We are all now aware about the PKI (public key infrastructure). Each day, larger number of companies establish their first PKI or update an existing PKI, making it more secure and flexible. However, PKI should not be considered as one solution to all existing security issues. Sometimes PKI may be a cause of the most considerable problems with security. There is also a high risk that at some point PKI may cease functioning.
In this article we will review main reasons why PKI cannot be called an ideal solution for security. There are several reasons for this.
Reason 1. PKI consists of numerous complex modules.
Complexity is treated as the main issue behind computer security. As more various components in your security infrastructure exist, the easier it will be to discover a weak chain among them. It is a requirement to begin a search for offline Root CA (certificate authority). It needs to be offline, or it may be a target for attacks. Then you will need to find two or more CAs to issue certificates. Your CA must be protected by HSM (Hardware Security Module). This module is a set of tools that protect the most important private PKI keys.
In addition, you will need to have two or more sites in order to be able to store the CA certificate and CRL-lists (certificate revocation lists). Generally, you need two of them for internal use, and two of them for the outside needs. Currently, most of PKI developers recommend to have two or more OCSP-servers for sending lesser traffic between clients and CA servers.
Most PKI also include two or more SCEP servers, so that network and mobile devices are able to obtain certificates. There are many other parts, such as object IDs, signatures, etc. It is a designers and administrators responsibility to determine how large each key will be and how long it will be used for each application.
After making all previously mentioned decisions, managers still needs to find a way to provide the user and computer certificates. How these certificates will be issued? What will be required to verify the data? Who will review the certificates? How they will be distributed? All systems, applications and devices will handle it in a different way.
PKI-administrators as well as users are affected by this complexity and feel inconvenience due to this. According to statistics, only 5% of all PKI configured correctly. Vast majority of them have errors in configuration. These errors are quite often critical. That is crucial, because PKI is used as a foundation for your security strategy.
Reason 2. PKI does not work.
Even in case where PKI is configured correctly and working perfectly fine, it may still contain hidden malfunctions. Users and applications simply do not see PKI errors.
It is well-known fact that a small lock in the browser indicates that the connection with the website is securely protected using PKI.
However, due to complexity of PKI, many websites and applications are exposed to PKI errors, which may cause for a small padlock to disappear or will display an open padlock sign. The browser will continue to issue warnings stating that the digital certificate is not trusted, and recommend you not to proceed further to the website.
What would be a natural reaction of the users? They will just ignore the notice and continue browsing the site.
Applications would be closed, if certificate issues will be discovered. If browsers properly processed PKI error, then the internet would not be the most convenient place.
Reason 3. PKI does not solve serious security issues.
The main problem of PKI is PKI itself. Almost all the security issues that resolved by PKI, are no longer exploited by modern hackers.
Most frequently, attackers try to use hacked software and social engineering through Trojan viruses. These two attack vectors are responsible for approximately 99% of all successful attacks in most environments. PKI does not solve any of these issues.
If these problems are not resolved in your network, then unfortunately PKI will be helpless. Even fine tuned PKI will not protect you against such attacks performed by experienced hackers. But this should not be considered as PKI related issue. Solution to this would be connecting PKI with other protective equipment.
Reason 4. Over time, PKI stops working.
It is true that, over time, all the secrets, protected by the PKI, will be disclosed. Today, this is not feasible due to complexity of algorithms. Public-key cryptography works through math. However, computers will eventually become more powerful. For example, if there will be quantum computers, the PKI secrets will be disclosed immediately. Anyone with a quantum computer would be able to decipher the PKI.
However, this is only a medium-term prospects.