PKI: The Myth, the Magic and the Reality
Magic bullet? No. Killer app? Not really. But that doesn't mean a skillfully deployed public-key infrastructure can't dramatically improve your ability to control online access and mitigate security risks.
The basis of infosecurity is understanding the value of your electronic assetsand whos out to get them or disturb their operation. It really boils down to risk: What are your high-value assets? What are the risks to these assets? Which of these risks is unacceptable? And how do you reduce risk without slowing down progress or breaking the bank?
The rapid evolution of electronic commerce and e-business raises the stakes even higher. In a world increasingly dominated by online transactions and remote access to back-office applications, the pace of change requires strong yet flexible tools for controlling access and managing risk. In essence, thats what public-key infrastructure (PKI) is all about: managing how users and network devices are identified and given access to online information and services.
accounts for and revokes this information within the enterprise and online world. By providing a way in which trust can be interpreted equally among all parties, PKI allows organization to use e-commerce applications while maintaining a firm grip on the security required for online transactions.
Now for the $64,000 question: Is it time for your organization to deploy a PKI? As youll see, there are multiple factors that must be considered before making this decision. However, if your company employs more than 1,000 people, and is increasing its dependence on electronic applications for correspondence (e-mail) and transactions between offices, departments, suppliers and customers (VPN and remote access), then the answer is probably yes. Indeed, for a medium- to large-size company to remain competitive in the e-commerce arena, adopting a PKI-based approach to authentication and access control may well be the most important technological investment it makes over the next two years.
The growth of the PKI market has been nothing short of astounding. UBS Securities, for instance, estimates that by 2003, PKI products and services will account for approximately $1.1 billion in revenue, up from $100 million in 1998. The downside to such a burgeoning market is that its accompanied with an inevitable amountof hype and hoopla. Considering the importance of this technology to future enterprise e-commerce, its important to distinguish between the myth, the magic and the reality of PKI:
The Myth: PKI is the next killer app. It automatically reduces costs and allows us to securely interact with other online organizations.
The Magic: A properly implemented enterprise PKI, tied to an accurate company directory, can make e-mail, VPNs and Web apps extremely powerful while reducing dependency on expensive private leased lines.
The Reality: PKI isnt a killer app, but rather a critical IT infrastructure for enabling applications with a high level of security. As is true with most emerging technology, there are advantages and disadvantages to being an early adopter. Implementing an effective PKI is a not trivial matter, and theres no way to avoid the pains of early deployment. Estimating sufficient resources and setting a realistic and measurable ROI is the key to success.
Before addressing the issues involved in PKI deployment, you should have a clear understanding of exactly what it will and will not do. This begins with recognizing all of the elements in this infrastructure and how they fit together. In essence, a PKI is an interoperating set of software and hardware elements that
- Reviews certificate requests via registration authorities (RAs);
- Issues and revocates digital certificates (through a certificate authority [CA]);
- Stores and retrieves certificates (in a directory);
- Manages encryption key and certificate lifecycles;
- Handles key backup and recovery;
- Time-stamps services;
- Provides cross-certification between organizations with separate CAs; and
- Facilitates authenticated access to "PKI-enabled" client/server applications.
PKI technology solves the problem of authenticating people and devices that need to do business with you. It serves up digital certificates that carry public-key material, including a wide variety of attributes, such as name, account number and even security policy. The keys within certificates are used to encrypt confidential data, ensure data integrity, authenticate the owner and provide a means for non-repudiation.
Will a PKI Provide a Measurable ROI?
Despite the growing pains many early PKI adopters have experienced, benefits such as reduced cost, streamlined processes and better customer service offer tangible returns on a PKI investment.
Calculating the ROI on your PKI investment is an inexact process, but it can be done. Its more of an art than a science. You need to have a good understanding of your company, how it will benefit from PKI-enabled applications, and what risks will be mitigated through a PKI. The following actions can help you to determine what benefit you can expect:
1. Estimate the total cost of your PKI by number of employees over some specific time period (see discussion in # 5, below).
