Secure private key management in adaptable public key infrastructures

Public Key Infrastructures (PKIs) enable the securing of various kinds of electronic interactions. Private keys are secrets used in PKIs to conduct security related actions such as authenticating people, decrypting data, or signing documents. The respective private key is the solely necessary secret which an actor must know to be able to do this. Thus, providing an adequate security level for private keys is vital for a PKI’s security. A PKI’s adequate security level depends on the security goals and the further goals the organization operating the PKI defines. The adequate security level is realized by security measures indicated by the security level and other contextual requirements such as availability of technology or the need to be embedded into existing workflows. Hence, the adequate security level and the respective security measures differ in different PKI installations. The work at hand introduces the private key life cycle reference model which facilitates determining the security measures and where to apply them. This is done by mapping a concrete PKI’s private key life cycle to the reference model. This mapping is used to reveal the threats to the private keys and deduce suitable counter measures. Additionally, a new Trust Center (TC) authority called Key Authority (KA) is introduced. The KA guarantees the correct application of the security measures to private keys. A TC is an application which is used to realize PKIs. It is, just like applications in general, subject to various, often competing requirements such as availability, scalability, and security. From the point of view of the TC software, these requirements or their peculiarities change from installation to installation. Additionally, changes in the environment the TC is embedded into may cause changes in the requirements on the installed TC software. Thus, TC software needs to be adaptable to changing requirements. The same argumentation holds for many types of applications. For implementing an application, the developing party uses implementation technologies which fit the given project and the development context. The work at hand introduces an architecture pattern called the Workshop metaphor. It facilitates the implementation of adaptable applications while preserving the choice of implementation technology. The Workshop metaphor implies an application source code with special characteristics which facilitate meeting adaptability and further requirements. The applicability and the usefulness of the aforementioned concepts are shown using the FlexiTRUST Key Authority (FT-KA), the Certification Authority (CA) of the FlexiTRUST TC software bundle. The design and the implementation of the FT-KA are introduced, a security analysis is conducted, and a study on adapted FT-KAs in real world PKIs is presented.