National Academies Press: OpenBook

Cryptography's Role in Securing the Information Society (1996)

Chapter: H - Summary of Important Requirements for a Public-Key Infrastructure

« Previous: G - The International Scope of Cryptography Policy
Suggested Citation:"H - Summary of Important Requirements for a Public-Key Infrastructure." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×

Page 450

H Summary of Important Requirements for a Public-Key Infrastructure

Based on information from a National Institute of Standards and Technology (NIST) document on public-key infrastructure,1 this appendixbriefly summarizes the user, technical, and legal requirements of a federal public-key infrastructure, as well as other observations obtained through interviews and the analysis of pertinent standards.

• Ease of Use. Certificate infrastructures should not make applications utilizing digital signature capabilities more difficult to use. To support ease of use, the infrastructure must provide a uniform way to obtain certificates in spite of the possible differences in certificate management policies employed by different segments of the infrastructure.

• User Authentication. To ensure proper linkage of a public key with a specific user, the identity of that user must be authenticated. User authentication is usually conducted by the certification authority (CA) during the key certification process.

• Certification Policies. If the existence of different certification policies is allowed, certification policies for both individual users and organizational users must be clearly articulated. In addition, mechanisms must

1 Shimshon Berkovits et al. (MITRE Corporation), Public Key Infrastructure Study: Final Report, National Institute of Standards and Technology, Gaithersburg, Md., April 1994.

Suggested Citation:"H - Summary of Important Requirements for a Public-Key Infrastructure." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×

Page 451

be provided to enable each user to be aware of the policies governing any certificate that he may encounter. In particular, a user should be able to establish how carefully and thoroughly the CA authenticated owner identity of the public key before certifying the association between the user and the key.

• Trusted Certificate Authority. Digital signatures are used to ensure sender authentication, nonrepudiation, and message integrity. To trust these security services, the user needs to be assured that the public key used to verify a signature is actually the key of the person who signed the transaction. To ensure that certificates are generated by and obtained from trusted sources, mechanisms are needed to prevent any user from creating false certificates that are signed with the user's regular private key. Even though a signature can be verified by employing the user's properly certified public key, the false certificates must not be accepted as legitimate. Then a pretender cannot create signatures that will be accepted because they are verified using keys obtained from the false certificates. Since the CA performs user authentication at key certification time and is responsible for keeping the user's name and public key associated, each CA must be a trusted entity, at least to the extent defined in the pertinent PCA policies. This implies the provision of some security protection for each CA, specifically the private key of the CA, so that the CA cannot be modified or impersonated. Certification policies can specify the security measures that a particular CA undertakes. Users must determine whether the CA is sufficiently trustworthy for their applications. The basic trust rests in the certification policies and security mechanisms established for the infrastructure.

• User Affiliation. To have a CA certify a public key, a user must provide a unique name in addition to the public key that is to be certified. That name usually contains the user's organizational affiliation. It is possible, however, that some private citizens may wish to have their keys certified independently of any organization. Therefore, provisions for certifying private citizens must also be made.

• Privacy of User's Identity. Some users may wish to remain anonymous but still register with a CA. This may require the establishment of certification agencies that would register users requesting nondisclosure of their identification information. Alternatively, policy choices in different segments of the infrastructure could include or exclude anonymous certificates.

Suggested Citation:"H - Summary of Important Requirements for a Public-Key Infrastructure." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×

Page 452

• Multiple Certificates. In some instances a user may have several certificates, each issued by a different CA. This situation may occur if a user belongs to more than one organization and needs a certificate from each organization or if a user has a certificate as an employee and another certificate as a residential user. If the naming convention includes a user's organizational affiliation in the person's unique name, then a user can have several unique names with a different certificate associated with each. Multiple certificates assigned to a single unique name may be used to simplify recovery from CA private-key compromise. The infrastructure may have to handle multiple certificates for a single user.

• Certification Revocation Lists. When a private key is known to be compromised or even when its compromise is only suspected, it must be replaced immediately. The certificate containing the associated public key must be revoked immediately. To inform users of such a compromised key, thus allowing them to identify and reject possibly fraudulent transactions, the certificate is placed on a Certificate Revocation List (CRL). Placing a certificate on a CRL can also be used to announce the severing of a relationship between a signer and the organization with which he or she was once associated.

