Public Key Infrastructure (PKI)

A trusted third-party entity that issues and verifies digital certificates. The CA acts as the root of trust in a PKI hierarchy by:

• Digitally signing certificates, binding a public key to an identity.
• Publishing its own root certificate.
• Operating under a strict Certificate Policy (CP) and Certification Practice Statement (CPS).

An electronic document that uses a digital signature to bind a public key with an entity's identity (person, organization, server). It contains:

• The subject's public key.
• Identifying information (common name, organization).
• The issuing CA's digital signature.
• Validity dates and serial number. The most common format is the X.509 standard.

An optional but common component that acts as a verifier for the CA. The RA is responsible for:

• Validating the identity of entities requesting certificates.
• Processing certificate enrollment requests.
• Performing proof-of-possession checks for private keys.
• Forwarding validated requests to the CA for issuance. It separates the verification function from the signing function.

The mechanism for invalidating a certificate before its expiration date. Critical for maintaining security when a private key is compromised or an entity's status changes. Primary methods include:

• Certificate Revocation List (CRL): A CA-published, signed list of revoked certificate serial numbers.
• Online Certificate Status Protocol (OCSP): A real-time protocol where a client queries an OCSP responder to check a certificate's status.

A publicly accessible directory or database for storing and distributing certificates and Certificate Revocation Lists (CRLs). It enables:

• Discovery of public keys for encryption and verification.
• Distribution of trust anchors (root CA certificates).
• Access to current CRLs for revocation checking. Often implemented using Lightweight Directory Access Protocol (LDAP) servers or HTTP/HTTPS servers.

The fundamental cryptographic elements managed by PKI. This involves:

• Public/Private Key Pair: An asymmetric key pair where the public key is widely distributed and the private key is kept secret.
• Key Generation: Often performed by the end-entity's client software.
• Key Storage: Private keys are stored in secure modules like Hardware Security Modules (HSMs) or software-based key stores.
• Key Lifecycle Management: Governing creation, distribution, usage, archival, and destruction.

PKI enables SSL/TLS certificates to secure web traffic, creating the https:// protocol. These certificates, issued by trusted Certificate Authorities (CAs), authenticate a website's identity and encrypt data between the user's browser and the server using asymmetric cryptography. This prevents eavesdropping and man-in-the-middle attacks.

• Example: Browser padlock icon and HTTPS in the address bar.
• Mechanism: The server presents its certificate; the browser verifies it against a trusted root CA store.

PKI is used for digital signatures to verify the authenticity and integrity of software and documents. Developers sign code with a private key, and users verify the signature with the corresponding public key to ensure it hasn't been tampered with and originates from a trusted publisher.

• Example: Verifying a software download from Microsoft or an Apple App Store application.
• Key Benefit: Protects against malware by confirming the publisher's identity.

PKI frameworks like S/MIME and PGP use digital certificates to provide email security. They enable:

• Encryption: Ensuring only the intended recipient can read the email.
• Authentication: Verifying the sender's identity.
• Non-repudiation: Proving the sender cannot deny sending the message. This is critical for business communication, legal correspondence, and protecting sensitive information.

PKI provides a robust alternative to passwords through smart cards and digital certificates. A user's private key, stored securely on a hardware token or Trusted Platform Module (TPM), authenticates them to networks, VPNs, and enterprise systems.

• Example: Government and corporate employees using CAC/PIV cards for physical and logical access.
• Advantage: Stronger security than passwords, resistant to phishing and replay attacks.

Blockchains are a decentralized application of PKI principles. A user's cryptographic key pair (public address and private key) forms their self-sovereign identity. This enables:

• Transaction Authorization: Signing transactions with a private key.
• Asset Control: Owning cryptocurrencies and NFTs.
• Decentralized Identifiers (DIDs): Verifiable credentials without a central authority. PKI is the core mechanism for ownership and trust in decentralized systems.

PKI secures machine-to-machine communication in IoT ecosystems by providing unique device identities. Each device is provisioned with a certificate at manufacture, enabling:

• Secure Boot: Verifying firmware integrity.
• Authenticated Communication: Ensuring devices only talk to authorized peers or cloud services.
• Lifecycle Management: Certificates can be revoked if a device is compromised. This is essential for securing industrial systems, smart grids, and connected vehicles.

