PKI: Looking at the Risks

Public key infrastructure (PKI) is an excellent technology to help users certify that the people or companies they are corresponding with are who they say they are. It has proven itself invaluable in e-commerce among other areas. As with any technology, however, it is not without its own security risks. Eliana Stavrou discusses these risks, and ways to minimize them.

To be fair to the readers, I believe that it is time to explain the possible risks and threats associated with Public Key Infrastructure (PKI). Until now, I have given you a lot of information on how to use PKI. (Editor’s note: see Eliana Stavrou’s articles on ASP Free). Although PKI is considered a must-have technology, it is not bullet-proof. Any security solution we have applied has its own problems; so does PKI. A silver bullet may not exist to solve all the security issues, but a combination of solutions along with the knowledge of their drawbacks gives us the vantage to close open holes and create a strong security solution.

In this article, I will discuss concepts related to PKI technology, so you need to be familiar with the PKI process.

The risks that are described in this article are the following:

  1. Trust establishment

  2. Private key protection

  3. CRL availability

  4. Key generation

  5. Legislation compliance 

{mospagebreak title=Trust establishment}

Although PKI aims to achieve a level of trust between individuals, issues such as inappropriate verification of trust procedures on behalf of the Certification Authority, and insecure configurations of the users’ computers, can lead users to question the trust relationships they have with each other.

It is a big responsibility on behalf of a CA to certify the trustworthiness of the entities requesting a digital certificate. How can you be sure that the CA has appropriate and strong procedures to verify that the requester is who he or she claims to be?  What if someone tricks the CA into issuing him or her a digital certificate based on fake personal information? What if a user’s private key is stolen and he or she has not discovered and reported it in order for the certificate to be revoked? Simply put, you cannot be sure!  

In addition to verifying the trustworthiness of the holders of a digital certificate, we have the issue of trusting the actual CA. How can we be sure that the CA has the appropriate resources, such as trusted personnel and a secure infrastructure? It is meaningless to trust a CA to issue certificates when physical security is absent and anyone can have access to the CA server and retrieve confidential information.

How to minimize the risk: Not everyone who possesses a digital certificate is actually trustable. Learn to be cautious in order to avoid future problems. When you receive a message signed by an individual, take a few moments to read the information contained on the digital certificate and then decide if you are going to trust the person who has sent it. You should consider these questions: “Do I know the person who owns the digital certificate?”, “Does the digital certificate have a valid expiration date?”, and “Is the digital certificate issued by an authority I already trust?”

{mospagebreak title=Private key protection}

The cornerstone of the PKI is the private key you use to encrypt or digitally sign information. One of the most significant things a PKI has to offer is non-repudiation. Non-repudiation guarantees that the parties involved in a transaction or communication cannot later on deny their participation. Imagine how vital this requirement is for e-commerce; as a consumer or a seller you have warranties that you will get what you have paid for or even that you will be paid as agreed.  

Assuming that your private key is stolen, this will lead to the compromise of the authentication and non-repudiation gained through PKI because the attacker can use your private key to digitally sign documents and pretend to be you. This is obviously a situation you do not want to face. Imagine how much damage (economically, credibility etc.) can be caused by someone else running around masquerading as you!    

Compromising the private key is a threat that involves not only the holders of the digital certificate but the CA itself. Compromising the CA’s private key may lead to dramatic consequences if it is not detected immediately. The attacker can use the CA’s private key to generate numerous fraudulent digital certificates that may then be used for illegal purposes. 

How to minimize the risk: Both the holders of a digital certificate and the issuing authority must protect the computers, storage devices or whatever they use to keep the private keys. A combination of security solutions can be used to achieve a high-level of protection such as strong passwords, anti-virus, firewalls, intrusion detection tools etc.

{mospagebreak title=CRL availability}

Each issuing authority usually maintains a list containing the serial number of all the digital certificates that have been cancelled due to various reasons i.e. compromised private keys or changes in the information contained on the digital certificate. This list is called the CRL (Certification Revocation List) and the process of verifying whether a digital certificate has been cancelled is called revocation checking.

The risk related to the CRL is concerned with the availability of the list. Assume that the private key of Bob is compromised by Trudy the intruder. Bob has detected the compromise and asked the issuing authority to revoke his certificate and issue him another one. The issuing authority revokes Bob’s digital certificate and places it in the CRL. Then, due to a virus infection, the issuing authority and its services become unavailable. In the meanwhile, Trudy the intruder has sent a digitally signed message to Alice, pretending to be Bob, asking her ID number because he will send her a present. When Alice receives the signed message, her email program, if configured appropriately, will try to verify the status of the digital certificate. Since the CRL is currently not available to any end entity, Alice’s email program could not verify the certificate, even though it has been revoked. This would lead to the acceptance of the certificate as valid. Thus:

  • digital signatures are wrongly viewed as valid, and
  • confidentiality has been compromised without the knowledge of sender or recipient.

