pki: the dod’s critical supporting infrastructure for ...pki provides a credential service for...

10 CROSSTALK The Journal of Defense Software Engineering November/December 2009

As the Internet rapidly expanded in the’90s, so did the DoD’s usage of the

Web to provide global support to thewarfighter. The Internet, being an openenvironment, was not secure enough to con-duct mission-critical, unclassified transac-tions. Therefore, to fully benefit from thisnew medium, a more secure capability hadto be put into place. Specifically, Internet-based transactions would need to provide areliable means to: conduct private communi-cations between parties on the publicInternet, verify a party’s identity over theInternet, replace handwritten signatures, andensure that data is not altered during trans-mission.

Today, adversaries, in their current questto subvert DoD capabilities by debilitatingcritical information assets, are coming fromall directions. Terrorists, hackers, unfriendlynation states, and various types of criminalelements—motivated by the acquisition oftop-secret intelligence, financial gain, intel-lectual property theft, denial of service, orsimply pride in exploiting a notable target—are routinely attacking DoD networks. Theirmethods range from passively monitoringcommunications to social engineering tofull-blown active network attacks with virus-es and other malicious means.

Consequently IA, at least in DoD terms,is achieved when information and informa-tion systems are protected against suchattacks through the application of critical

security services such as availability, integrity,authentication, confidentiality, and non-repudiation.

Defense-in-Depth Strategy:A Quick OverviewThe DoD’s Defense-in-Depth strategy is apractical method for achieving IA in today’shighly networked environments [1]. It uses abest practices approach that relies on intelligentapplications of existing techniques and tech-nologies. The strategy recommends a bal-ance between the protection capability andthe cost, performance, and operational con-siderations of the overall DoD mission.Comprised of a robust and integrated set ofIA measures, the strategy hinges on the bal-anced focus of three primary elements: peo-ple, technology, and operations (see Figure 1).

The people element encompasses estab-lishing, applying, and enforcing applicablepolicies and procedures, assigning roles andresponsibilities, committing resources, train-ing critical personnel (e.g., users and systemadministrators), and requiring personalaccountability [1]. This includes establishingphysical security and personnel securitymeasures to control and monitor access tofacilities and critical elements of the IT envi-ronment such as networks and systems.

A wide range of technologies are avail-able that provide IA services and intrusiondetection. To ensure the right technologiesare procured and deployed, the technology

element focuses on the establishment ofeffective policies and processes for technol-ogy acquisition and is grounded on two pri-mary IA principles: defense in multipleplaces and having layered defenses.

Given that adversaries can attack frommultiple points using either insiders or out-siders, protection mechanisms at multiplelocations are in place to facilitate resistanceto all classes of attacks [1]. Focus areas(shown in Figure 2) include defending:• Networks and Infrastructure. Prot-

ecting the local and wide area communi-cations networks and providing confi-dentiality and integrity protection fordata transmitted over these networks.

• Enclave Boundaries. Deploying fire-walls and intrusion detection to resistactive attacks.

• The Computing Environment. Pro-viding access controls on hosts andservers to resist insider, close-in, and dis-tribution attacks.The best available IA products can still

have inherent weaknesses; therefore, multi-ple and layered defense mechanisms aredeployed as unique barriers between theadversary and its target to deter exploita-tion of possible vulnerabilities, increase theprobability of detection, and reduce thechances of successful penetration [1].Focus areas include multiple supportinginfrastructures:• Deployment of nested firewalls at outer

and inner network boundaries.• Specification of security robustness of

each IA component as a function of thevalue of what it’s protecting.

• Deployment of robust key managementinfrastructures and PKIs that support allIA technologies and are highly resistantto attack.

• Deployment of methods to detect intru-sions, analyze and correlate the results,and then react accordingly.

PKI as a SupportingInfrastructureNow that the big picture is in place, it’s timeto illustrate how the PKI and its founda-tional element of public key cryptography is

PKI: The DoD’s Critical Supporting Infrastructure for Information Assurance

The DoD’s Public Key Infrastructure (PKI)1 provides general-purpose PKI services to a broad range of applications througheffective use of public key cryptography. This article presents a quick overview of the Defense-in-Depth strategy, brieflyexplains key PKI elements and security mechanisms, and addresses how the Air Force is employing this technology to improveinformation assurance (IA).

