Search for: All records

In this work, we report on a comprehensive analysis of PKI resulting from Certificate Authorities’ (CAs) behavior using over 1300 instances. We found several cases where CAs designed business models that favored the issuance of digital certificates over the guidelines of the CA Forum, root management programs, and other PKI requirements. Examining PKI from the perspective of business practices, we identify a taxonomy of failures and identify systemic vulnerabilities in the governance and practices in PKI. Notorious cases include the “backdating” of digital certificates, the issuance of these for MITM attempts, the lack of verification of a requester’s identity, and the unscrupulous issuance of rogue certificates. We performed a detailed study of 379 of these 1300 incidents. Using this sample, we developed a taxonomy of the different types of incidents and their causes. For each incident, we determined if the incident was disclosed by the problematic CA. We also noted the Root CA and the year of the incident. We identify the failures in terms of business practices, geography, and outcomes from CAs. We analyzed the role of Root Program Owners (RPOs) and differentiated their policies. We identified serial and chronic offenders in the PKI trusted root programs. Some of these were distrusted by RPOs, while others remain being trusted despite failures. We also identified cases where the concentration of power of RPOs was arguably a contributing factor in the incident. We identify these cases where there is a risk of concentration of power and the resulting conflict of interests. Our research is the first comprehensive academic study addressing all verified reported incidents. We approach this not from a machine learning or statistical perspective but, rather, we identify each reported public incident with a focus on identifying patterns of individual lapses. Here we also have a specific focus on the role of CAs and RPOs. Building on this study, we identify the issues in incentive structures that are contributors to the problems. 

The Public Key Infrastructure (PKI) is the foundation which enables secure and trusted transactions across the Internet. PKI is subject to both continuous attacks and regular improvements; for example, advances in cryptography have led to rejections of previously trusted algorithms (i.e., SHA1, MD5). Yet there have also been organizational failures and malicious acts by trusted parties. In this work, we focus on the sociotechnical components of the current X.509 PKI with the goals of better understanding its vulnerabilities, and ideally informing the implementation of future PKIs. We begin with a taxonomy of chronic, catastrophic, high impact, or frequent PKI failures. This categorization was informed by a survey of non-expert perceptions of PKI and an interdisciplinary workshop addressing the future of security in the Internet of Things. To evaluate the failure modes, we conducted qualitative interviews with policy scholars and experts in applied cryptography. We summarize the results of the survey and workshop, and detail the expert interviews. Our findings indicate that there are significant failure types which neither the technical nor policy community are deeply engaging. The underlying assumptions about rate and severity of failure differ between these communities. Yet there is a common awareness of the vulnerabilities of the end users: the people who are required to trust PKI to interact and engage with the Internet. We identify an urgency in mitigating such critical issues, because of the increasing adoption of cyberphysical systems and the Internet of Things (IoT). We concluded that there is a need for integrated organizational, policy, and technical coordination to address the chronic and potentially catastrophic risks. We introduce possible economic and regulatory solutions, and highlight the key takeaways which pave our future research directions.