Alice is excited about her present, so she emails her ID number to Bob, and the message that is intercepted by Trudy the intruder for her own nefarious purposes.

How to minimize the risk: The responsibility of minimizing the risk associated with the CRL availability depends entirely on the issuing authority. Thus, the issuing authority must maintain a strong and secure architecture to avoid security breaches, and a comprehensive fail-over plan that provides a secondary infrastructure to maintain availability of services in the case of a failure of the primary infrastructure.

{mospagebreak title=Key generation}

The generation of the public and private key is done using a cryptographic algorithm, and the generation of a digital signature is done using a hash algorithm. Examples of well known cryptographic algorithms are RSA (Rivest – Shamir – Aldeman), Diffie – Hellman, Elliptic Curve and DSS (Digital Signature Standard). Examples of well known hash algorithms are MD2, MD4, MD5 and SHA (Secure Hash Algorithm).

The risk associated with the cryptographic or hash algorithm used to generate the keys or digital signature respectively, pertains to the length of the keys that define the strength of the algorithm. By using a limited bit length to generate the keys or the digital signature, you face the risk of a brute force attack, in which an intruder tests every possible key combination to break the cryptographic or hash algorithm. These days, a brute force attack is easily made as computers get faster and cheaper.

Keep in mind that, if an attacker uses brute force, the computing power that is needed to break the algorithm increases exponentially with the length of the key. For example, a 32 bit length key requires 232 combinations; a key of this length can be easily broken even by you using special software. These days, a 512 bit length key can be broken by major governments or university research groups within a few months.   

In theory, any cryptographic method can be broken by trying all possible combinations. Fortunately, at the moment large length keys (i.e. 2048 bits) are unbreakable. By the time a cryptographic algorithm is broken, usually a new, stronger algorithm appears to cover the loss.  

How to minimize the risk: There is always the risk of using weak algorithms, which generate the public key from the private key in a manner that allows the value of the private key to be determined. Each issuing authority must use well-known algorithms and a large bit length for the generated keys to prevent an attacker from predicting the keys and causing problems. In addition, anyone requesting a digital certificate should take some time reading the Certificate Practice Statement of the issuing authority; it states the key length and the cryptographic and hash algorithms used. By doing so, all parties could prevent the creation of weak keys that can be determined by an intruder.  

{mospagebreak title=Legislation compliance}

Every country that either operates a national PKI system or has third-party organizations operating their own PKI system should have in place an appropriate legal framework to recognize the operation of the PKI and the usage of digital certificates and digital signatures. 

Earlier, I talked about the non-repudiation requirement. It is crucial for every business and every individual to be assured that, when they engage in a transaction using digital certificates and/or signatures, the participants cannot later on deny their actions.

However, in order for the non-repudiation requirement to take effect and protect the holders of a digital certificate, appropriate legislation must exist; otherwise, if someone denies an action that was actually performed, the person or company on the other end of the transaction may have no rights or recourse.  

For example, the European Union created a set of guidelines, called EU Directives, that cover the area of Public Key Infrastructure. The directives associated with the concept of PKI are:

  • EU Electronic Signatures Directive

  • EU Data Protection Directive 

In my country (Argentina), the government signed the law for protection of personal information in 1987, but until recently there was no legal act concerning the usage of digital certificates and signatures. The lack of a legal act was a big drawback in using PKI technology, since most people felt that they could not trust it without the appropriate legal recognition. Fortunately, the government recently harmonized the law with EU’s E-Signature Directive, anticipating to the spread of the PKI in the government and private sector.

How to minimize the risk: This risk depends entirely on the government of each country. The government has a responsibility to update its legislation framework. However, it is a good idea to investigate the situation in your country and find out whether you are covered by the law when using PKI technology. At least you will know where you stand if you choose to use PKI without the appropriate legislation.  

Conclusion

Public Key Infrastructure is a favorite technology despite the risks that may stem from its usage. As with any other technology, it is up to us to minimize the risks and threats associated with this technology, and maximize the benefit of what it has to offer. Knowing these risks in advance, we could better prepare and prevent possible problems that may arise by using such technology. Nevertheless, I think that all of us have to recognize the significance of PKI technology at an individual, business and national level. 

[gp-comments width="770" linklove="off" ]

chat