A public key infrastructure (PKI) is a back-end cybersecurity measure that is described as a “set of rules, policies and procedures needed to create, manage, distribute, use, store and revoke digital certificates and manage public-key encryption.” PKI is based on asymmetric cryptography and is widely used today to secure electronic communication for online shopping, Internet banking and email as well as to protect communications between millions of users and the websites they connect to using HTTPS. Highly scalable and proven, PKI is also ideal for securing Internet of Things (IoT) devices.
Although you can easily encrypt messages without PKI, you can’t easily verify the identity of whom you are communicating with. In other words, a PKI infrastructure helps you authenticate or verify the identity of whom you are talking to.
Public Key Infrastructure Key Components
A typical PKI ecosystem includes the following key components:
- Certificate Policy. Essentially, the certificate policy is the security specification that defines the structure and hierarchy of the PKI ecosystem, as well as policies surrounding the management of keys, secure storage and handling of keys, revocation, and certificate profiles/formats, among other details.
- Root Certificate Authority (CA). The root CA is an entity that is the “root of trust” in a PKI implementation and is responsible for authenticating identities in the ecosystem.
- Intermediate CA. Also called the subordinate CA, the intermediate CA is certified by a root CA for specific uses as defined by the certificate policy. Digital certificates are typically issued and signed by sub-CAs.
- Certificate Database. The certificate database stores certificate records.
- Revocation Services. Revocation services are servers that post updated Certificate Revocation Lists (CRLs) or Online Certificate Status Protocol (OCSP) responders that use CRLs and respond to revocation lookup checks for devices that cannot process CRLs themselves.
- Digital Certificate. The digital certificate is a “digital identity” embedded in a device that provides secure authentication capability between devices and servers, allowing access to services, files or other remote resources. This is typically issued by the sub-CA.
How Does Public Key Infrastructure Work?
Asymmetric authentication is often arranged in a hierarchy of CAs that sign and issue digital certificates/credentials. An example of a PKI hierarchy is shown below:
Each CA grants authority to sub-CAs, which then sign digital certificates for devices. The digital certificates at the bottom are carried by end devices and are authorized by the sub-CA above them that generated and signed them. These are generally called device certificates.
The sub-CAs that generate the device certificates possess their own certificate, authorized by the digital signature of CA above them, and so on. PKI eventually terminates at the root, which is the foundation on which this particular PKI ecosystem domain is constructed.
The reason PKI ecosystems are arranged in hierarchies is that it allows for selective levels of revocation or access denial if it is later determined that a leak or compromise of a private key in the ecosystem has occurred, as shown below:
As the figure shows, you can revoke the certificate of any element within PKI from the device up to a high-level CA, depending on the nature of the security compromise. However, it should also be noted that if you revoke a certificate, you also revoke anything below that element in the hierarchy.
Also, this illustrates why PKI implementations are set up in tree-like hierarchies: This design allows for the ecosystem owner to perform selective damage control in the event of a compromise. It is also the reason why it is not good practice to issue any device certificates off the root CA, which limits flexibility. If something goes wrong in that case, you may need to invalidate and revoke the entire PKI and all deployed devices in the field, which is generally not a good option. This is why device certificates are almost always issued by sub-CAs below the root.
The final and potentially largest benefit is that with a single sub-CA generating potentially millions of device certificates, you can authenticate millions of devices with one sub-CA public key, making key management far more scalable and manageable than other options.
Public Key Infrastructure: A Compelling IoT Security Solution
If properly designed, a PKI can be a compelling solution for IoT security. PKI is highly scalable and allows management of credentials and access control, so why hasn’t it been adopted more widely for IoT?
To learn the answer to this question and see how you can use PKI to secure IoT products at scale, sign up to be notified when my white paper on “Internet of Things Security: Implement a Strong, Simple & Massively Scalable Solution” is available.