• United States




4 fatal problems with PKI

Jun 30, 20156 mins
BrowsersData and Information SecurityEncryption

The Web's security runs on complicated PKI deployments, few of which are implemented correctly, and all of which will soon be at the mercy of Moore's Law

I’m a huge PKI (public key infrastructure) fan. I love the beauty of the mathematics and cryptography. I love its myriad uses and scenarios.

I’ve been installing PKIs for private and public companies for over two decades. That’s always been a big part of my job, and lately, it seems like that’s all I’ve been doing. Demand has never been higher. More and more companies are either installing their first PKI or upgrading their current PKI to be more secure and resilient.

That being said — and it may surprise you to hear me say this — PKI is probably not going to solve your biggest security problems. Moreover, there’s a good chance that one day PKI will stop working altogether.

Here are four reasons why PKI isn’t the awesome security solution most people think it is:

1. PKI has too many moving parts

Complexity is the enemy of good computer security. The more moving parts you have, the easier it is to find weaknesses, and the harder it is to implement And few computer security defenses have more moving parts than a properly set-up PKI.

You need to begin with an offline root CA (certificate authority). It must be truly offline, or it’s subject to compromise. Then you need two or more CAs that do the work of issuing certificates. Your CAs need to be protected by an HSM (hardware security module), which is a piece of hardware that guards the most important private cryptography keys of the PKI. Normally, you need a few of these, and the total cost can easily reach $100,000.

You also need two or more websites to store the CA’s own certificate and CRLs (certificate revocation lists). You usually need two of these internally, on the network, and perhaps two more externally. These days, most PKI designers recommend two or more OCSP (online certificate status protocol) servers, which are supposed to create less CRL traffic between clients and CA servers.

Most PKIs also include two or more SCEP (simple computer enrollment protocol) servers, so that network and mobile devices can acquire certificates. There are dozens of other parts, such as object identifiers, signatures, etc. Then designers and admins have to figure out how big each key can be and for how long they can be used on a per-application basis.

After all the decisions are made, admins still need to find a way to give computers and users certificates. How will they enroll for certificates? What is needed to prove their identity? Who can approve certificates? How are they distributed? Every application, device, and operating system handles this stuff differently.

All this complexity means not only that users screw up, but so do most PKI admins. In my personal experience over two decades, perhaps 5 percent of PKIs are set up correctly. Most have multiple errors. Most have critical errors — which is not so great when PKI is supposed to be the building block of your security strategy.

2. Even when PKI works perfectly, it doesn’t work

Worse, even when you set up PKI perfectly and without error, and it works the way it’s intended to work … it doesn’t work! Well, it works, but that’s only because people and applications tend to ignore PKI errors.

Everyone knows that the little padlock on the browser bar means that a website connection is supposedly secure thanks to PKI.

But the complexity of PKI means that many websites and applications end up with PKI errors, which cause the little padlock to disappear or to remain unlocked. Many times the browser will warn you that a website’s digital certificate is not valid and recommend not going to the website.

What do most people do? Ignore the warning and go to the website.

Most applications, when detecting a certificate error, will fail “open.” They have to. If browsers actually enforced PKI errors they way they were intended to be enforced in the original Internet RFC (request for comment), the Internet would be an incredibly broken place.

3. PKI doesn’t solve the biggest security problems

Despite points No. 1 and 2, I love PKI. It’s very good at what it does if people, devices, and applications don’t ignore its warnings. But the biggest problem with PKI isn’t PKI itself. It’s that almost all of the problems that PKI solves aren’t the ones being exploited by today’s attackers.

Most exploits occur due to unpatched software, followed by socially engineered Trojan horse programs. Together, these two vectors probably account for 99 percent off all successful attacks in most environments, and PKI doesn’t fix either problem.

If you don’t fix the two biggest problems on your network, PKI isn’t going to help much. Here’s what I tell my clients: “Most of my customers with perfect PKIs get hacked just as much as those who do not.” It’s not the PKI’s fault. It’s that defenders aren’t fixing the big stuff that would help PKI do its job better.

4. Eventually, PKI will stop working forever

Here’s this is the real kicker. One day, all secrets protected by PKI will be revealed. Yep, that’s not a misprint.

One day, the incredibly hard math, involving large prime numbers, won’t be so difficult to solve anymore. Public key cryptography only works because of the math involved. But computers are only going to get better over time at solving cryptographic puzzles.

For example, one of the biggest promises of Quantum computing, whenever it finally gets perfected, is that it will be able to immediately break open PKI-protected secrets. Sometime in the near- to mid-term future, useful Quantum computers will become a reality. When they do, most public crypto will fall.

Anyone with a Quantum computer will be able to break anyone else’s secret. As you may have guessed, the world’s biggest crypto-spies are already saving the world’s secrets, so that when Quantum computing gets perfected (if it hasn’t already been in the lab), they can go back through the protected messages and reveal their contents.

Supposedly, when Quantum computers become a reality, the only encryption that can protect your secrets will be Quantum cryptography. That’s rich! No, I mean it. You will have to be extremely rich to buy enough Quantum encryption computers to protect your secrets. Right now almost any device, no matter how cheap or tiny, can run any of the world’s current encryption ciphers and programs. Quantum computing will change that forever.

We will again have something akin to what Alan Turing accomplished during World War II, where a few governments will control enough computing power to plow through everyone else’s big computer secrets. The rest of us will be swinging in the wind until Quantum encryption gets cheap enough for the masses.


Roger A. Grimes is a contributing editor. Roger holds more than 40 computer certifications and has authored ten books on computer security. He has been fighting malware and malicious hackers since 1987, beginning with disassembling early DOS viruses. He specializes in protecting host computers from hackers and malware, and consults to companies from the Fortune 100 to small businesses. A frequent industry speaker and educator, Roger currently works for KnowBe4 as the Data-Driven Defense Evangelist and is the author of Cryptography Apocalypse.

More from this author