**Public Key Infrastructure**

**Introduction**

I wrote this page to validate that my general PKI knowledge wasn’t severely compromised by my TBI and provide a hopefully readable introduction to PKI.

Every web-site logged onto to via a browser uses HTTPS to ensure passwords are encrypted during transmission. Typical logon examples are to email with Microsoft or Google, shopping with eBay or Amazon and banking with Nationwide or Barclays. HTTPS on the World Wide Web is the most widespreads use of PKI, however, it was the least typical engagement that I worked on. More often, I was engaged on projects to:

- Make WiFi secure with IEEE 802.1x
- Secure data at rest (such as Word documents)
- Secure email to enable verification that: a) an email came from the expected originator, b) it hasn’t been altered
- Strong authentication - typically using a smart card rather than a username and password to logon to Windows or a Virtual Private Network (VPN)
- Make code (apps) secure to ensure that they: a) haven't been altered since creation, b) don’t include malicious payloads

In 2008 (aged 38) I wrote a white paper for Oxford Computer Group, giving an introduction to PKI for IT professionals, see **link**. Alternatively, a more simplified lay person approach can be read throughout the remainder of this page.

Much descriptive material regarding PKI on the internet refers to making information secure between Alice and Bob, i.e. A to B. Often there’ll be a third-party referenced as C (Charlie) who is trying to compromise the information by eavesdropping or maliciously altering information. You now have A to B, avoiding / omitting C.

**Trust Services**PKI is generally referred to in IT security as providing ‘trust services’. I have sometimes been employed as a trust services architect, a role I undertook for the MoD was exactly such. In very simple terms, trust services is about trusting the actions or outputs of entities, be they people or computers. Trust services objectives are often required to expected to meet the following triad of capabilities: Confidentiality, Integrity and Authenticity (CIA).

**Symmetric Key Cryptography**There are two broad strands of cryptography, distinguished by their different approach to the use of keys (secrets). In symmetric key cryptography, the same key (a secret value such as a number) is used to encrypt a payload (data) as that used to subsequently decrypt the same payload. As an example we’ll consider how to transmit your age of 14 (payload) secretly in a message. You could multiply the payload by the 5 (the symmetric key). The multiplication operation is referred to as the algorithm [1]. The resultant encrypted value would be 70, nothing like your real age of 14.

The most significant downside of symmetric key cryptography is that the key needs to be exchanged securely between partners for the encryption / decryption function to work securely. In this example, it is required to exchange the symmetric key (5) securely with your partner, as well as the algorithm to be used (multiply). In all cryptographic capabilities there is a key and an algorithm which is applied to the payload. The algorithm is not secret, since all sending and receiving parties need to know what maths to perform on the data. In symmetric key crypto, the key itself is very important to make secret and transport securely between the sending and receiving parties, since if the key is discovered the value of symmetric key encryption is lost.

PKI leverages a construct referred to as asymmetric (unequal) cryptography. PKI uses one key to encrypt a message and a different key to decrypt it - this is the fundamental bedrock of PKI. With asymmetric cryptography, the aforementioned message may be encrypted using a public key value of 91, but the only way to decrypt the message would be to use a different (but related) number, say 20. It sounds implausible, but at a purely conceptual level it really does work in that way and is the reason why PKI helps makes the internet safe. In layman’s terms, the data is encrypted [2] with a public key which anybody can know, however, the data can only be decrypted with a private key which is known only by the recipient.

[2] This explanation only applies to CONFIDENTIALITY purposes of PKI, for INTEGRITY and AUTHENTICATION purposes the encrypting operation is done with the private key.

The public key is mathematically related to the private key. In this example, the public key (91) is the product of the prime numbers 7 and 13. The sum of the prime numbers is used as the private key (20). In real world application much larger values are used such that it’s practically impossible [3] to computationally derive the private key from the public key. The public key is not required to have any protection whatsoever, you can email it or it can be posted on the internet (hence the term public). The reference to ‘public key’ is where the term Public Key Infrastructure (PKI) originates. The private key, however, is extremely important to keep secret. I was typically responsible for deploying solutions for customers where the private key was stored in the gold chip on a smart card, making it very secret indeed. Only somebody with the PIN for the smart card could access the private key which was stored on it and hence decrypt the message / information that was made secret.

To muddy waters further, in real world use cryptography uses a combination of symmetric and asymmetric cryptography to achieve bulk encryption, i.e. doing it on large quantities of data.

Recap: symmetric encryption uses the same key to encrypt and decrypt data, whereas asymmetric encryption is where one key is used to encrypt data and a different (but related) key is used to decrypt data.