Jerrod LoylessGeneral Dynamics C4 Systems

Susan ChandlerBooz Allen Hamilton

Figure 1: Defense-in-Depth Strategy

Report Documentation Page Form ApprovedOMB No. 0704-0188

Public reporting burden for the collection of information is estimated to average 1 hour per response, including the time for reviewing instructions, searching existing data sources, gathering andmaintaining the data needed, and completing and reviewing the collection of information. Send comments regarding this burden estimate or any other aspect of this collection of information,including suggestions for reducing this burden, to Washington Headquarters Services, Directorate for Information Operations and Reports, 1215 Jefferson Davis Highway, Suite 1204, ArlingtonVA 22202-4302. Respondents should be aware that notwithstanding any other provision of law, no person shall be subject to a penalty for failing to comply with a collection of information if itdoes not display a currently valid OMB control number.

1. REPORT DATE DEC 2009 2. REPORT TYPE

3. DATES COVERED 00-11-2009 to 00-12-2009

4. TITLE AND SUBTITLE PKI: The DoD’s Critical Supporting Infrastructure for Information Assurance

5a. CONTRACT NUMBER

5b. GRANT NUMBER

5c. PROGRAM ELEMENT NUMBER

6. AUTHOR(S) 5d. PROJECT NUMBER

5e. TASK NUMBER

5f. WORK UNIT NUMBER

7. PERFORMING ORGANIZATION NAME(S) AND ADDRESS(ES) Booz Allen Hamilton,AF PKI SPO,4241 E Piedras Dr STE 210,San Antonio,TX,78228

8. PERFORMING ORGANIZATIONREPORT NUMBER

9. SPONSORING/MONITORING AGENCY NAME(S) AND ADDRESS(ES) 10. SPONSOR/MONITOR’S ACRONYM(S)

11. SPONSOR/MONITOR’S REPORT NUMBER(S)

12. DISTRIBUTION/AVAILABILITY STATEMENT Approved for public release; distribution unlimited

13. SUPPLEMENTARY NOTES

14. ABSTRACT

15. SUBJECT TERMS

16. SECURITY CLASSIFICATION OF: 17. LIMITATION OF ABSTRACT Same as

Report (SAR)

18. NUMBEROF PAGES

6

19a. NAME OFRESPONSIBLE PERSON

a. REPORT unclassified

b. ABSTRACT unclassified

c. THIS PAGE unclassified

Standard Form 298 (Rev. 8-98) Prescribed by ANSI Std Z39-18


November/December 2009 www.stsc.hill.af.mil 11

a critical supporting infrastructure to theoverall strategy. In its essence, public keycryptography provides three functions thathelp meet the needs of the Defense-in-Depth strategy: identity authentication, digi-tal signatures, and public key encryption—all operating within a chain of trust2.

Identity authentication establishes thevalidity of an entity’s claimed identity and isused in making access-control decisions.The entity may be a user, a Web service, or adevice.

A digital signature is an electronic codethat can be attached to data. It identifies thesigner of the data and associates the signerwith the data being signed. Digital signaturesverify that the signer is really the person orentity he or she claims to be, or be a part of,and that the signed data was not modified.

Public key encryption allows multipleusers to efficiently exchange encrypted data.Public key encryption establishes a commonencryption key over the network withoutgiving away enough information for some-one observing the transaction to deduce thekey. Together, digital signatures and publickey encryption allow two or more commu-nicating parties to positively identify oneanother and keep their communicationsconfidential [2].

Public key systems issue a pair of keys toeach user: a private key, which the user doesnot disclose to anyone, and a public key,which is publicly advertised. A signerencrypts data using the recipient’s public key,and the receiver decrypts it with their privatekey. Public keys are contained in data struc-tures called certificates. Certificates contain adigital signature from an issuing authorityand the user’s identification, which binds theuser’s identity to their public key.

