The Sherpa Guide to Keys and Certificates

When it comes to salesmanship, the quintessential difference between computer salesmen and car salesmen is that the car salesmen know when they are lying. The stakeholder’s assessment of whether to use asymmetric or symmetric keys, public key infrastructure (PKI) or PKI-less platforms, thick agent-based (intricate key and certificate management protocols, aftermarket third-party applications) or thin agent-less (low coding, simplified polyglot APIs) solutions to manage and protect devices in the emerging era of Extended Internet of Things (XIoT) is a critical decision point. Enterprise Digitalization requires a clear understanding of the underlying cryptographic methods, analyzing relevance to the use cases, applying the cost benefit principle, and considering the long-term implications to interoperability, scalability, availability, and security.

The Cryptonyms

In layman’s terms, a symmetric key is a cryptographic key shared and used by both the sender and receiver to secure data, whereas asymmetric keys comprise of a pair of keys, one public and one private, wherein plain-text data is encrypted using the public key that is shared with the sender(s) and the private key is used to decrypt the cipher-text data by the receiver. However, the sender and receiver must first present verifiable identities to each other to mutually authenticate before any data exchange. For decades usernames and passwords have served in the ceremony to authenticate users to services. The big problem with weak, shared, unprotected, reuse (using the same password with many online applications or services), and stored passwords is a well-known folktale amongst cyber-savvy users. To offer a method more secure than passwords, the FIDO alliance created passkeys that rely on asymmetric key cryptography. When an interactive user logs into an account the client application (such as a web browser) prompts the user for a pin or biometric (e.g., facial or fingerprint) identity to access the stored private key and complete the service-initiated challenge handshake ceremony. However, use of passkeys on autonomous devices for authentication with services or cross-device authentication poses challenges (e.g., sharing). Device authentication with a service may be accomplished using (a) passwords, which are difficult to provision and protect on headless (non-interactive ) devices; (b) certificates (e.g., X.509 and PKI standards) wherein the device identity is embedded in a certificate issued by a trusted certificate authority (CA) as the subject name along with the public key of the device for use by the remote peer; (c) device keys, which are device-unique symmetric keys associated to a manufacturer issued initial identifier and end-user assigned local identifier (e.g., IEEE 802.1AR specification) shared with authenticated services (for example, by a mutually trusted broker service).

Protecting Persisted Keys on Devices

Irrespective of whether a device uses a private key (with asymmetric key cryptography) or a symmetric key (with symmetric key cryptography) for client authentication, the key must be stored locally and protected on the device platform using a secure element (e.g., Trusted Platform Module (TPM), integrated or embedded Subscriber Identity Module (SIM), Hardware Security Module (HSM), software-based Physically Unclonable Function (PUF)). The velocity of key rotation is an important aspect of key protection, to evade hackers with speed, which requires reliable network connectivity.

Use Value of Certificates

Server certificates can be used multiple times per day for server authentication in sessions with client applications. Client certificates can be used by applications on an autonomous device based on the frequency of connections for mutual authentication over secure transport protocols, or for data authentication over secure transport protocols. Code signing certificates and symmetric keys can be used in the CI/CD and device update process for supply chain provenance by OEMs or line of business application vendors for device lifecycle management and/or automation. One-time certificates can be used for high velocity key and certificate rotation. Long-lived certificates can be used for verification or attestation of the secure boot sequence at power cycle.

Licensing Cost of Certificates

Typical certificate costs range between $0-$600 per year for authentication based on domain, organization, or extended validation (DV/OV/EV), and between $400-$560 per year for code signing. Permanent validity (i.e., no expiration) certificates are not commonly issued for secure reasons. Therefore, certificate costs must be factored as recurring costs by the original equipment manufacturers (OEMs) and end-users. The security implications of self-signed (free) certificates must be considered with diligent safeguards, audits, and device authentication before use within pre-existing controlled private networks wherein PKI buildout may be expensive or difficult to retrofit.

