The Weakest Links

Forging a strong "chain of trust" requires PKI user acceptance and effective interoperability standards

Despite the supposed failures of public key infrastructure (PKI) technology to live up to the extravagant claims made for it over the last several years, the need for the increased levels of security that public key cryptography and PKI systems provide will continue to grow. PKI standards and technologies are improving, and organizations are steadily shifting their PKI initiatives from prototype to operational status.

However, to realize the potential benefits of a PKI, you must deploy infrastructure services that support certificate registration, issuance, publication, revocation, and, in some cases, status checking and validation. Integrating certificate-handling functionality into legacy applications and deploying new PKI-aware applications is key. Only by following this evolutionary process can you take advantage of the enabled security and integrity features to secure and streamline your business processes.

In our previous column (February 16, 2001), we examined some of the technical considerations of implementing a PKI and its business drivers and basic concepts. In this column, we will delve deeper into the business and technical considerations of fielding a PKI system.

Return on Investment

When investing in any infrastructure component - a network infrastructure, a telephone system, or a PKI - calculating the direct return on investment (ROI) can be difficult. As a result, many organizations never assign a numerical value to these related costs or savings, even though they always say that their information (data) is their most prized possession.

The ROI components associated with a PKI system may include the following:

• The business-to-business (B2B) or consumer-enabled intranet, Internet, or extranet applications supported
• The benefit of risk mitigation from improved data security
• The business process improvement returns resulting from more efficient electronic processes
• Transaction integrity and the defense against repudiating parties
• The direct costs of staff reductions related to IT operations and management improvements.

Ultimately, a significant part of the improved ROI contributing to the bottom line is the tangible benefit of improved revenue or decreased operating costs associated with more efficient business processes. An example is the decrease in time required for approving and signing contracts online vs. the time spent negotiating revisions to paper-based contracts.

What Is the Reality?

In the past, organizations have deployed PKI systems without a clear set of business objectives and requirements to justify their investment. Additionally, many PKI pilot programs have either been built in a vacuum (without any end game in mind) or "stovepiped" (implemented to support only one application).

The reality is that PKI provides immense value to a company, industry, or set of business partners, if implemented against a solid set of business requirements. PKI can provide:

• A single sign-on environment for users
• Electronically automated processes
• Embedded security that provides real assurance of privacy and integrity, while still using a security management approach that's much simpler than traditional methods.

However, these real benefits of a PKI also impose real challenges. Vendors, standards bodies, and industry advisory groups such as Identrus, are diligently working to resolve these problems, including:

• Interoperability among applications and PKI components
• Registration authority (RA) and certificate authority (CA) communications
• Cross-certification
• User acceptance
• Key storage and portability
• Cost models for deployment and ROI calculations.

A Communication Standard

At a high level, interoperability falls into two categories: PKI components and applications. PKI components currently suffer from communication drawbacks. For example, RAs send certificate request information to CAs. Unfortunately, many vendors use different certificate request standards. So if you use a CA product from one vendor, most likely you'll need their RA product, too.

A more obstinate problem is application interoperability. The true obstacle to widespread PKI deployment is the work required to integrate the PKI with an organization's existing applications and services. Although many vendors are rushing to "PKI-enable" their product offerings - developing the product's ability to use standards-based X.509 certificates (the industry standard identity container for various security services) - most applications either remain natively unable to fully use X.509 certificates or only offer rudimentary implementations that do not permit full use of the certificate attributes.

Although we don't particularly like the use of the term "PKI-enabled," it seems to be a part of the industry lexicon beyond our control. Generally, we'll refer to an application as "certificate-enabled" or "certificate-aware."

Handling Interoperability Issues

Because of these interoperability concerns, your organization may require a significant amount of work to integrate existing applications and services into your PKI solution. You must extend existing applications to support digital certificates. Accordingly, one of the criterion that you should use to select a PKI product suite is the existence and maturity of software development kits (SDKs) for integrating certificate-handling functionality into new or legacy applications.

Many applications marketed as "certificate aware" have technical limitations in their use of certificates or key store (the encrypted container protecting private key information) ambiguities. Shortcomings exist in key store access and use, certificate request generation and registration capabilities, certificate validation capabilities, and trust model capabilities. The bottom line is to do your homework. Don't take an application's claim of seamless PKI support at face value.

Cross-Certification Challenges

Cross-certification is a mechanism for extending trust from one organization to certificates issued by another organization's PKI. Simply put, CAs cross-sign each other's public keys, each one effectively incorporating its trust model into the other's and enabling certificate validation between domains.

Today cross-certification remains a difficult task, especially across vendor solutions. Not all vendor offerings fully support cross-certification. Therefore, specific applications may require additional customizations to extend policy controls to accept certificates from other trust domains. Exacerbating the problem is the lack of application awareness over "chain of trust" (the understanding of PKI hierarchies and issuing entities) concerns when using cross certificates.

Establishing the balance between ease of use and security can be difficult. Users must understand and appreciate their role in using keys and certificates, especially in protecting their private keys. For many, embracing the security benefits of PKI systems means comprehending the registration, renewal, and revocation processes - or these processes must be transparent to the users.