Several support services are required touse public key cryptography, including ameans of issuing, distributing, and advertis-ing keys and certificates; a way to verify cer-tificate authenticity; and a process to revokethem. These services are provided by an inte-grated combination of equipment andadministrators collectively known as the PKI.

One more component is required toimplement public key cryptography: com-puter applications that support its use. ThePKI provides a credential service for theseapplications. Applications are not directlypart of the PKI, but public key-enabledapplications improve access control by lever-aging PKI-based identity authentication, anddigital signatures on electronic forms auto-mate many business processes that tradi-tionally rely on the exchange of paper formsand handwritten signatures. Public keyencryption provides confidentiality for sen-sitive, unclassified data over the non-secureIP Router Network (NIPRNet) and pro-

vides confidentiality for restricted groups onclassified networks.

Secret Key and Public KeyCryptographyTo understand public key cryptography, it isuseful to understand traditional secret key cryp-tography. Secret key cryptography is alsoknown as symmetric key cryptographybecause the same key is used to encrypt anddecrypt the data using the same algorithm inthe same direction (Figure 3). Clear-text data(i.e., data in its original form) is transformed(encrypted) into cipher text, which is incom-prehensible. The cipher text can only bedecrypted, or transformed to the originalclear text, by someone who has a copy ofthe encryption key. One can try to guess thekey, but the objective of cryptography is tomake guessing not feasible.

There are major challenges with usingsymmetric key cryptography, one of whichis finding a secure way to provide keys toother parties so that secure communicationbetween them is possible. In a small office,one can hand-carry keys to the other par-ties, but as the number of correspondentsbecomes larger and more geographicallydispersed, this process soon becomesimpractical.

A second major challenge is difficulties

of scale. The secret key shared between twoparties (e.g., Alice and Bob shown in Figure3) must be different from the secret keyshared between Alice and someone else;otherwise, the confidentiality of messagesintended for Bob is compromised. Becausethe same is true for every user, this com-munity could collectively hold millions ofunique secret keys. As the communitygrows, the storage and maintenance ofsuch large numbers of keys becomesunmanageable [2].

Public key cryptography is referred to asasymmetric cryptography because it uses twodifferent keys: a public key and a private key(see Figure 4, page 13). One key is kept pri-vate3, and the other is made public. Forexample, if Bob publishes his public key,anyone with access to his public key canencrypt a message to Bob. Since the publickey cannot be used to decrypt the message,only Bob (who is the sole possessor of thecorresponding private key) can decrypt themessage.

Public key cryptography is more mathe-matically complex than secret key cryptogra-phy, therefore it is slower. To speed theprocess, public key cryptography passes asession, message, or bulk encryption key—which are secret keys used for subsequentencryption and decryption. In addition to

Robust and Integrated Set ofInformation Assurance Measures and Actions

Information Assurance

Rob

u

People

and Integrated

bust

a

Technology

et ofd Se

t

Operations

Defense-in-Depth Strategy

Defense-in-Depth Focus Areas

Defens

e

Defense

People

se-in-Depth Str

a

-in-Depth Focu

s

se-

nse-

Technology

rategy

us Areas

Str

a

us A

r

Operations

Defend theEnclave

Boundaries

Defend theComputingEnvironment

This is aclear textmessage

Encrypt DecryptjhVKsgmVkkjh6VjkhVhVvjkoh7ctvbnJyupw,xb


Alice

Key

EncryptedMessage

Key

Bob

MultipleSupporting

Infrastructures

Defend theNetworks andInfrastructure

o at o ssu a ce

P l T h l O ti

o

Defense-in-Depth Strategy

Figure 3: Secret Key Cryptography

Figure 2: Defense-in-Depth Focus Areas

21st Century Defense


providing confidentiality through encryp-tion, public key cryptography is used for dig-ital signatures4 and identity authentication.

PKI Core Services As the DoD becomes increasingly reliant oncomputer networking to achieve informa-tion superiority over adversaries, the coreservices provided by a PKI (i.e., authentica-tion, integrity, confidentiality, and non-repu-diation) become increasingly critical.

