e-Commerce Security—Public Key Infrastructure: Good Practices for Secure Communications 


e-Commerce Security - Public Key Infrastructure: Good Practices for Secure Communications

Executive Summary

A public key infrastructure (PKI) is a series of processes and technologies for the association of cryptographic keys with the entity to which those keys were issued. Cryptography was developed to transform the contents of messages and other communications in such a way that they would be rendered unusable by any except those for whom they were intended. In e-commerce, the population involved in the totality of the communications is large, effectively infinite. It is by definition public. It follows, therefore, that the encryption methods must have a public component so messages may be sent to anyone, and a private component to authenticate that the message can be revealed only to the right person.

Public Key Cryptography

Those two components are the paired keys, public and private. For the sender and the receiver to be able to communicate, they must follow a common methodology or algorithm. Therefore, to effect secrecy in the transmission, some element—the keys—must be used to make each transmission between the parties distinct and unique from transmissions between other parties.

In asymmetric cryptosystems (public key cryptosystems), key pairs are uniquely associated, leading to the conclusion that these key pairs can be used as identifiers. In contrast, in symmetric cryptosystems (secret key cryptosystems), at least the sender and the receiver (or multiple receivers on the same system) must have the same key and thus are not uniquely identifiable by that means.

The problem of issuing the keys to individuals and recording them remains—that is the public key component—for reference by those wishing to communicate securely. Moreover, there needs to be a means of ensuring that the keys remain valid and associated with the persons to whom they were issued. The solution to these needs is an infrastructure to support cryptography, an infrastructure for public keys or a PKI. Thus, cryptography provides security on the Internet while PKI provides trust.

The open question is how much trust is required for e-commerce. PKI acts in the realm of trust. The bind of identity with key pairs is so strong that digital certificates, the substance of PKI, enable an extraordinarily high level of trust with only a single authenticating factor, i.e., the certificate. Digital certificates (or, more properly, identity digital certificates) may be thought of as the electronic equivalent of passports. They serve as official identification papers.

Historically, the discussion of cryptography has been concerned with confidentiality of data as well as integrity protection and strong authentication. However, one of the major uses of public key cryptographic protocols is the ability to send plaintext messages with integrity protection and strong authentication. For example, a software manufacturer may want to send copies of its product such that the software is protected in transit from modification (i.e., adding Trojan horses, worms or other malicious changes). However, the software manufacturer does not want to add the extra time and complications of confidentiality. Through a variety of processes involving cryptographic techniques, the contents of the message (i.e., the software being transmitted) can be bound to the identity of the sender, that is, to his or her certificate.

The PKI Lifecycle

One way to put the various processes in perspective is to examine the lifecycle of a digital certificate and its associated keys. The lifecycle shows the events that are necessary for creating, using and destroying public keys and their corresponding or related digital certificates. The specific steps of the certificate lifecycle are normally based on two sets of documents, the certificate policy and the certification practice statement (CPS). These are essential documents for establishing and operating a public key infrastructure that is controlled, comprehensible and responsive to the needs of both enterprise management and those who would use a PKI. The certificate policy is a declaration of principles. It acts as the foundation for further documents that describe how the principles are to be implemented or operate. The certificate practice statement is the practical manifestation of the principles expressed in the certificate policy. A CPS can be considered an operations manual for a certification authority (CA) and is the basis for making a determination about the strength of the controls under which a CA operates and thus, by extension, the level of trust that can be placed in its certificates. In essence, the CPS describes the methods used to establish that the entity (in this case, the person), who has applied for a certificate, is indeed whom he claims to be.

The certificate lifecycle consists of:

  • Key generation—In this step a key generator creates the public key pair. The generator may or may not be an independent entity. For example, the CA may generate the key pair and export it to the end entity, or the end entity may generate the key pair and export the public key with its submission of identification to the CA.
  • Submission of identification and public key—Once the keys are generated and the entity has possession of them, the entity submits its identity information and its public key to the CA or its agent, the registration authority (RA).
  • Registration—The CA or the RA registers the request for a certificate and attempts to validate the submitted information.
  • Certification—If the information in the registration step is validated, the CA or the RA creates a certificate. The certificate is then digitally signed by the CA.
  • Distribution—The CA distributes and/or publishes the certificate.
  • Usage—The entity is authorized to employ the certificate only for the certificate’s intended use.
  • Revocation and expiration—The certificate is withdrawn when it expires or when there is a verified request to remove it from service (e.g., the entity may no longer be part of the system or the entity’s private key may have been compromised).
  • Renewal—An entity can renew its certificate by taking possession of a new key pair and requesting a new certificate.
  • Recovery—This is the forced reissuance of certificates if a certifying key is compromised or made vulnerable to use by others than the CA.
  • Archiving certificates—This is the storing of records about certificates and their use.

