. (New York: John Wiley & Sons, 1995).
W. Stallings, Network Security Essentials: Applications and Standarts, 3rd ed. (Prentice Hall, 2007).
IETF PKI Working Group