The most critical risk is the compromise of a root or intermediate Certificate Authority (CA). An attacker who gains control of a CA's private key can issue fraudulent certificates for any domain, enabling man-in-the-middle (MitM) attacks and widespread impersonation. This undermines the entire chain of trust. High-profile incidents like the DigiNotar breach in 2011 demonstrated the catastrophic impact, leading to the CA's bankruptcy.

The security of PKI hinges on the protection of private keys. Loss, theft, or exposure of a private key compromises all associated digital identities and encrypted data. Key management challenges include:

• Secure generation and storage (e.g., Hardware Security Modules - HSMs).
• Secure distribution and lifecycle management (key rotation, revocation).
• Protection against insider threats and physical attacks.

Timely revocation of compromised certificates is a persistent challenge. Systems rely on Certificate Revocation Lists (CRLs) or the Online Certificate Status Protocol (OCSP) to check validity, but both have drawbacks:

• CRLs can become large and cause latency.
• OCSP introduces privacy concerns and dependency on responder availability.
• OCSP stapling and Certificate Transparency (CT) logs are modern mitigations to improve reliability and auditability.

PKI systems must evolve to resist cryptographic attacks. Using deprecated algorithms (e.g., MD5, SHA-1, RSA-1024) or weak key lengths creates vulnerabilities. Algorithm agility—the ability to migrate to stronger cryptography (e.g., ECC, post-quantum cryptography)—is essential but operationally complex, requiring coordinated updates across CAs, clients, and servers.

CAs may erroneously issue certificates due to human error, software bugs, or insufficient validation of the applicant's identity. This violates the Certificate Policy (CP) and Certification Practice Statement (CPS). Certificate Transparency (CT) frameworks are a critical defense, creating public, append-only logs that allow anyone to audit certificate issuance and detect unauthorized certificates.

PKI's inherent complexity often leads to configuration and implementation errors. Common pitfalls include:

• Incorrect certificate chain configuration, causing validation failures.
• Improper trust store management.
• Failure to enforce hostname verification.
• Misconfigured certificate lifetimes or key usage extensions. These errors can break systems or create exploitable security gaps.

An electronic document that binds a public key to the identity of its owner, verified by a trusted third party. It contains information like the owner's name, the public key, the issuing Certificate Authority (CA), and a digital signature.

• Purpose: Enables trust in public keys, preventing man-in-the-middle attacks.
• Standard Format: Most commonly uses the X.509 standard.
• Validity: Has an issuance and expiration date, after which it must be renewed or revoked.

A trusted entity that issues and verifies digital certificates. It acts as the root of trust in a PKI hierarchy.

• Core Function: Signs certificates with its own private key, attesting to the binding between a public key and an identity.
• Hierarchy: CAs can be organized in chains, with Root CAs at the top and Intermediate CAs below.
• Trust Store: Operating systems and browsers maintain a list of trusted root CA certificates.

Also known as asymmetric cryptography, it is the cryptographic system that underpins PKI. It uses a pair of mathematically linked keys: a public key (shared openly) and a private key (kept secret).

• Encryption: Data encrypted with a public key can only be decrypted with its corresponding private key.
• Digital Signatures: Data signed with a private key can be verified by anyone with the corresponding public key.
• Algorithms: Common algorithms include RSA, Elliptic Curve Cryptography (ECC), and EdDSA.

A list of digital certificates that have been revoked by the issuing Certificate Authority (CA) before their scheduled expiration date.

• Purpose: Informs relying parties that a certificate should no longer be trusted, even if it is not expired.
• Common Reasons for Revocation: Private key compromise, CA compromise, or change in certificate holder's status.
• Alternative: The Online Certificate Status Protocol (OCSP) provides a real-time check for certificate status.

A decentralized trust model that contrasts with the hierarchical PKI model. Trust is established through a network of peer-to-peer signatures rather than a central Certificate Authority (CA).

• Mechanism: Users sign each other's public keys, creating a chain of endorsements.
• Use Case: Famously used in PGP (Pretty Good Privacy) and GPG (GNU Privacy Guard) for email encryption.
• Trust Level: Users assign trust levels to signers, determining how much weight to give their endorsements.

The cryptographic protocol that secures communication over a computer network (e.g., HTTPS). PKI is fundamental to TLS for server authentication.

• Handshake: During the TLS handshake, the server presents its digital certificate to the client to prove its identity.
• Certificate Validation: The client verifies the certificate chain back to a trusted Root CA.
• Key Exchange: Often uses asymmetric cryptography (from PKI) to establish a symmetric session key for efficient encryption.