Secure transactions with no strings attached

Public-key infrastructure technology was once so cool. Its combination of encryption, digital certificates and other technologies appeared to be a foolproof way to ensure the security of electronic transactions. It gave agencies the tools they needed to replace paper documents with electronic ones and paved the way for electronic government.

Sometimes, though, when organizations look more closely at deploying PKI, the technology loses its allure. Instead of finding a universal remedy, many agencies have become mired in the taxing policy and technical issues that come with PKI. Encryption techniques rely on randomly generated keys that must be mapped to user identities using digitally signed documents called certificates. Managing those certificates — developing policies and processes to issue and revoke them efficiently — is an enormously complex and expensive task that has hampered many agency efforts to build their own PKIs.

The infrastructure required to effectively deploy a PKI must include the processes involved in looking up certificates for encryption and maintaining certificate revocation lists for users who have left an agency or are otherwise no longer authorized to use the certificate.

Government agencies have run into other problems. E-government applications often require an exchange of information between agencies, but PKI breaks down when systems, which are built independently of one another, need to accept one another's certificates.

That's not to say the technology is on its way out. But a handful of security companies now offer solutions designed for organizations that cannot justify the cost of developing and managing a full PKI system.

Those solutions address the basic need for securing data during transmission and protecting systems from unauthorized access. But they do not require agencies to tackle the challenge of issuing, managing and revoking digital certificates.

"The federal government has spent a lot of money building one-off PKIs," said Bill Stewart, a principal with Booz Allen Hamilton Inc. "And as a result, there are new mandates that in the future agencies will outsource these efforts by going to firms to buy certificates and authentication services as opposed to building their own infrastructures. There are lots of alternatives that provide similar functionality. Another big factor is the cost associated with PKI — some of the pricing models that are out there today are still very high."

Here is a sampling of options now available in the market.

Option 1: Replace the key

Voltage Security Inc., which opened for business in July, skirts typical PKI complexities with a product line built on the company's Identity-Based Encryption (IBE), which puts a new spin on the basic PKI concept.

IBE begins by simplifying a central component of PKI: key generation. Instead of relying on long, randomly generated keys that must be mapped to identities using certificates containing a user's digital signature, IBE can use any arbitrary string — such as an e-mail address — as a public key to encrypt messages. By using an e-mail address, Voltage's approach bypasses the need for the complex processes associated with issuing and managing digital certificates, because there are no certificates.

This approach eliminates the need for cumbersome certificates and certification authorities, which account for 75 percent of the cost of a PKI, said Sathvik Krishnamurthy, Voltage's president and chief executive officer.

"IBE allows you to deploy a full information security backbone without the overhead of PKI," Krishnamurthy said. "At the client level, you would have no certificates. You would be using IBE."

Voltage's SecurePolicy Suite is a centrally managed server that enforces security policies. By using well-known security identifiers such as e-mail addresses as public keys, IBE enables security policies to be directly encoded into encryption and authentication methods. So a user can encrypt an e-mail message using a colleague's e-mail address as a public key instead of having to look up public-key information. The recipient contacts Voltage's key server to authenticate his or her identity and receive a private key to decrypt the message. Because the public key is generated using an e-mail address, the recipient does not need to maintain any special software on his or her computer — which a PKI requires — to receive secure messages.

However, using an e-mail address as a public key may create problems for revoking that public key, said Anish Bhimani, a Booz Allen senior associate.

"Once your identity and key are the same, if your key gets compromised, how do you revoke it?" he said. "If someone really wanted to impersonate your e-mail address, they could create a new set of keys, and the person wouldn't know the difference."

Option 2: Secure e-mail

Secure messaging vendor Sigaba, now part of Secure Data in Motion Inc., also has departed from the traditional PKI notion for securing communications. Its secure messaging technology is based on an approach that separates authentication from encryption, rather than relying on an overarching hierarchical entity to dole out and manage certificates that scramble transmission and authenticate identity. Sigaba uses whatever authentication mechanisms — such as personal identification numbers, passwords or smart cards — that agencies have already deployed and focuses on encrypting and decrypting e-mail messages.

Sigaba's Gateway sits between the organization's e-mail gateway and firewall, checking outgoing messages and encrypting those that should be masked according to security policies. It authenticates the user through the server, encrypts the message with a key obtained via Sigaba's Key Server and then sends the e-mail message. The recipient decrypts the message by retrieving the key from the Key Server. Decryption is transparent if the recipient has deployed an affiliated Sigaba gateway, or users can obtain a plug-in to their existing authentication system from Sigaba.

"We don't have the luxury of time anymore to scale these massive PKI undertakings," said Joanne Connelly, Sigaba's vice president. "There's a need to communicate immediately. Our solution will allow you to communicate securely with anyone, anywhere, without the recipient needing any special software aside from a [Web] browser."

Sigaba's technology was used in June in the Joint Warrior Interoperability Demonstration 2003, an annual event sponsored by the chairman of the Joint Chiefs of Staff to evaluate the use of information technology to solve coalition interoperability problems.

The Defense Department is required to use its own PKI, but other coalition members had various authentication mechanisms, said Sharyn Pensmith, Sigaba's vice president of federal systems. Some countries resisted the United States' plan to have U.S. agencies hold certificates for coalition countries.