Identification and AuthenticationIdentification is defined as the process aninformation system uses to recognize anentity, while authentication is a security mea-sure designed to establish the proper assur-ance level of a claimed identity [2]. A user’sidentity is authenticated as part of the cer-tificate-issuance process. Identification andauthentication are useful for granting autho-rization to information on a server viaremote access, protecting network manage-ment from masqueraders (i.e., personsattempting to use counterfeit or stolen cre-dentials and gaining physical access to arestricted area).

Data IntegrityIntegrity is the assurance of non-alterationand it is this security service’s job to detectunauthorized modification or destruction ofinformation [2]. Digital signatures supportdata integrity verification. In contrast tohandwritten signatures, verification of a dig-ital signature relies on the authentication ofthe signer’s identity and proves that the dataremains unchanged.

Non-repudiationNon-repudiation provides undeniable proofof a party’s participation in a communica-tion. The basic idea is that a user is crypto-graphically bound to a specific transaction insuch a way that they cannot deny (repudiate)having conducted the transaction [2].Activities such as command and control,official release of procurement documents,and travel reimbursement approvals areaccompanied by legal requirements for non-repudiation. The DoD satisfies these legalrequirements with PKI’s digital signaturecapability.

ConfidentialityConfidentiality is the assurance of data pri-vacy. It ensures that information is not dis-closed to unauthorized persons, processes,or devices [2]. Various types of transac-tions—such as Web-based access, file trans-fers, network management, payment trans-actions and secure messaging—require con-fidentiality to protect sensitive unclassified

message data against eavesdropping; that is,unauthorized persons or entities being ableto gather information by actively or passive-ly monitoring network traffic [3, 4, 5, 6].

Multiple Assurance Levels:Not All Information IsCreated EqualAs a credential service, a PKI binds user andentity identities with digital certificates andassociated public keys. The level of assur-ance of a public key certificate is an asser-tion by a Certification Authority of thedegree of confidence a relying party mayreasonably place in the binding of a user’spublic key (and thereby the private key) tothe identity and privileges asserted in thecertificate [7]. The processes and controlsemployed in PKI operations, the methodsused to protect the users’ private keys, and

the strength of the cryptographic algo-rithms used, all serve a role in determiningthe PKI’s assurance level.

Not all information is created equal,however. Some types of information areextremely valuable to an attacker, while oth-ers have almost no value. On the other hand,some information may be freely disclosedbut would be disastrous if it was corruptedor destroyed. Threats5 vary based on thevalue of information and the networkingenvironment in which it resides. And while asingle solution—providing support to everyapplication—would appear to be desirable,different legal, security, and national policyrequirements for protecting the differentcategories of information (such as adminis-

trative, e-commerce, Mission AssuranceCategory I and II, etc.), necessitate the mostcost-effective solution as one which sup-ports multiple assurance levels.

In [7], the various levels of assurance forDoD’s PKI are defined: Medium, Medium2048, Medium Hardware, Medium Hardware2048, Personal Identity Verification (PIV)Authorization, PIV Authorization 2048, andHigh. The applicability of the differentassurance levels is determined by the valueof the information being protected and thethreat environment. Medium assurance levelsare intended to protect applications han-dling medium-value information in a low-tomedium-risk environment. The NIPRNet,where the majority of DoD business is con-ducted, is an example of a medium assur-ance environment.

PKI Security Mechanisms andSupporting ServicesAs mentioned previously, a PKI is a com-plex system of integrated components,mechanisms, and security services that workin concert to support the long-term integri-ty of application data. The following illus-trates these underlying security mechanismsand their supporting services:

Security Mechanisms Key ExchangeKey exchange is the process that commu-nicating parties use to establish a commonkey for secure communications. There areseveral ways an originating party canobtain the receiving party’s public key:from a directory, directly from the receiv-ing party as part of an online key exchangeprotocol, or from a cache (if the originat-ing party had some prior communicationwith the receiving party). Issuing Certi-fication Authorities automatically postsubscribers’ public keys to the GlobalDirectory Service6, and in the Air Force,users also publish their own public keys tothe Air Force Global Address List for easyaccess.

