PKI Architectures: How to Choose One (Page 1 of 4 ) In the Internet’s world of insecurities, many actions should be taken to enhance the defense of each and every network. Many solutions exist that provide a level of security, none however being bulletproof. The best approach is to combine a variety of mechanisms that will supplement one another. In this article I will discuss a technology that is considered to be the new trend and a favored option among network implementers, that is Public Key Infrastructure (PKI). Introduction Deciding to implement a PKI architecture is not an easy task to do. There are many factors which must be taken into consideration if we want to benefit from PKI technology. Before moving into explaining various PKI architectures and the criterion we use to choose the one that best suits our needs, I will make a brief overview about PKI technology so we all know what I'm talking about. What is Public Key Infrastructure (PKI)? PKI ensures a secure method for exchanging sensitive information over unsecured networks. In addition, PKI provides authenticated, private and non-reputable communications. PKI makes use of the technology known as public key cryptography. Public key cryptography uses a pair of keys to scramble and decipher messages, a public key and a private key. The public key is widely distributed, whereas the private key is held secretly by an individual. Messages are protected from malicious people by scrambling them with the public key of the recipient. Only the recipient can decrypt the message by using his / her private key, thus retaining the privacy of the message. The public key is distributed with a digital certificate that contains information that uniquely identifies an individual (for example name, email address, the date the certificate was issued, and the name of the certificate authority which issued it). Also, by using digital certificates we can digitally sign messages to protect the integrity of the information itself and achieve non-repudiation (digitally signing a transaction is legally binding and no party can deny his /her participation). Components of PKI In a PKI system, digital certificates are issued by organizations called Certification Authorities (CAs) i.e. Verisign. Requests for certificates are usually processed by organizations called Registration Authorities (RAs). An RA's responsibility is to evaluate each request, investigate the profile of each applicant and inform the appropriate CA about the trusting level of the client. After the trust verification of the applicant, CA issues the certificate. I have to mention that it is common for RA to be included within the CA environment as one component. The operation of CAs and RAs are governed by appropriate policies, the Certificate Policy (CP) and the Certificate Practice Statement (CPS). The first provides rules for naming certificate holders, the cryptographic algorithms that will be used, the minimum allowable length of encryption keys, etc. The latter details how the Certification Authority will implement the Certificate Policy (CP) into its procedures. PKI Architectures: How to Choose One - PKI Architectures (Page 2 of 4 ) In this section I will present the different types of CA architectures that are generally considered when implementing a PKI. PKI may be constructed as a: Single architecture Hierarchical architecture Mesh architecture Every architecture is distinct from the others in respect to the following: The numbers of CAs in the PKI system Where users place their trust (known as a user's trust point) Trust relationships between CAs within a multi-CA PKI Single Architecture A single architecture is the most basic PKI model that contains only a single (you wouldn't expect more, would you?) CA. All the users of the PKI place their trust on this CA. The CA will be responsible in handling all the users requesting a certificate. As there is only one CA, every certification path will begin with its public key. Figure 1 Single PKI Architecture Hierarchical Architecture A hierarchical architecture is constructed with subordinate CA relationships. In this configuration, all users trust a single "root" CA. The root CA issues certificates to subordinate CAs only, whereas subordinate CAs may issue certificates to users or other CAs. The trust relationship is specified in only one direction. In this PKI architecture, every certification path begins with the root CA's public key. Figure 2 Hierarchical PKI Architecture Mesh Architecture A mesh architecture does not include only one CA that is trusted by all entities in the PKI system. CAs can be connected with cross certification creating a "web of trust" where end entities may choose to trust any CA in the PKI. If a CA wishes to impose constraints on certain trust relationships, it must specify appropriate limitations in the certificates issued to its peers. Figure 3 Mesh PKI Architecture PKI Architectures: How to Choose One - Criteria to Choose a Certain PKI Architecture (Page 3 of 4 ) As I described in the previous section, we could select one of the three main PKI architectures (single, hierarchical and mesh) to implement in our own situation. Before implementing a PKI system, someone should weight the criterion mentioned below according to the specific needs and requirements of the organization to decide which PKI architecture is more appropriate: Budget The budget of the organization poses a constraint in choosing a PKI model, as it needs to buy dedicated machines to host each CA. A single architecture requires only one machine to host the CA, whereas a hierarchical or mesh architecture need several machines (along appropriate software, licenses, etc.) to support these kinds of PKI configurations. In addition, their is the need for hiring more personnel in order to operate CAs, thus spending more money. Human Resources The size of the organization (and thus the number of employees) constitutes another limitation in choosing a PKI model. A single architecture is preferred when the organization is small and does not accept many requests for certificates. Also, small organizations usually do not want to occupy dedicated personnel in operating the CA; they assign CA operation to someone who has already other responsibilities as well. In addition, a single architecture is simple to deploy, therefore it doesn't require much technical experience. In the case of larger organizations, the choice of either hierarchical or mesh architecture is feasible assuming that appropriate personnel is available to manage CAs' operation. Structure of Organization The structure of the organization plays an important role in selecting the right PKI architecture. Small organizations should focus on implementing a single PKI architecture as this configuration scales easily to support a small community of users. Large organizations should avoid single architecture as it doesn't scale well; they should choose between a hierarchical and a mesh architecture. Trust relationships are frequently mapped according to the structure of the organization, i.e. the structure of many organizations such as the government is largely hierarchical. A hierarchical architecture is suitable when the departments of the organization have distinct operations and do not need to exchange information often. In addition, managing a hierarchical architecture is easier than having to manage a mesh architecture with many trust relationships. On the other hand, a mesh architecture is preferred (rather than hierarchical) when users / group of users/ departments etc communicate frequently. It allows direct cross certification of the CAs of the end entities that need to communicate often, reducing certification path processing load. However, it does pose a more complex management of the PKI system as sometimes path discovery is difficult since there are multiple choices. Resilience of CA In a single architecture, if the CA is compromised no one could obtain any certification services. This problem exists in a hierarchical architecture also. When a "root" CA is compromised, this results in the the entire PKI being compromised. This problem results from the reliance on a single trust point. A mesh architecture is more resilient since there are multiple trust points. Therefore, if a single CA is compromised, this cannot damage the entire PKI system. Also, recovery is simpler in a mesh architecture than in a hierarchical; the new public key is securely distributed to the users of the recovered CA, affecting fewer users. PKI Architectures: How to Choose One - Conclusions (Page 4 of 4 ) The purpose of this article was to give the reader an overview of the PKI technology, the main architectures used to build a PKI system and a set of criterion to help them choose between these architectures. As we can understand, it is important to have the same levels of confidence and trust in the electronic world as we have in the traditional world, and this can be done by implementing a PKI system. Closing up, I will summarize which PKI architecture is best and when. A single architecture should be selected when the organization is small, with low budget and low demands for certification services; a hierarchical architecture is more appropriate for large organizations, that have appropriate budget to support the PKI implementation, with departments that do not need to communicate frequently, and the ability to support a demanding CA management (but not so complex); a mesh architecture should be selected (instead of the hierarchical model) if the departments of the organization need to communicate often and the organization can support the complex management of the PKI environment. However, we should have in mind that in a mesh architecture, sometimes the certification path development is more complex than in a hierarchical architecture, complicating verification of certificates and managing of the PKI system. In addition, we have to take into consideration the resilience of the PKI system, although there may be limitations such as the budget and management that prohibit the selection of a certain PKI architecture based on the resilience criterion. Finally, I advise choosing wisely the PKI architecture that is more appropriate for you and your needs to best benefit from what this technology can offer you.