Overall, understanding where the services of a PKI are available - and what restrictions may apply - is key (pun intended) to maintaining trust in the PKI domain. Users may inadvertently compromise the trust in their keys and certificates if they are not aware of their role and the potential risks.

Storage and Access to Keys

Accessibility of private keys is an issue associated with user acceptance of certificate-enabled applications. In general, you can store users' private keys in a file on the hard drive or in smart cards.

File-based key stores tie a user to a particular machine for key operations and may be more susceptible to unauthorized access like Trojan horses or memory resident code. Smart card technology provides increased key store security and allows the use of keys on multiple computers. However, smart card technology increases the costs and technical complexity of the deployment and may not be interoperable.

One of the biggest challenges for today's IT management is how to rationalize the deployment cost of PKI. Building and implementing a PKI, including certificate-enabling the applications (without which PKI provides no real value), can be an extremely costly effort. One possible method to contain your costs is to outsource management and administration tasks.

Consider All the Costs

The cost-based analysis of a PKI should consider not only the cost of the initial design and implementation, but also:

• Security requirements for physical facilities
• The need for a highly available and secure server configuration
• Personnel availability and costs
• Operation and maintenance costs.

Many business owners want to retain in-house control over critical authorization information. Therefore, data privacy factors may ultimately tilt the balance in favor of an in-house solution.

Whichever approach is best for your company, keep in mind when you examine PKI costs that it is an investment where you realize future returns through the certificate-enabled applications and the ways in which those applications streamline your business processes.

Meeting the Challenges

Vendors and standards bodies such as the International Telecommunications Union (ITU), International Standards Organization/International Electrotechnical Commission (ISO/IEC), American National Standards Institute (ANSI), and Internet Engineering Task Force (IETF) are all developing and refining criteria for interoperability and operational issues.

The IETF PKI X.509 (PKIX) Working Group (see Resources) has developed several RFC and RFC drafts for PKI interoperability, most notably RFC 2510, the certificate management protocols (CMP). CMP defines "all relevant aspects of certificate creation and management" and is especially useful for RA-to-CA communications, cross-certification requests, and certificate revocation list (CRL) publishing. As PKI vendors retrofit products to comply with these standards, interoperability issues will become much less significant.

The National Institute of Standards and Technology (NIST), although not a formal standards body, is a recognized leader in standards development. It has developed Minimum Interoperability Specifications for PKI Components (MISPC), which includes a certificate and CRL profile, message formats, and basic transactions for a PKI that issues signature certificates. A draft of Version 2 is currently available for public comment.

The European Electronic Messaging Association (EEMA) has created the PKI Challenge "to overcome the lack of interoperability between different solutions, based on the use of heterogeneous PKI products and services, and to demonstrate the results of the work through public demonstrations."

Before Going to Market

Interoperability organizations have long had positive impacts on industry technologies, fostering environments in which implementation issues are worked out before products go to market and clarifying standards and interoperability needs.

As previously mentioned, the emerging solution for user and private key mobility may be the use of smart cards, and standards such as ISO 7816, Public-Key Cryptography Standards (PKCS) #11, and PKCS #15, which help ensure interoperability among different smart card solutions. These standards define the communications from the card reader to cards, cryptographic APIs, and information storage for smart cards. Increased application support for smart cards will go a long way toward alleviating concerns about secure key storage, mobility, and interoperable applications.

In the final analysis, the single most difficult criterion for a successful PKI rollout is user acceptance. We all must balance ease of use against security. Finding the right mix has never been simple. Processes for certificate management and application use should be as transparent as possible. Yet, users still require a degree of understanding to prevent "social engineering" security challenges to the environment.

As a community of security practitioners, we are all struggling with this aspect of PKI deployment. Until we achieve a global mindset with interoperability playing a key role, the pace of global PKI deployments will be slower than it otherwise would be.

Rate This Article Rating: 1 (best) 2 3 4 5 (worst) Comments: Optional e-mail address:

The Future of PKI Mainstreaming

The challenges of PKI aside, if the past is any indication, the future of PKI will be replete with:

• Rapidly evolving standards
• Interoperable and nonproprietary solutions
• Streamlined user-management and certificate-handling mechanisms
• Smart card-enabled systems
• Widespread deployments of PKIs that support certificate-aware business applications with strong cryptography.

When we've put the security mechanisms in place that certificate-enabled applications can provide, e-commerce (both B2B and business-to-consumer), supply chain management, and ERP systems all gain tremendous efficiency improvements that were too risky to contemplate previously. A well-implemented, integrated PKI can create advantages that will influence the success of every part of your business.

Adopting PKI can be expensive, but when complete, it is well worth your investment. In terms of system availability, reliability, confidence, better customer relationships, and secure access to the Internet, it is hard to imagine a business that will not benefit immeasurably.

Cam Johnston (cam.f.johnston@ca.eyi.com) is a partner in Ernst & Young's E-Risk Solutions practice. He has an extensive background in business commerce solutions using intranets and extranets that incorporate PKI, single sign-on, virtual private networks, and meta-directories.

Matthew Mancuso (matthew.mancuso@ey.com) is an Ernst & Young partner and national director of Security Implementation Services. He is also the lead technologist for the firm's alliances in e-commerce and Internet security, with more than 20 years experience in PKIs, directory services, enterprise security architectures, and security technologies.