By A. Inizan - The Digital Factory Expert at SQUAD
First presented as miracle solutions, then relegated to the background before returning to the forefront, key management infrastructures (KMIs, better known by the English term PKI) have not had an easy history. However, these tools provide a foundation of trust on which many uses are based. And there is no shortage of prospects. Here is a brief overview.
A difficult start for PKIs
Appearing in the early 1990s, PKI solutions were heralded as the holy grail of security. They were supposed to solve most security issues. However, they were quickly labeled as cumbersome and complicated solutions. From the outset, they required strange initialization procedures (key ceremonies). These aspects contributed greatly to their rejection by IT professionals.
In fact, the marketing promise was ahead of the curve in terms of tools that were not yet fully adapted. Publishers therefore made efforts to offer solutions that facilitated certificate management and lifecycle. They masked the complexity by introducing CMS (Credential Management Software), for example. Native tools were also integrated into operating systems. The shift began slowly, driven by the adoption of these solutions by governments and large organizations.
A challenge for the organization
However, implementing a PKI in a company is far from straightforward and is actually a complex project. And the technical aspects are not usually the most problematic. The real challenge is mainly organizational. Yes, this type of project involves many different people and departments: management, operational security, the CISO, technical support, legal, communications, and of course the users.
Technically, the integration phase generally involves bringing together different modules, including: Certification Authority (CA), Registration Authority (RA), and Hardware Security Module (HSM). The latter is capable of erasing its memory areas if physical access is detected. Many other tools then interface to form an entire ecosystem of trust. It is generally based on enterprise repositories (e.g., Active Directory).
Figure 1—Simplified architecture of a PKI
Prior consideration of the certification hierarchy is necessary before implementation:
- Root authority: this is the most sensitive element, the anchor point for chains of trust.
- Intermediate authorities: these allow sub-levels of certification to be introduced.
- Operational authorities: they sign certificate requests (users, servers, etc.).
The first level and certain sub-levels are generallyoffline(each private key, which is highly sensitive, is stored on a physical medium in a safe). However, the last level must beonline, preferably in an HSM, in order to sign requests on a daily basis. Certification paths generally correspond to specific use cases.
Figure 2—Example of a certification hierarchy
Certificate templates are also defined in order to comply with requirements or meet specific needs. An authentication and/or signature certificate does not meet the same criteria as an encryption certificate. In the latter case, the private key is often held in escrow for legal purposes (to access an employee's encrypted information) and to be able to recover the information if the user loses the private key. But in the context of signing, it is essential that the private key is known only to its owner. This will guarantee the non-repudiation of the associated signatures.
The tedious but essential "documentation reference" stage describes these practices in detail:Certification Policy(CP),Certification Practices Statement(CPS), etc. The difficulty here lies in covering all the practices and legal aspects related to certification. The semantics of each sentence are important!
Finally, the right workflows must be defined so that enrollment and request management closely align with existing processes within the organization. Next, PKI operators and the help desk must be trained, and support and communication procedures must be drafted. Of course, IT and business users must also be involved.
The challenge is therefore to rally support for the project by implementing change management to encourage all stakeholders within the company to adopt the solution. Setting up a PKI is therefore a highly cross-functional project. It requires strong support at the highest level to be integrated into the organization.
Opportunities and prospects
Once in place, using and administering PKI is relatively simple. For large organizations, this type of solution therefore represents a real opportunity and an almost guaranteed return on investment. Indeed, there are many use cases: SSL/TLS, S/MIME, HTTPS, WS-Security, EAP, IPSec, etc.
It also becomes easier to enforce stricter security policies later on. For example, you can ban the use of passwords, or at least encourage the use of complex passwords by relying on SSO and strong authentication mechanisms, where users do not have to define or remember their passwords. The security gains are enormous, and it is easier to use.
Furthermore, there are many possibilities. Mobility is a major issue today, and MDM (Mobile Device Management) technologies can interface with PKI tools to enroll certificates for their authentication and confidentiality needs. Identity management solutions are becoming more widespread. Here too, automated exchanges with a PKI offer undeniable gains in security and productivity.
Furthermore, the Internet of Things (IoT) is a very promising field. It will be necessary to authenticate these thousands of interconnected objects and meet security requirements. We tend to focus too much on confidentiality, when integrity and authenticity are often more critical. If we take the example of home automation, we might question the importance of the confidentiality of the contents of your microwave! On the other hand, when it comes to health, it is more important, and even absolutely crucial, that a cardiac device can ensure the authenticity and integrity of commands received from an external device. It is easy to imagine the (fatal) risk of information coming from a malicious program.
The sectors concerned are many and varied: industry, telecoms, healthcare, automotive, etc. And new issues are emerging, such as the validation of large-scale certification chains and performance improvements for greater responsiveness. Processor manufacturers, for example, have been enhancing their instruction sets for several years. They have thus directly implemented certain cryptographic algorithms (e.g., AES-NI).
Finally, current events and media coverage of certain issues (TV5Monde, US presidential election) continue to highlight the need for organizations to strengthen their authentication and data protection systems. Given these challenges and ever-increasing needs, it is reasonable to say that PKI solutions have a bright future! Many companies will need to invest in these solutions as part of their development.
Bonus
The mystery that sometimes surrounds PKIs could be summed up by the key ceremony, an essential step in any "serious" PKI implementation (meaning "where trust is paramount"). This often involves:
- A master of ceremonies, assistants, and one or more witnesses (mainly for auditing purposes)
- One or more secrets divided among several people, where a "quorum" of just a few is enough to reconstruct the secret(s). Example: 3 out of 5 people holding "pieces of the secret" are enough to reconstruct the original secret (Shamir's algorithm).
- Material inspected, labeled, impounded, sometimes destroyed so as to leave no doubt,
- More generally, any procedure or element that helps to reinforce the guarantee of proper compliance with the initial plan and thus confidence,
In this area, the key ceremony and key management organization used to sign ICANN's root DNS records are benchmarks in this field (https://www.cloudflare.com/dns/dnssec/root-signing-ceremony/
