Applications of PKI

PKI has found practical applications in a number of areas. Most of us come across PKI in the context of one or more of these applications.

Secure e-mail Communication

Normal e-mail communication over the Internet is not considered safe to exchange confidential and sensitive information, for the sender's identity can easily be faked, or the clear text message be seen and modified in transit, either by sniffing the wire or retrieving and modifying the stored text at intermediate servers. An obvious solution to this problem is to use a digital signature to establish the sender's identity and encryption to ensure the privacy of the message. Both assume PKI to be in place.

In a PKI-based secure e-mail solution, the mail client program, such as MS Outlook or Eudora, is responsible for signing and encrypting the outgoing messages and verifying and decrypting the incoming messages. These operations require access to the user's private key, public-key certificate and list of trusted issuers. Recall that this is the same information that a Java keystore holds.

In addition to a keystore, there is also a need for a protocol to format the signed and/or encrypted content so that e-mail clients from different vendors can work together. S/MIME is one such protocol. We learn more about securing messages in Chapter 7, Securing the Message.

Secure Online Communication

The widespread use of the Internet and World Wide Web for e-commerce, online banking, retrieval of confidential information and other such activities requires that the connection between the user's machine and the service provider's machine be secure. A secure connection implies that the messages exchanged over the connection cannot be understood or modified by a third party. Optionally, each communicating party may also like to make sure that the other party is what it claims to be.

The problem of a secure online connection between any two machines on the Internet is solved by SSL, a software layer utilizing PKI and built over TCP/IP. SSL uses X.509 certificates to authenticate an end point. The client, or the initiator of the connection, can authenticate the server by verifying the distinguished name associated with the server's certificate. Optionally, the server can also instruct the client to authenticate itself by asking for a certificate that it can trust. Additionally, all communication between client and server include digests and are encrypted, ensuring integrity and privacy.

Theoretically, any protocol layered over TCP/IP could benefit from SSL. In practice, only HTTP over SSL, or HTTPS, has gained wide popularity. Widely used browsers such as MS-Internet Explorer and Netscape come preloaded with public-key certificates of leading CAs and require no additional setup to validate certificates supplied by the HTTPS servers.

Configuring SSL-based security for a server application is often a matter of acquiring the right certificate and making the proper configuration changes. However, the actual task could be quite involved, especially when you want to authenticate clients based on their certificates and use their identity to assign certain authorizations. Fortunately, Java has comprehensive support for SSL and HTTPS. We talk more about it in Chapter 6, Securing the Wire.

Another widely used technology for a secure online connection, at least among developers, is SSH. Most often, SSH is used as a secure replacement for telnet and rlogin programs. At times, it is also used to tunnel other, nonsecure application protocols. For example, a plain TCP/IP connection between a CVS (Concurrent Version System, an open source source code control software) client and server can be tunneled over SSH to establish a secure connection.

Identification and Authentication

User names and passwords are the most widely used mechanisms for user identification and authentication, and are also the weakest link in online security systems. Given a choice, most people tend to pick passwords that are easily guessed. Forced to pick randomly-generated, hard-to-guess (and remember!) passwords, they tend to write them down, making them susceptible to leaks.

Passwords are usually encrypted using one-way hash functions and stored on the disk, along with user names. Once someone has the encrypted passwords, finding out the unencrypted passwords is just a matter of brute-force computation by trying out different words from a dictionary (very effective) or different combinations of all possible letters (time consuming but doable by modern computers within days).

Certificate-based authentication uses a private key with significantly more bits than a typical password and is much more resistant to brute force attacks. The downside is that the private key must be stored on the user's machine and is susceptible to theft. This risk is somewhat mitigated by encrypting the private key with a password or keeping the private key on a smart card or both. Note that brute force attacks to find the password to decrypt the encrypted private key are significantly more time-consuming as each try would require validation against the corresponding public key and this operation is compute-intensive.

Code Signing

An important use of PKI technology is to sign Internet downloadable, executable programs and libraries, thus providing the user a reasonable assurance of its integrity and authenticity. Whenever you download a plug-in, a Java applet or any other kind of mobile code, the browser or the JVM, depending on its security settings, determines whether the code is signed or not and if it is signed then whether the signer can be trusted or not, based on the signer's certificate and the list of trusted certificates. If the browser cannot make a decision, because the code is not signed or the signature cannot be verified, then it asks you, the user, for an appropriate action.

We have already come across one instance of code signing technology in the Java platform. Recall that JCE uses the code signing technology to determine whether a particular security provider be loaded and executed.

Software License Enforcement

Another interesting use of PKI-based digital signature technology is to enforce certain types of software licenses. A software publisher may make its software freely downloadable over the Internet but control its execution by checking the availability of a digitally signed license file. A typical license file contains a start date and duration for which the software is functional, enabled features and other such information and is signed by the private key of the software vendor. The software has the public key embedded and validates the signature, terminating execution if the validation fails.

Care needs to be taken while using this scheme for Java programs. It is quite easy to decompile Java byte-code, modify the portion of the source code that does the validation and bypass the license file completely. The same attack would work with native executables as well but identifying the correct location and doing the modification is a lot harder with machine code.

Contract Signing and Record Maintenance

A significant promise of PKI and Digital Signature is the ability to execute and sign legally binding contracts over the Internet. Such contracts incur much less overhead, are faster to execute and promote inexpensive paperless transactions. Recognizing these benefits, a number of nations have enacted favorable legislation. As a result, more and more government agencies and business organizations are modifying their processes to accept digitally signed documents as a replacement for signed paper documents.

Still, significant social and psychological barriers remain against digital signatures as a replacement for traditional paper signatures and wide spread adoption of this technology is years away.

Another area where digital signature is finding increasing use is the maintenance of verified tamper-evident electronic records for audit purposes.