Measuring and Improving the Management of Today’s PKI

Lead PI

Co PIs

Abstract

The Public Key Infrastructure (PKI), along with the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, are responsible for securing Internet transactions such as banking, email, and e-commerce; they provide users with the ability to verify with whom they are communicating online, and enable encryption of those communications. While the use of the PKI is mostly automated, there is a surprising amount of human intervention in management tasks that are crucial to its proper operation. As a result, there have been numerous instances where mismanagement of the PKI has harmed the security of end users. This project is developing techniques to better understand and improve the management of the PKI, helping to better secure the Internet.

This project has four research foci, each examining the management challenges faced by different players in the PKI: Content Distribution Network (CDN) administrators, Certificate Authorities (CAs), end-users, and non-Web protocols. First, the project is conducting measurements to better understand the frequency of sharing private keys between sites and their CDNs, and to improve the security of this practice. Second, the project is developing new incentives for CAs to ensure information about their revoked certificates reach end users. Third, the project is aiming to better understand how the PKI will evolve as the Internet of Things (IoT) grows and the PKI is forced to quickly scale up. Fourth, the project will expand existing measurement approaches to understand the difficulties of PKI management in non-Web protocols (e.g., IMAPS), which have traditionally been less-well maintained.

Funding

NSF