The binary value of 64 bits (101010101010101010101010101010101010101010101010) equates to a decimal value of 187,649,984,473,770 (about one hundred and eighty trillion or so). Each time a bit is added to a binary value it doubles, if two bits are added it quadruples. For example, if we start with the binary value 10 (decimal two) and add two binary bits, to 1110, we get decimal fourteen (roughly quadruple two).

When it comes to PKI, bit lengths are used which don't sound impressive in simple language. For example, most of the PKIs I have implemented since 2010 have binary key lengths of 2,048 bits. When you consider that 64 bit binary values can equate to hundreds of trillions in decimal, and each additional binary bit length is roughly doubling the size of the decimal value, 2,048 bits is actually extremely large. PKI's fundamental premise, and the reason it has long been considered unbreakable, is that it is computationally implausible to mathematically derive the private key from the public key. Using Rivest Shamir Adleman (RSA) based algorithms (the most commonly used asymmetric cryptography algorithm in 2021), it is necessary to calculate the two prime numbers between 1 and 187,649,984,473,770 (in this case) which are the factors of the key value. A better way of explaining RSA is that it’s trivial to multiply two prime numbers together: 593 times 829 is 491,597. However, it is difficult to start with the number 491,597 and work out which two prime numbers must be multiplied to produce it. Remember, the decimal value 187,649,984,473,770 in the example used earlier is just 64 bits in length, whereas in reality a minimum of 2,048 bits would be used. Another approach to understanding the orders of magnitude involved is to think of one million as a 7 bit number, one billion as a 10 bit number and one trillion as a 13 bit number [4].

I’ve deployed PKI based upon 4,096 bits, generally everything I implemented beyond the year 2013 has used this approach. 4,096 bits is forecast by many standards bodies to be strong enough for hundreds of years to come, or until something called Quantum computing (see PKI Longevity section later) becomes reality. I’d estimate that 99% of the PKI work I did until 2018 was based upon RSA algorithms which uses prime number factorisation. It's likely that there'll be a move from prime number factorisation to Elliptic Curve Cryptography (ECC) based algorithms. This is likely not because ECC has stronger security than RSA, but because it requires less compute power, which is important when considering the Internet of Things (IoT).

A hash is taking a variable length input of any length, from as little as 10 characters to a 1,000 page bible (say), then passing its binary representation through an algorithm to produce a fixed length output of say 160 or 256 bits. The input is always variable and the output is always fixed. If a single full stop (period) was added to the bible, and the hash algorithm run again against the binary representation of the bible, the hash result would be entirely different. Since about 2015, there was a concern regarding the strength of a popular algorithm called Secure Hash Algorithm 1 (SHA1), which produced a 160 bit output. In response to this, a newer algorithm was authorised (named SHA2), which uses a longer fixed length output, typically of 256 bits. When I implemented Lancs in 2010 I used SHA1, and that was a part of the reason they were able to fund my return in 2018 - to migrate to SHA2. At the Met I implemented their latest PKI in 2014 and had the foresight to insist on using SHA2, against the supposed better judgement of some Met senior IT security staff. Amongst the fun and games the Met had to deal with from my absence due to my TBI, a SHA1 to SHA2 migration wasn’t one of them.

Although hashes aren’t used much in encryption, they are a fundamental bedrock of message integrity and authenticity.

A digital signature is not an image / photo of a hand signature, it is cryptography using PKI. A concept to grasp is that securing data for CONFIDENTIALITY purposes uses the public key to encrypt data and the private key to decrypt it. However, anything other than CONFIDENTIALITY uses the opposite approach. In digital signatures (DigSig), which facilitate INTEGRITY and AUTHENTICITY, data is first hashed (SHA2) then encrypted using a private key, before being sent to a recipient along with the original (unencrypted) document, the recipient then uses the public key to decrypt the hash. How this works is that the recipient uses the same SHA2 algorithm to create a hash of the attached unencrypted document, if the hash matches the value sent by the originator when hashing the document - bingo. From this outcome, it can be inferred that an email or document hasn’t been tampered with (INTEGRITY) and originated from who you thought it had (AUTHENTICITY). As usual, I have to state how this is a vast simplification of what is going on under the covers, but I think it’s OK as a basic explanation.

A digital certificate is issued by a Certification Authority (CA), it contains the subscriber's (originating user or computer) public key and is stamped (digitally signed) by the CA itself. The simplest (and admittedly imprecise) analogy may be an envelope you send to an organisation containing your passport, in this circumstance:

- The digital certificate is the envelope into which you place your passport
- The envelope is sealed with a sticker / stamped with red wax (this would be the digital signature)
- The public key is your passport, the thing which uniquely identifies you

An important PKI concept to grasp is that when wanting to transmit an encrypted document, the sender must first obtain the target recipient’s public key (contained in the digital certificate). The party doing the encryption (sender) must use the recipient’s public key. Because the recipient possesses the private key associated with the certificate, they can then decrypt the document. Once the originator encrypts a document, even they can’t read it again since, they wouldn’t have access to the relevant private key.