2. Estimate the probability of attack and its financial harm over the same period.
3. Estimate the amount of new business and revenue your organization will get due to PKI-enabled applications.
4. Determine the cost savings vs. using an Internet-based VPN, EDI or secure e-mail, and without the use of private leased lines.
5. Do the math: Total benefit from new applications, reduced risk and cost savings minus the PKI cost equals ROI.
Top 10 Deployment Issues
Before deciding to move forward with a PKI for your organization, you should have a solid understanding of the following deployment issues. Not surprisingly, these are the same issues that are usually downplayed by vendors selling PKI products and services.
1. How Client and Server Applications Handle Digital Certificates
This is ranked as the #1 issue because if your applications dont interpret or understand how to deal with digital certificates, then whats the point? Unless you can deploy a single PKI for several applications, then PKI may not be the best option right now. There are many different levels of certificate interoperability within software applications. Research your applications to determine if theyre PKI-ready.
2. User Acceptance
One of the great values in a PKI is that the same type of certificate can be used to authenticate both people and devices, such as desktop PCs, routers, Web servers and firewalls. However, clients will have to install PKI-ready applications or new software on these devices in order to play, and any utility that introduces more "steps" for the end-user to perform is asking for trouble.
To "unlock" private key(s) and open an encrypted message, users typically type in a static password or phrase. In the long run, however, this will not be enough. A stronger, two-factor authentication scheme between a real person and his or her digital certificate will be required. Many vendors are working on this with biometrics and smart card technologies. But once again, two-factor authentication puts an extra step into the process and involves additional cost and administration.
3. Initial Deployment, Planning, Design and Certificate Issuance
This initial setup phase of your deployment will be greatly influenced by your
organizations expectations and level of expertise. Uncertainty about how the PKI will be used, combined with a lack of PKI-enabled applications, will increase your deployment efforts two-fold. Additional delays may result from pre-existing infrastructure obstacles, such as lack of network bandwidth or directories, or firewalls placed between external or internal groups. Plan on a minimum of between six weeks and five months for initial deployment.
4. Lack of Personnel With PKI Expertise
Not much explanation needed here. No matter what region of the world youre in, finding knowledgeable people on PKI/CA deployment and administration is verydifficult, unless you throw a ton of money their way.
What is the cost of (1) tying a PKI into corporate directory services, and (2) managing it on a day-to-day basis? Part of the difficulty with these questions is that the answers will depend on your enterprise setup and your requirements for a PKI. The cost model will also fluctuate from one vendor to the next, depending on the type of service you require.
For discussion purposes, lets assume your enterprise has multiple sites, and wants to issue certificates to authenticate access to e-mail and Web applications for half of them. For a 5,000-user enterprise, the estimated total cost of ownership (TCO) over a three-year period would be $90,000-$160,000 for the initial PKI investment, with an additional $300K $400K for support and maintenance. For a 25,000-user enterprise, the estimated TCO would be $200K-$400K for initial investment, with $540K-$840K for support and maintenance.
Scalability should be high on your list of concerns if you work in a large organization with more than 50,000 users. For most initial deployments, pilot projects cover a few hundred users. ISPs, banks, reservation systems and government agencies, however, need a PKI that can grow to the millions in Internet speed, which means by 2001. The PKI vendors assure us that scalability is being addressed, but you can expect the large customers to push the envelope on performance, revocation and certificate management tools for the next few years.
7. Emerging Standards
The wonderful thing about standards is that there are so many to choose from, including those from the multiple working groups in the IETF and recent vendor modifications of PKCS. However, this may also increase the confusion factor. The IETFs PKIX working group has been instrumental in defining the different technical aspects of an X.509-based public-key infrastructure. Multiple interpretations of the same draft documents are responsible for some of the confusion, but time will help iron these conflicts out.