Application of PKIs to E-commerce

The use of the Internet for e-commerce might seem the same on the surface as doing business on the telephone. And in its most elemental form, it is. Two individuals can strike a deal using e-mail or a chat room that is no different from a phone call. But certain aspects of e-commerce are strikingly different—or may be if there is an intervening PKI. Both the vendor and the customer can have certainty of the identity of the other and can have recourse if the products/payment exchange is broken. Payment can be made simultaneously with purchase, as when buying a newspaper; delivery can occur at the same time as well, in cases where the product is intellectual, in the form of electronic bits.

The ability to perform these functions rests on a foundation of trust, and with a PKI there can be mutual trust. Actually, it is encryption that is the basis of trust, and PKI is the enabler of encryption for a widespread population of anonymous users. There are other mechanisms for assuring trust, such as passwords and identity tokens, but none that are as portable and universal as digital certificates. A PKI, as the intermediary between encryption keys and certificates, is thus the intermediary of e-commerce as well.

The concept of nonrepudiation is one of the most powerful functions that PKIs bring to e-commerce. A familiar example of nonrepudiation in the physical world is a manual signature to a document where the actual signing is witnessed by a trusted third party (i.e., a notary). If the signature is ever disputed or denied, the trusted third party is willing and able to give credible testimony that the signature was placed on the document by the purported signer at a specific time and place.

Generating and having a key pair by itself is not sufficient for true nonrepudiation. Having a digitally signed document, one can readily determine if the signer signed the document, but that does not unambiguously demonstrate who that person is. It is conceivable that someone created the key pair, but assumed someone else’s identity. Having a PKI minimizes this risk. Through digital certificates distributed via a PKI, a recipient can not only validate that the document is signed by the claimed signer, and thus the signing private key belongs to that signer, but also can identify who owns that particular signing key pair. The trust is based on the PKI and the “chain of trust” created by the PKI’s certificate chains.

Risks Mitigated by a PKI

If a public key alone does not indicate authorization to use it, a message that can be decrypted with a public key indicates that it was encrypted with a corresponding private key. And when the message also is accompanied by a digital certificate, there is reason to believe that the person to whom the certificate was issued is the owner of the private key. Thus, if there is a list of people authorized to perform a specific function (let us call it an access control list, or ACL), the authorization of the person requesting to do that function can be verified. This is not a frequent occurrence in e-commerce.

A PKI facilitates message integrity in two ways. The fact that a message can be decrypted at all indicates that it has not been modified, intentionally or otherwise, in transmission. It is the nature of the commercial cryptographic process that the data are transformed in blocks or as a whole. As a result, a change to even one bit will cause the entire message (or at least a significant portion of it) to be unreadable, thereby indicating possible tampering, as well as rendering it useless. More relevant to e-commerce, a digitally signed document (or message) can be shown to be the same as the one that the trading partner signed. This is because any modification to the document will invalidate the signature and vice versa.

Risks Inherent in a PKI

A risk in PKI is the loss of integrity in either of the keys, but particularly in the private key. Since keys come in pairs, modification of the public key would prohibit decryption of messages encrypted with the private key. And disclosure is not even an issue, since public keys are published for the world to see and use. The private key, in contrast, is subject to integrity breaches. The public key cryptosystem relies implicitly on the owners of the keys keeping their private keys secure against tampering or disclosure. If a private key is disclosed (it is no longer a private key at all, is it?) someone could impersonate the owner.

The secrecy of the key does not need to be compromised for it to be misused. The owner must not let anyone use his or her private key. To do so would be to ensure impersonation. However, private keys are stored on computers, and personal computers are highly accessible in many cases. They are on office desktops and in briefcases, seemingly everywhere. Thus if someone gains access to the device storing the private key, he or she can assume the identity of the owner of the computer and therefore of the key. And a digital certificate is unavailing, because it is, in all likelihood, on the same computer.

If a key is corrupted or disclosed, the only ones harmed are the key owner and anyone who relied on data "protected" by the affected key. Although painful to them, the ramifications are far less severe than if a CA or an RA were to be compromised. In that case many, if not all, of the keys and certificates issued by the organization would need to be treated as suspect.