• Services of CA. CAs will need to certify public keys, create certificates, distribute certificates, generate CRLs, and distribute CRLs. Distribution of certificates and of CRLs will be accomplished by depositing them with a generally available directory service.

• Security and Legal Efficacy. There is an inherent linkage between security and legal efficacy. The security of electronic messages and records is not only a business requirement, but also an underlying legal requirement. This linkage determines what is sufficiently secure by considering what presumptions apply to the particular message's or document's purpose(s) and by considering the risks it confronts. Legal requirements should clarify reasonable security procedures without sacrificing needed flexibility. The question is not whether to have or not to have security, but rather whether the implemented security mechanisms provide the degree of security offered by the digital signatures. The answer rests squarely on the strength of the infrastructure's security mechanisms.

• Liability. The extent of the infrastructure's liability must be founded on a balance between the interest of the government, which would limit it, and of the private sector, which would expand it. Bringing suit must be allowable, but there must also be a reasonable limit on the extent of the infrastructure's liability. Different levels of liability limitations can be

Suggested Citation:"H - Summary of Important Requirements for a Public-Key Infrastructure." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×

Page 453

offered. For a price, users might even be allowed to tailor the extent of protection to their needs.

In committee discussions, it was noted that the liability of those providing authentication services is a critical issue. When the provider of authentication services is a business with which one is interacting for other purposes (e.g., to buy something), that business will generally have to accept liability for the interaction. Thus, if it wrongly certifies that Joe is Jack, and if Joe then steals money out of Jack's account, the bank that authenticated the transaction is liable. Likewise, third-party authentication services whose job it is to provide authentication services, but nothing more, would or should accept liability. Appropriate insurance requirements and a legislative framework might be necessary to regulate such services to ensure that they adhere to good practice.

As an agency of the federal government, the infrastructure may be considered to have sovereign immunity. Such immunity would imply that the infrastructure and its managers cannot be sued for any losses resulting from their actions or from their inaction. Although such a status may be attractive, it undermines the usefulness of the certification infrastructure. Without reasonable assurances that potential losses due to malfeasance will be recoverable, a typical nongovernment user will shy away from relying on the public-key infrastructure. Any set of laws and regulations must strike a balance between protection of the government from excessive claims and blocking users from any chance of reimbursement. The following items summarize what may be considered reasonable limits on the extent of liability to which a CA at any level and ultimately the public-key infrastructure as a whole should be exposed.

—A CA has no liability associated with the loss of the private keys of its clients or with their generating weak private keys.

—A key-generation facility has no liability associated with the compromise of the private keys it produces unless it can be proved that the documented policies and procedures relevant to the facility were not followed during the key-generation process, resulting in a weak private key that is more susceptible to compromise or the actual revelation of a private key.

—A key-generation facility has limited liability for the compromise of a private key during the key distribution process if the documented policies and procedures relevant to the facility are not followed, resulting in the revelation of the private key.

—A CA has no liability associated with forged signatures unless the forgery results because the documented policies and procedures relevant to the CA were not followed.

—A CA has no liability associated with the wrongful binding of an individual's identity with an associated public key unless it can be proved

Suggested Citation:"H - Summary of Important Requirements for a Public-Key Infrastructure." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×

Page 454

that the documented policies and procedures for identification and authentication relevant to the CA were not followed.

—A  CA has limited liability for not revoking certificates according to its revocation policy.

—A CA has limited liability for revoking a certificate for a reason not specified in its revocation policy.

—A  CA has limited liability if, despite its having followed published policies and procedures, a certificate in the database is modified or deleted.

• Liability Policy. The extent of liability in the above situations is conceivably a part of the policy under which a CA or key-generation facility operates. The policy must distinguish between direct liability on the one hand and indirect and consequential damages on the other.