Interoperability between different standards bodies and special interest groups will be the next challenge: Where does one specification leave off and another begin? These standards organizations now depend on each other, something they never had to deal with in the past.
8. Multivendor CA Interoperability and Cross Certification
Also important is the co-existence of certificates from multiple vendors. Choosing a vendor that makes a conscious effort to interoperate with its competitors is important. Given the relative youth of this market segment, dont expect any one vendor to dominate the entire PKI market. However, over the next year, you can expect about five key players to emerge as market leaders, which means five types of certificates, all requiring a high degree of interoperability.
You can blame this dilemma on the standards, but certainly not on the lack of competing standards. Its more an issue of how the standards drafts are interpreted by the implementers. This is not a showstopper, because these issues will be worked out over time (at the expense of early adopters), but dont expect a multivendor cross-certified CA deployment to be easy (or even possible) for quite some time.
9. Certificate Revocation
PKI has been widely criticized for the lack of a predictable revocation scheme and rightfully so. Revocation parameters greatly depend upon the application and transaction tolerances. An internal corporate PKI with a single CA is not a problem. But an e-commerce scenario with heterogeneous CAs that require real-time revocation is virtually impossible today.
10. X.509 Technical Limitations
Last but not least, if the IETF draft standard PKIX is to be the PKI standard, the X.509 certificate structure is something well have to live with.
A certificate has three elements: the clients public key, certificate owner attributes and one or more issuers/signatories binding these elements into the certificate. Unfortunately, the strict, non-flexible structure of an X.509 certificate could become a major problem over time (see sidebar below). X.509 has a single issuer or signature binding the attributes to the key or principal element. Meanwhile, one of the "pretty good" things about Pretty Good Privacy (PGP) is that each individual attribute of a certificate can have any number of authorization signatures (exportable or not). This is useful and greatly reduces certificate management. Having a single issuer means youll end up with lots of different certificates per user as attributes change. This will cause management problems over time. Also, the X.509 v. 3 extension fields and flags are interpreted differently between most vendors, which reduces their usefulness.
These 10 factors are critical to knowing whether PKI deployment will actually provide lasting benefit to your organization by reducing security risks. For example, if deployment will be limited to simple protection of private keys by unmanaged passwords, then PKI-based authentication might not be significantly stronger than an existing password synchronization scheme. Likewise, if youre unable to determine what kind of certificate revocation requirements and timelines you need (or, if your applications dont support them), then you may not be able to determine if a PKI-enabled application is really stronger under attack than your existing system.
Thats why its so important to be clear on what you expect from a PKI. Be sure you understand the benefits (and limitations) of your plans for PKI deployment, and whether it will translate into a meaningful reduction in risk.
Half-Full, or Half-Empty?
In the past, IT security projects have not been completely successful in preventing the corporation from harm. This is because the majority of breaches come from insiders, from simple human error or from social engineering attacks that circumvent even the best security controls. Having a high degree of trust or assurance of ones identity or authorization will greatlybut not entirelyreduce risk. The "human factor" always screws up the wonderfully predictable nature of cryptography.
Despite what some vendors might have you believe, PKI does not eliminate the possibility that bad things will happen to your corporate assets. If youre in IT, youre in an application-driven industry. Information security, however, is not an application, but an enabler of applications. Similarly, PKI is an enabling technology for e-commerce, a means and not an end to securing online and back-office applications.
The reality is that PKI has huge potential, especially given the worlds growing reliance on e-commerce. In coming years, PKI wont be a matter of if, but when. The challenge is determining when the time is right for your organization.
E-Commerce and Digital Signature Legislation
Reviews all recent state and federal legislation regarding EC and digital signatures.
IETF PKIX Working Group
Contains draft documents on the PKI x.509 charter.
Meta Certificate Group
Provides an overview of certification systems.
PKI Information Bank
The Sans Institute/Risk Management
Links to "Risk Management Is Where the Money Is!" by Daniel E. Geer Jr.