Digital Signatures In the digital signature process (as illustrat-ed in Figure 5), a hash algorithm (i.e., a mes-sage digest) is produced. The hash isencrypted using the signer’s private key.After receiving the message, the recipientdecrypts the hash using the signer’s publickey and compares it to a hash calculatedfrom the received message. If the two are amatch, the recipient knows that: a) the mes-sage was not changed from the time thesigner applied the signature and b) the sign-er’s private key was used; therefore, the mes-sage must have come from the signer [2].

“Not all information iscreated equal ... Some

types of information areextremely valuable to an

attacker, while othershave almost no value.On the other hand,

some information maybe freely disclosed

but would be disastrousif it was corrupted

or destroyed.”



Data RecoveryData recovery is a security service thatenables the originator to recover inaccessi-ble data or permits an authorized thirdparty to gain access to encrypted informa-tion. Legitimate reasons data recovery maybe necessary are: a user obtains new PKIcertificates and keys, and the original keythat encrypted data is no longer available;the owner departs the DoD and leavesbehind encrypted official data that needs tobe accessed; and for legal or intelligenceinvestigations.

Key Escrow and Key RecoveryKey escrow is the process of storing privateencryption keys for the purpose of enablingdata recovery. It automatically occurs duringthe certificate issuance process. Digital sig-nature keys are not escrowed.

Key recovery is the process of obtain-ing a copy of an escrowed encryption keyand delivering it to an authorized requester.Key recovery systems store a copy of auser’s private encryption key in a secureddatabase, allowing access by authorized per-sonnel known as Key Recovery Agents(KRAs). KRAs are highly trusted personnelresponsible for recovering archived certifi-cates in very specific situations. The processof key recovery is protected by two-personintegrity; keep in mind, however, that signa-ture keys are not recoverable.

Supporting Services Key GenerationKey generation generates the public-privatekey pair that enables public key cryptogra-phy functions. User keys are encrypted ontoan authorized token (i.e., a smart card) orremovable storage media (e.g., a CD). TheDoD ID card, known as the CommonAccess Card (CAC), is a smart card and isthe preferred token for PKI certificates andkeys [8].

Certificate Generation and RevocationOnce the key pair is generated, associatedcertificates are generated by the issuingCertification Authority server. For users,the process of generating keys and issuingcertificates is combined.

Certificate revocation is necessary whena certificate becomes invalid before its expi-ration date; there’s reason to believe the pri-vate key associated with the certificate iscompromised (e.g., the token is lost); a userno longer represents an organization; andwhen information in the certificate is nolonger valid. Relying parties are notified thata user’s certificate is revoked via certificaterevocation lists (CRLs) published by theissuing Certification Authority.

Certificate Expiration, Updating,and Re-keyingPublic-private key pairs have finite lifetimesto protect against key compromise; there-fore, associated certificates also include avalidity period. Users must obtain new cer-tificates in a timely fashion to prevent anydisruption in service. Certificate re-key pro-vides for replacement prior to a certificate’sexpiration. The process for updating or re-keying a certificate is similar to the processfor initially issuing the certificate: The regis-tration process is repeated to ensure the rea-son for having a certificate remains valid,and the user’s identity is authenticated.

ArchivesArchives provide a long-term repository forstoring information. Even though the life-time of a Certification Authority is relative-ly short, it may be necessary to verify signa-tures on old documents at a later date. Tosupport this need, the PKI archive servicestores user registration information, certifi-cates, and CRLs issued by the CertificationAuthority.

Common Access CardsFirst and foremost, the CAC is the official

ID card for DoD members (i.e., U.S. mili-tary personnel, DoD civilians, eligible con-tractors, and members of foreign nationsemployed in support of the DoD mission).

