PKI

Public key certificates are technologies of trust. Many aspects of the current X.509 trust system are broken, illustrated not only by the academic computer security literature, but by recent news stories. Alternative trust models (e.g., Perspectives, DANE, pinning) and modifications to the current infrastructure are built upon threat models that address neither human trust behaviors nor emerging trust domains. Specifically, these alternatives are being proposed in the context of a future network that is integrated with an Internet of Things but are not designed for that environment. Such things and the attributes certified should be aligned with reasonable expectations what the person living with the technology.

The goal of the research is to encourage viewing the PKI as an ecosystem of humans, technology, organizations, and physical devices where just a new warning or a new level of indirection is not going to be adequate for devices that act on the physical realm. This is particularly true when the operators are sometimes literally pre-literate, as with the Cloud Pets. We offer a human-centered framework to ground this larger conception of the infrastructure. The end goal for PKI is to align assertions with the trust and risk behaviors of human in aggregate; beginning with the trust behaviors and risk heuristics that have been documented off-line, sometimes for decades. This means not only creating new interactions but also changing the scope and authority of the certificate authorities so that these are not universally trusted, but rather creating smaller personalized zones of trust.

Certificates are so widely applicable because they are used to resolve issues of authentication, deniability, and confidentiality. PKI systems in the web have structural, consistent flaws particularly in organizational controls, management of trusted CAs, and even usability. Yet there are well-understood short-comings in the current X.509 trust ecosystem. The role of the nontechnical person and the capacity for effects on the physical environment are different in the emerging domains of authentication of devices and humans the Internet of Things (IoT), and in securing smart transportation. These differences, unfortunately, align with the known weaknesses in PKI in practice.

Components of a solution include more than technical standards for secure code and appropriate algorithms. Organizational requirements include aligning with best practices, and additional information sharing when failures do occur. Appropriate information sharing is an organizational and political issue, adherence to best practices is policy made real in technological deployment, and even higher quality code is a function of organizational practices (code review, testing) and human behavior as much as technology.

Consider that certificate extensions are essentially policy statements. For example, they can limit the use of keys by a principal, such as to only allow signing code or attesting the identity of a secure website. The standard also allows for the creation of custom extensions. This is a technical standard that was improved after failures in the field to address an organizational weakness through cryptographic means. Extensions can be marked critical and the issuer expects that applications reject certificates with critical extensions that the application cannot interpret. There is still an assumption that all parties correctly reject such certificates.

It has long been known that what is needed is to design the infrastructure to empower users to distinguish not only generically between trustworthy and untrustworthy machines on the network, but also to provide them guidance on the risks of interacting with partially trusted. The entire PKI edifice depends, at its base, on the assumption that domain names are inherently readable and semantically transparent and that binding of these names is adequate for universal extensions of trust. There is little evidence for this supposition, and the success of phishing is itself a large-scale counter-argument. Phishers will have no more trouble paying for a joint domain name and certificate than they currently have purchasing domains. Bluntly, this has failed in practice and is particularly ill-suited for IoT as is. Making a system that works requires addressing the entire ecosystem of trust, and opening questions once thought settled. For example, what is the role of the traditional CA in an IoT ecosystem? The generic CA has proven effective in supporting small companies and empowering medium enterprises to outsource managing this highly technical functionality. Yet the role of CAs in the current trust infrastructure is unsustainable and has created an ineffective system with perverse incentives. The current warnings are confusing, provide far too many false positives, and arguably hinder as much as they assist.