PKI is hard, but it doesn't have to be this hard

Public-key infrastructure is a pretty good way to authenticate users, sign documents electronically and secure data. But a pair of experts who spoke at the 2006 International Conference on Network Security this week believe that using PKI often is harder than it needs to be.

Bill Burr of the National Institute of Standards and Technology said the government has been working to implement PKI for 10 years now.

"We haven't been as successful as I wish we had been," Burr said. "But I think we've been more successful than we get credit for."

PKI uses a pair of mathematically related encryption keys to secure data. One key is kept private while the other is made public, allowing communications between individuals without exchanging secret keys. Using a public key, messages can be sent that can only be read by someone possessing the corresponding private key. Material encrypted with a private key can be decrypted using that individual's public key, validating who sent and "signed" the message.

The tricky part of PKI is the infrastructure, a system for generating and managing keys and digital certificates that contain them.

"It's much harder than we thought it would be," Burr said. "We've backed the wrong horse any number of times," in deciding how the federal government would implement PKI.

Burr said one of these wrong horses was the decision to use a bridge certificate authority rather than a single central certificate authority to issue and manage digital certificates. Burr said that a bridge system between authorities eventually would be needed, but that in retrospect the government should have started by using a single certificate authority within government.

"We are moving to a more hierarchical scheme," he said. "We've complicated our life a lot."

Microsoft Corp.'s Charlie Kaufman said that a primary problem with PKI is finding a common format for carrying and reading the certificates that contain private keys, and a common system for publishing and accessing public keys.

"The technology does exist to solve these problems, but we haven't used them," Kaufman said. "It's a distributed problem. The pieces are all there, but nobody has put them all together."

Kaufman and many members of the audience blamed the security industry for the problem. The industry moves on to the next cool thing in security without bothering to simplify the implementation of existing technologies such as PKI, they said.

Kaufman and Burr agreed that, with PKI, the perfect often is the enemy of the good.

"People would like PKI to solve a much harder problem," with an infrastructure that would allow universal authentication between strangers. A simpler and "good enough" solution would be to simply use public/private key pairs as passwords now are used, supplying a user's public key to the recipient when an account is set up or a relationship is established. This would be more secure than the current use of passwords for access security, and simpler than a full-blown PKI implementation.

"We don't have to build an eternal, nonreputable PKI for authentication and confidentiality," Burr said. Although PKI can be used to provide legally binding signatures on documents that can be verified years after signing, this is not necessary. "That's not our primary problem."

The primary problem, authenticating users and securing data, can be done much more simply, he said.

William Jackson is a staff writer for Washington Technology's sister publication, Government Computer News.