Each CAC includes multiple storageareas, such as a bar code and an integratedcircuit chip on the front of the card, and abar code and magnetic stripe on the back.Various data elements, such as ID data, ben-efits information, organizational data, cardmanagement data, and PKI credentials (i.e.,certificates and public/private key pair), arestored in one or more areas8. Data stored onthe CAC can only be accessed throughsecure CAC applications.

However, the CAC is much more thanan ID card. Security-enhanced engineeringallows the CAC to serve as the primaryinterface between the user and the PKI viaunclassified networked devices, such asdesktops, laptops, handheld wireless devices,and peripherals, enabled for PKI use.

Enabled devices equipped with a smartcard reader (and configured with the appro-priate middleware application, drivers, andapplicable settings) facilitate improved IAon PK-enabled networks, systems, applica-tions, and Web servers via the digital certifi-cates and the associated public/private key


Encrypt DecryptjhVKsgmVkkjh6VjkhVhVvjkoh7ctvbnJyupw,xb


Alice

Bob’sPublic Key

EncryptedMessage

Bob’sPrivate Key

Bob

Figure 4: Public Key Cryptography

PrivateKey

PublicKey

Pr

l9ms;s’[o3m8tofn(*N2o4[

Hash Value


Hash Value


Hash Value


Signature

OriginalDocument


Signature

OriginalDocument

Encrypt

Decrypt

OriginalDocument

Hash Function

Hash Function

Signing a Document

Verifying a Signature

Equal?}

Figure 5: Digital Signature Process 7

21st Century Defense


pair embedded in the integrated circuit chip(see Figure 6).

Public Key Cryptography in theAir ForceIn December 2005, the Air Force missionstatement was revised to include cyber-space as a critical domain in which to flyand fight [9]. Emphasis in this domainincludes, among other things, the defenseand protection of critical communicationsassets. Air Force officials refer to cyber-space as the new battlefield where our adver-saries operate and are gaining ground.According to Lt. Gen. Robert Elder, Jr.,former Commander, 8th Air Force: “It’sour most vulnerable area, and because itcrosses all other domains (air, land, sea,and space), it is clearly a warfightingdomain” [10].

Motivated by this new focus, the AirForce has stepped up its PKI implementa-tion initiatives and worked diligently tobecome compliant with DoD directives.For example, all unclassified Air Forcenetworks and networked applications arebeing public key-enabled to provide moreefficient IA services and stronger authen-tication provisions.

Throughout the Air Force, as well as inthe DoD, employees use public key-enabled applications in support of theirdaily activities. The rest of the federal gov-ernment, defense contractors and suppli-ers, and allies also use PKI-enabled ser-vices. Applied uses of public key cryptog-raphy in the Air Force include:• Identification and authentication for

gaining access to unclassified net-worked computers, restricted Websites, applications, and other resources(instead of usernames and passwords).

• Secure client-server transactions viathe Secure Sockets Layer protocol.

• Secure financial, personnel, and con-tractual transactions.

• Secure unclassified messaging withauthentication of originator, and con-fidentiality and integrity of transmitteddata.

• Software (code) signing to ensure theauthenticity and integrity of softwareobtained.

• Virtual private networking via IP security.

In Conclusion: TangibleBenefitsWithout a doubt, PKI implementationacross the DoD has attracted a significantamount of attention, primarily because of itshigh level of security services that supportthe overall IA strategy. The PKI is a soundtechnical solution—and is not simply a neattechnology lacking tangible benefits. Whendeployed judiciously, the PKI offers certainfundamental advantages to an organization.Its capabilities help optimize workforce pro-ductivity and improve workflow efficienciesthrough more automated and secure busi-ness processes—including significant costsavings through the reduction of administra-tive overhead, reduction in the number ofsign-on events required by end-users, andreduction in paper-based processes.

Knowing that virtually every day, everyairman legitimately accessing DoD networksis using the PKI helps maintain confidencein critical electronic communications. Onecan take comfort in that.u

References1. National Security Agency. “Defense-in-

Depth: A Practical Strategy for Achiev-ing Information Assurance in Today’sHighly Networked Environments.” 2004<www.nsa.gov/ia/_files/support/defenseindepth.pdf>.