Cost of Certificate Lifecycle Management

The total cost of ownership (TCO) includes the software development costs with open-source or commercial security transport protocol and cryptographic libraries, CA migration (or rollover) costs in the future and managing root and intermediate certificate trust chains (in trust stores). PKI services may be hosted privately on-premises or publicly as-a-service in the cloud.  In both cases, configuration and scalability incurs additional costs or service fees, and high availability requires reliable local and wide area network connectivity.

Planning for Post Quantum Threats

In 1994, Peter Shor developed a quantum computer algorithm to find the prime factors of a semiprime (a number that is the product of two large prime numbers). Using such an approach, future quantum attacks could break public key cryptography algorithms (e.g., RSA, DH, ECDH). A 2048-bit RSA key provides inadequate security against quantum attacks. A study by MIT showed that a 2048-bit RSA key could potentially be cracked by a powerful quantum computer in 8 hours. In 1996, Lov Kumar Grover developed a quantum computer algorithm that finds with high probability the unique input to a black box function that produces a particular output value. Symmetric key lengths must be increased to protect against future quantum computing attacks. AES 128 provides inadequate security against quantum attacks. AES 192 and AES 256 are considered to be safe for a very long time until quantum computers become affordable. In 2022, NIST approved lattice-based cryptography for the Internet of Things (IoT) in a quantum world. However, the impact of increased key sizes, stack usage, and execution cycles on resource constrained devices requires further analysis. Vulnerability to side channel attacks is yet another area that requires technical assessments. This requires a timely risk mitigation strategy to distribute major updates to in-service field devices, and a long-term strategy to service long-lived devices in the field for cryptographic agility.

Dealing with the Plurality of PKI Systems and Heterogeneous Devices

Interoperability between multi-vendor equipment, heterogeneous devices, multi-cloud services, and hybrid PKI systems in use by suppliers and end-users of cyber physical systems must be factored into the end-to-end device security solution. This requires establishing partnerships for collaboration and integration with ecosystem partners (e.g., equipment manufacturers, network and cloud services, and managed security service providers).

End-to-End Tasks and Workflows

Lifecycle management of keys and certificates necessitates performing (or automating) tasks and workflows required by application developers, manufacturers, and field operators throughout the service lifetime of devices. These include:

• Software development for X.509 certificate or symmetric key-based authentication by application developers.
• Software development for X.509 certificate or symmetric key-based attestation with cloud services by application developers.
• Manufacturing devices at scale with pre-provisioning ceremonies by OEMs.
• Building (by OEMs) and stocking factory provisioned devices (by distributors and retailers).
• Onboarding devices with late-provisioning ceremonies in operational environments by field operators.
• Automation to monitor and service certificate expiration, renewal, and revocation in operational environments.
• Visibility for device health monitoring by end-user and OEM operators.
• Off-boarding devices by wiping keys and certificates for end-of-life or change-of-ownership.

PKI Standards and Compliance

The issuer of certificates, the Certification Authority (CA) must comply with PKI standards. The Certificate Policy (CP) defines overall policies and requirements of a PKI system. The Certification Practice Statement (CPS) provides detailed operational procedures followed by the CA and the disclosure statement that offers transparency about the CA’s identity and services to the relying parties. The Certification Authority Browser (CAB) Forum, also known as the CA/Browser Forum, is a voluntary consortium of certification authorities, vendors of Internet browser and secure email software, operating systems, and other PKI-enabled applications that promulgates industry guidelines governing the issuance and management of X.509 v.3 digital certificates that chain to a trust anchor embedded in such applications. Its guidelines cover certificates used for the SSL/TLS protocol and code signing, as well as system and network security of certificate authorities (Source: Wikipedia).

Conclusion

Adoption of any new technology in pre-existing infrastructure of brownfield and greenfield devices requires due consideration of interoperability, scalability, and availability beyond the essential security considerations for long-term sustainability, operational efficiencies, and cost reduction. There is no one-size fits all solution for information technology (IT) and operational technology (OT) convergence that is the genesis of Enterprise Digitalization where billions of interactive users and autonomous devices cohabitate. Trusted Data to Artificial Intelligence (AI), Machine Learning (ML) and Deep Learning (DL) is the digital currency (the new electricity as the pundits proclaim) in the decades ahead.