Hybrid Encryption

Pure asymmetric encryption is very compute expensive, as it takes many processor cycles to get the job done. A consequence of this is that it would take a very long time to purely use asymmetric cryptography to encrypt a lot of data. Pretty much all encryption which is done for data at rest (stored persistently - such as in a Word or Excel document on a file system) or in transit (such as when performing online banking with a browser) is a hybrid of asymmetric and symmetric cryptography. Symmetric cryptography is much quicker than asymmetric cryptography, so a symmetric key is created to do the bulk of the encryption of the document / transmission, and then asymmetric cryptography is used to securely encrypt the symmetric key itself.**Key Signing Ceremony (KSC)**

The term KSC is often most used in the context of the strict logical controls and procedures that need to be effected when deploying a new PKI or performing procedures on an existing PKI.

In combination with these logical controls are the necessary physical controls. The photograph at the bottom of the page, which I took at a police data centre, there is a desk and computer installed in a secure storage facility. Often it was the case that as well as storing the equipment securely, customers would dictate that the actual KSC be performed in a secure facility.

Another important aspect of KSCs is to handle security sensitive material (smart cards and pass phrase forms, etc.) in a secure manner. One piece of work I undertook for the Met Police at New Scotland Yard required storing a computer securely. The tamper evident bags (a little like sandwich bags) which were used for most items (smart cards and password forms) were not large enough, so it was deemed necessary to use body bags for the purpose. I recall carrying a full body bag from one end of the NSY office buildings to the other.**PKI Origination**

PKI is a reasonably mature concept, it’s generally recognised to have been discovered by Alan Turing in the WWII timeframe at buildings (Bletchley Park) which were the forerunner to GCHQ. Turing was a behind the scenes mathematics expert who is generally considered to have reduced the length of World War II by several years. Turing, in tandem with Polish cryptographers discovered how to crack the German Enigma code, which enormously helped Britain and the US to defeat Nazi Germany. Despite Turing’s genius contributing to the saving of perhaps millions of lives, he was prosecuted for being a homosexual. He was found guilty, as punishment he chose to be castrated in preference to being imprisoned for many years, at the age of 41 he died, it was officially recorded as suicide. In 2009 following an internet campaign, the then British Prime Minister (Gordon Brown) made a public apology for the way Turing was treated. Turing was given a posthumous pardon, whereby the government admitted it was wrong to have prosecuted Turing for the crimes (homosexuality) he was accused of. In 2020 we visited Bletchley Park and saw the statue of Turing shown at the bottom of this page.**Blockchain Encryption**

PKI has served me very well, but it is a little too cumbersome for the future, such as the Internet of Things (IoT). PKI scales to millions and even tens of millions of entities, but certainly not to the billions which IoT needs and will get with the security approach which will likely supplant PKI: blockchain. It doesn’t mean PKI is dead, as blockchain likely won’t be suitable for governments and banks, etc. which need the more robust trust basis which PKI provides. Blockchain will serve the masses (billions) and PKI will co-exist alongside it, in a more prevalent role for volume requirements up to millions.**PKI Longevity**

RSA algorithm is a fundamental bedrock of PKI and been in use since around since 1978. Despite the massive increases in computer power beyond that date, PKI remains almost universally recognised as the strongest means to make information secure on the internet. PKI is about more than just the internet, I’d suggest that all secret documents in the UK, US and European governments / military organisations are protected in some part by PKI. There are varying degrees of opinion about how long PKI will remain secure, however, a new construct named Quantum computing is a huge threat to the future security of the internet if it becomes available to adversaries.

Since their invention, computers have relied upon binary mathematical theory whereby something can either be on or off, typically a one or a zero. Quantum computing uses a different premise, whereby something can be on or off, as well as various other states. The best analogy I have heard is that it can be likened to a coin being flipped, which ends as heads or tails (i.e. 0 or 1), but during the flipping phase is at various states during its rotation. The coin rotation could be measured in degrees (360 in a circle) and by 60 minutes in each degree and by a further 60 seconds in each minute. In this analogy, a simple coin-flip could have approximately 1.3 million (360 x 60 x 60) outcomes. It requires enormous expense to implement, however, there is some inevitability that quantum computing will happen. The hope is that the good guys (often referred to as the West) learn how to harness quantum cryptography before the bad guys do. I draw an analogy with the development of nuclear bombs, it was so important America (allied with Western Europe) gained nuclear supremacy before the Soviet Union did. If Stalin’s Soviet scientists had attained nuclear supremacy over the USA, our lives would likely have been completely different as the Soviets would almost certainly have used their supremacy to their military advantage. It should also be recognised that quantum computing also has enormous potential for positive use, such as weather forecasting and health research.