2. Adams, Carlisle, and Steve Lloyd.Understanding Public Key Infrastructure:Concepts, Standards, and DeploymentConsiderations. Indianapolis: Macmillan

Technical Publishing, 1999.3. DoD. Public Key Infrastructure and Public

Key Enabling. Instruction 8520.2. 2004.4. Joint Task Force-Global Network Op-

erations (JTF-GNO). Tasks for Phase 1 ofPKI Implementation. CommunicationsTasking Order (CTO) 06-02. 17 Jan. 2006.

5. JTF-GNO. Public Key Infrastructure Imple-mentation, Phase 2. CTO 07-015. 2007.

6. USAF. Air Force Messaging. Instruction33-119. 2005.

7. DoD Public Key InfrastructureProgram Management Office. UnitedStates Department of Defense X.509Certificate Policy. Vers. 10. 2 Mar. 2009<http://iase.disa.mil/pki/dod_cp_v10_final_2_mar_09_signed.pdf>.

8. DoD. Smart Card Technology. Directive8190.3. <www.dtic.mil/whs/directives/corres/pdf/819003p. pdf>.

9. Gettle, Mitch. “Air Force Releases NewMission Statement.” Air Force Print News.14 Dec. 2005 <www.af.mil/information/transcripts/story.asp?storyID=123013440>.

10. Elder, Robert. What the Air Force Is Doingfor Cyber Ops and How That Supports U.S.National Interests. Proc. of the 1st AnnualAir Force Cyberspace Symposium.Shreveport-Bossier City, LA, 2007.

Notes1. The PKI is not simply a product, a pro-

gram, or a system—nor is it software oran application. It is a complex combina-tion of specific hardware, specializedsoftware, tokens, established policies,and proven procedures that collectivelyprovide the ability to authenticate identi-ties and protect valuable informationthrough the use of unique digital certifi-cates and key pairs.

2. The DoD PKI Chain of Trust begins atthe DoD Root Certification Authority.The Root Certification Authority’s pub-lic key certificate is signed by its own pri-vate key. It issues and digitally signs thecertificates of the subordinate and inter-mediate Certification Authorities, who inturn digitally sign the user certificatesthey issue. The trustworthiness of eachlayer is guaranteed by the one before.

3. The key that is not publicly revealed is aprivate key, rather than a secret key. Thisavoids confusion with the secret key ofsymmetric cryptography if one thinks oftwo people sharing a secret, but a singleperson keeping something private [2].

4. Because of the processing expense inencrypting an entire message using pub-lic key cryptography, the digital signatureprocess encrypts a digest of the messagerather than the message itself.

5. For the purpose of this article, a threat is

PrivateKey

PublicKey

Pr


Hash Value


Hash Value


Hash Value


Signature

OriginalDocument


Signature

OriginalDocument

Encrypt

Decrypt

OriginalDocument

Hash Function

Hash Function

Signing a Document

Verifying a Signature

Equal?}

EXPIRATION DATE

FEDERALIDENTIFIER

AFFILIATION

STATUS

PAY GRADE

RANK

CERTIFICATE AND KEYLOCATED WITHIN THISINTEGRATED CIRCUIT CHIP

MEDICAL

GHOST IMAGE

DATE OF BIRTH

GENEVACATEGORY

SMART CARDREADER

Figure 6: The CAC Interfaces With the PKI Through a Smart Card Reader



defined as any circumstance or event,from an authorized or unauthorizedentity either inside or outside the domainperimeter, with the potential to causeharm to an information system in theform of destruction, disclosure, modifi-cation of data, and/or denial of service.

6. Encryption certificates are advertised inthe DoD via the Joint EnterpriseDirectory Service (located at <https://jeds.gds.disa.mil>), which is the targetenvironment, and supported by theGlobal Directory Service at <https://dod411.gds.disa.mil>.

7. This depiction of public key encryptionand digital signatures shows text and

documents as the data being protected.Public key encryption and digital signa-tures can be used with any type of datain a wide variety of scenarios.