In the demonstration, Sigaba's e-mail product was used to secure information delivery among coalition partners, including ballistic missile alerts, intelligence alerts and information on other potential threats. Sigaba's architecture allowed it to tie together message traffic from land-based and maritime units from multiple countries.

"Each country is allowed to maintain control over its authentication mechanism," Pensmith said. "If I have a relationship where I am going to deal with the United Kingdom, I trust the United Kingdom to know how to authenticate their own people."

John Ortego, former director of the Agriculture Department's National Finance Center in New Orleans, La., used Sigaba's secure messaging technology to send pay stub documents to employees electronically. He viewed the offering as complementary to PKI, he said.

"The advantage was cost," Ortego said. "It required less administration [than a PKI], and it was easier and more rapid to bring to market. It was by no means a complete solution, but for push technology to deliver packages to people, we were able to stand it up very quickly."

Option 3: Tokens, not certificates

RSA Security Inc. also attempts to simplify security by eliminating the digital certificate. In its place, the company's SecurID product uses a hardware or software token with a PIN and a user password. Instead of the mammoth task of issuing digital certificates, the system issues users tokens such as key fobs or cards that contain PINs for accessing secure systems.

SecurID tokens authenticate users at the network, system and application levels and can be used to secure internal and remote network access, said Brett Michaels, RSA's director of government systems. They are designed to be compatible with popular remote access servers, wireless access points, Web servers, firewalls and virtual private networks.

Software tokens can be issued via the Web and downloaded via an encrypted tunnel, which eliminates some of the problems associated with issuing certificates, according to Michaels.

Because the identity encased in a certificate can be invalidated if that certificate is compromised, agencies have struggled with methods to secure the issuing process. DOD issues its certificates via a smart card, but that adds to the infrastructure requirements.

"The majority of the high-assurance e-business processes that take place over our Internet today where passwords aren't good enough are done with SecurID," Michaels said. "We find in the federal government that it is an alternative to PKI as well as an enabler to PKI. It can be the thing that proves who you are so you can get that digital certificate over the Internet securely."

By using SecurID tokens, agencies can not only bypass some of the expense associated with deploying a PKI, but they can also avoid some of the costly work to alter internal agency applications to recognize a digital certificate, Michaels added.

"Most applications do not understand PKI — they have no idea how to use it. The application has no idea how to ask you for a digital certificate," he said.

To protect Web resources, RSA offers an access management solution designed to work within intranets, extranets, portals and other infrastructures to protect Web resources by providing users with a single sign-on across applications.

In addition, RSA is developing new technology, code named Nightingale, that will be integrated into its entire product line and commercially available in some products by the end of the year. Nightingale is designed to provide some of the security needed for lower-level authentication assurance at agencies.

Nightingale gives users the ability to enter identifying questions and answers that are unique to them and will be shielded from everything, even from the system itself. So, unlike the traditional mother's maiden name identifier, those questions and answers will be stored in a database that can never be compromised. Instead, the information is held in an encrypted server that only users can access, Michaels said.

"If you use that in a process that delivers a digital key down to your device, that process is almost as good as having a smart card," Michaels said. "By using this type of technology, we may be able to deploy fairly high-assurance access without giving people anything [such as tokens] at all."

The Nightingale technology sounds like a promising PKI alternative, said Booz Allen's Stewart, because users don't need a token or a smart card for access. However, Stewart said he would examine more closely how the questions and answers are stored.

"A lot of times, it would require you to have a shared certificate with the server," he said. "In that case, you may not be gaining anything from an enrollment point of view but you would be gaining a lot in the mobility area."

Making a choice

No matter what alternative technologies agencies examine to secure documents and networks, the first thing officials need to do is match the technology with what the PKI or alternative tool is going to be used for, according to industry analysts.

"Are they trying to protect information from disclosure over the network, or are they trying to make sure they know who they are talking to on the other end of the exchange?" Stewart said. "Do they need nonrepudiation? Then you have to look at what is my actual application domain? Am I going to do this on an open network or am I going in on a closed e-mail system? You can then start to determine the best way to approach this."

In addition, many PKI alternatives on the market have not been proven or deployed on a scale that is equivalent to many current PKI projects, said Gordon Hannah, senior manager of BearingPoint Inc.

"There seem to be a lot of interesting concepts out there, but they're still unproven, and from that aspect, there is a bit of risk," he said. "What is the value of that information you are trying to protect? A lot of customers will look at a full PKI as a gold standard, and anything you do that is less than that you are making some compromises somewhere."

Much of the discussion about PKI vs. other technology options has focused on the technology, but the concentration instead should be on the system's credentialing process, said Stephen Timchak, project executive for the General Services Administration's e-Authentication program.

"It's not really the technology. It's how in-depth the identity proofing of the individual using that technology has been," he said. "Any of these credentials are all about trusting [that people are] who they say they are. We need to assess the entire process that goes into the issuance of those credentials."

GSA is developing a single authentication system or gateway to consolidate the validation of authentication mechanisms such as passwords, PINs and digital certificates. Although Timchak characterized the gateway as "PKI-plus," he noted that not all transactions flowing through the interface would require PKI-level security.

Havenstein is a freelance writer based in Cary, N.C.