How Blockchain Addresses Public Key Infrastructure Shortcomings

Enterprise security rests on a few important standards and tools for safe use. Public Key Infrastructure (PKI) is one such tool that’s commonly used by businesses to thwart bad guys and keep enterprise data secure.

However, traditional PKI has its limitations – a few being the fact that it still works on an outdated design and comes with a great deal of complexity for any enterprise to manage. Help is on the way. Blockchain is emerging as the foundation for the next generation applications, delivering a modern foundation for businesses so that their PKI performs more effectively.

When PKI took root, the internet was a Department of Defense research project, and networked business applications were largely non-existent. Instead, organizations relied on central servers sitting in corporate data centers. Securing transactions meant protecting two sides of static, well understood, centralized connections.

PKI was largely created for these static transactions. However, the modern web has evolved quite a bit since the advent of the internet and given that everything is based on a client-server and cloud model these days, the old PKI design is having a hard time scaling up to a modern, distributed nature of application interactivity.

How PKI Works 
PKI technology relies on a combination of private/public keys, which are two altogether different cryptographic keys that are related in such a way that only someone who owns the private key can successfully decrypt any messages that are encrypted by the public key. The most common use case of PKI is when it’s used to protect communication between a client (you, using a browser) and a server (the website you’re visiting). This allows for a safe transit of any and all information between you and the website you’re visiting, protecting the user’s information from eavesdropping by malicious parties. 

The problem
PKI works because of digital certificates which are typically issued by a trusted third party, called a certificate authority. This reliance on a central trusted party creates quite a few issues. First is that the CAs operate without any formal oversight. Sure they are obligated to comply with the CA/B forum (which is an organization run by CA’s and Browsers to set the standards and practices in the CA industry) but how they distribute the keys is their decision and sometimes, they make questionable choices. 

Secondly, because of the ability to impersonate another user or a website, CA systems are well-known targets for hackers. By breaching them, the bad guys gain access to a treasure-trove of personal and financial information traveling on the Internet. DigiNotar was a Dutch CA whose systems were attacked. As a result, so many fraudulent certificates were issued that the firm eventually filed for bankruptcy.

Also, because a PKI system is asymmetric, users need access to a public key and recipients must have a private key to decrypt the information. Should a private key become compromised, an attacker gains access to all of the data intended for the recipient. Attackers that gain access to private keys can also eavesdrop and decrypt other interactions as they occur. 

Blockchain Eliminates Traditional PKI Vulnerabilities
Application design has changed dramatically since PKI emerged. With cloud and mobility, employees are no longer tied to their desks when they access computer services. 

A new foundation is needed to secure such applications because there is no simple, centralized connection from endpoint to server. Blockchain was built to meet today’s business needs. The architecture is based on a distributed database that maintains a continuously growing list of ordered records, called blocks. Since Blockchain runs on tens of thousands of computers simultaneously, its design eliminates the risks found with old school PKI systems. 

Blockchain has an open, transparent, secure architecture. Anyone on a Blockchain can read all of its contents. This feature eliminates the potential problems stemming from relying on a third party CA’s actions. Companies no longer need to put their trust in CAs that may be duplicitous or error-prone in creating public and private keys. Everything that happens on a Blockchain is available to anyone using it. So if a CA issues keys in someone else’s name, that information is seen by everyone on the chain. 

Information is time stamped, and a record is created each time an update occurs. Consequently, it is clear who did what when. Altering the source code becomes impossible. A hacker needs to change every item in the Blockchain rather than just one record. Also, the metadata in its database is read only, which means that it is impossible to manipulate independently. The solution protects information in a secure distributed fashion and is more in tune with current needs than traditional PKI systems.

What Can Organizations Do Now?
Solutions running PKI on Blockchain are emerging from vendors, such as Remme, which has been developing a distributed Public Key Infrastructure protocol to PKI-enable apps for the modern web. Implementation of this new technology is making its first steps. PKI emerged as a viable option when applications were processed on centralized servers. As the industry has moved to distributed processing, the need for a new approach became clear. Blockchain offers a sound foundation to build a distributed security solution meanwhile attention of organizations to the technology has been constantly growing.

What’s Hot on Infosecurity Magazine?