8. Except for the PKI information, whichis obtained from the CA, all other infor-mation about the ID card holder isobtained from the Defense EnrollmentEligibility Reporting System through theReal-time Automated Personnel Ident-ification System. Home address and tele-phone number, dependent information,and medical, dental, financial, and per-sonnel records are not stored anywhereon the CAC.

About the Authors

Susan Chandler is anassociate with BoozAllen Hamilton, assignedto the Air Force PKISystem Program Officeat Lackland AFB, Texas.She is a 24-year veteran

of the Air Force with expertise in com-puter operations and information sys-tems management. She is an award-win-ning professional with recognizedaccomplishments in the areas of strate-gic communications and change man-agement. Chandler has considerableexperience supporting the Air Force’stransformation to a more secure envi-ronment in cyberspace operations. Shehas a bachelor’s degree in occupationaleducation, an MBA, and is a CertifiedCorporate Trainer.

Booz Allen Hamilton AF PKI SPO4241 E Piedras DRSTE 210San Antonio,TX 78228Phone: (210) 925-9129Fax: (210) 925-2644E-mail: susan.chandler.3.ctr@

us.af.mil

Jerrod Loyless is asenior software engineerfor General DynamicsC4 Systems. He is thepublic key-enabling tech-nical lead at the Air Force

PKI System Program Office at LacklandAFB, Texas. Loyless served as an AirForce communications computer officerfor six years before beginning work as acontractor and consultant. He has abachelor’s degree in computer scienceand a master’s degree in informationsecurity, and is a Certified InformationSystems Security Professional-Infor-mation Systems Security EngineeringProfessional, a Certified Secure SoftwareLifecycle Professional, and a ProjectManagement Professional.

General Dynamics C4 Systems AF PKI SPO4241 E Piedras DRSTE 210San Antonio,TX 78228Phone: (210) 925-2073Fax: (210) 925-2644E-mail: jerrod.loyless@

gdc4s.com

Get Your Free Subscription

Fill out and send us this form.

517 SMXS/MXDEA

6022 Fir Ave

Bldg 1238

Hill AFB, UT 84056-5820

Fax: (801) 777-8069 DSN: 777-8069

Phone: (801) 775-5555 DSN: 775-5555

Or request online at www.stsc.hill.af.mil

NAME:________________________________________________________________________

RANK/GRADE:_____________________________________________________

POSITION/TITLE:__________________________________________________

ORGANIZATION:_____________________________________________________

ADDRESS:________________________________________________________________

________________________________________________________________

BASE/CITY:____________________________________________________________

STATE:___________________________ZIP:___________________________________

PHONE:(_____)_______________________________________________________

ELECTRONIC COPY ONLY? YES NO

E-MAIL:__________________________________________________________________

CHECK BOX(ES) TO REQUEST BACK ISSUES:

MAR2008 o THE BEGINNING

APR2008 o PROJECT TRACKING

MAY2008 o LEAN PRINCIPLES

SEPT2008 o APPLICATION SECURITY

OCT2008 o FAULT-TOLERANT SYSTEMS

NOV2008 o INTEROPERABILITY

DEC2008 o DATA AND DATA MGMT.

JAN2009 o ENG. FOR PRODUCTION

FEB2009 o SW AND SYS INTEGRATION

MAR/APR09 o REIN. GOOD PRACTICES

MAY/JUNE09 o RAPID & RELIABLE DEV.

JULY/AUG09o PROCESS REPLICATION

To request back issues on topics notlisted above, please contact <[email protected]> .

The DoD implemented a PKI to provide engineered solutions that now enhance thesecurity of networked computer-based systems. Programs and applications, whichcarry out or support the DoD mission, require PKI services of authentication, con-fidentiality, technical non-repudiation, and integrity. These services are met with anarray of network security components such as standardized workstation configura-tions, firewalls, routers, in-line network encryptors, and trusted database servers.Public key cryptography supports and complements these component operations.As a system solution, the components share the burden of the total system security.

Software Defense Application

pki: the dod’s critical supporting infrastructure for ...pki provides a credential service for...

Documents