Suggested Citation:"H - Summary of Important Requirements for a Public-Key Infrastructure." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×
Page 450
Suggested Citation:"H - Summary of Important Requirements for a Public-Key Infrastructure." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×
Page 451
Suggested Citation:"H - Summary of Important Requirements for a Public-Key Infrastructure." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×
Page 452
Suggested Citation:"H - Summary of Important Requirements for a Public-Key Infrastructure." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×
Page 453
Suggested Citation:"H - Summary of Important Requirements for a Public-Key Infrastructure." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×
Page 454
Next: I - Industry-Specific Dimensions of Security »
Cryptography's Role in Securing the Information Society Get This Book
×
Buy Hardback | $80.00 Buy Ebook | $64.99
MyNAP members save 10% online.
Login or Register to save!
Download Free PDF

For every opportunity presented by the information age, there is an opening to invade the privacy and threaten the security of the nation, U.S. businesses, and citizens in their private lives. The more information that is transmitted in computer-readable form, the more vulnerable we become to automated spying. It's been estimated that some 10 billion words of computer-readable data can be searched for as little as $1. Rival companies can glean proprietary secrets . . . anti-U.S. terrorists can research targets . . . network hackers can do anything from charging purchases on someone else's credit card to accessing military installations. With patience and persistence, numerous pieces of data can be assembled into a revealing mosaic.

Cryptography's Role in Securing the Information Society addresses the urgent need for a strong national policy on cryptography that promotes and encourages the widespread use of this powerful tool for protecting of the information interests of individuals, businesses, and the nation as a whole, while respecting legitimate national needs of law enforcement and intelligence for national security and foreign policy purposes. This book presents a comprehensive examination of cryptography—the representation of messages in code—and its transformation from a national security tool to a key component of the global information superhighway. The committee enlarges the scope of policy options and offers specific conclusions and recommendations for decision makers.

Cryptography's Role in Securing the Information Society explores how all of us are affected by information security issues: private companies and businesses; law enforcement and other agencies; people in their private lives. This volume takes a realistic look at what cryptography can and cannot do and how its development has been shaped by the forces of supply and demand. How can a business ensure that employees use encryption to protect proprietary data but not to conceal illegal actions? Is encryption of voice traffic a serious threat to legitimate law enforcement wiretaps? What is the systemic threat to the nation's information infrastructure? These and other thought-provoking questions are explored.

Cryptography's Role in Securing the Information Society provides a detailed review of the Escrowed Encryption Standard (known informally as the Clipper chip proposal), a federal cryptography standard for telephony promulgated in 1994 that raised nationwide controversy over its "Big Brother" implications. The committee examines the strategy of export control over cryptography: although this tool has been used for years in support of national security, it is increasingly criticized by the vendors who are subject to federal export regulation.

The book also examines other less well known but nevertheless critical issues in national cryptography policy such as digital telephony and the interplay between international and national issues. The themes of Cryptography's Role in Securing the Information Society are illustrated throughout with many examples—some alarming and all instructive—from the worlds of government and business as well as the international network of hackers. This book will be of critical importance to everyone concerned about electronic security: policymakers, regulators, attorneys, security officials, law enforcement agents, business leaders, information managers, program developers, privacy advocates, and Internet users.

  1. ×

    Welcome to OpenBook!

    You're looking at OpenBook, NAP.edu's online reading room since 1999. Based on feedback from you, our users, we've made some improvements that make it easier than ever to read thousands of publications on our website.

    Do you want to take a quick tour of the OpenBook's features?

    No Thanks Take a Tour »
  2. ×

    Show this book's table of contents, where you can jump to any chapter by name.

    « Back Next »
  3. ×

    ...or use these buttons to go back to the previous chapter or skip to the next one.

    « Back Next »
  4. ×

    Jump up to the previous page or down to the next one. Also, you can type in a page number and press Enter to go directly to that page in the book.

    « Back Next »
  5. ×

    Switch between the Original Pages, where you can read the report as it appeared in print, and Text Pages for the web version, where you can highlight and search the text.

    « Back Next »
  6. ×

    To search the entire text of this book, type in your search term here and press Enter.

    « Back Next »
  7. ×

    Share a link to this book page on your preferred social network or via email.

    « Back Next »
  8. ×

    View our suggested citation for this chapter.

    « Back Next »
  9. ×

    Ready to take your reading offline? Click here to buy this book in print or download it as a free PDF, if available.

    « Back Next »
Stay Connected!