Public key infrastructure (PKI) has become the cornerstone in modern IT infrastructures when it comes to ensuring confidentiality, integrity, authenticity and non-repudiation of sensitive information. This information can be as diverse as eID services like passport production to digital rights management in the entertainment industry. It can reach across industries like automotive, smart metering and payment infrastructures. One of the most common use case for PKIs is that of authenticating employees and devices against a company’s IT infrastructure.
Based on the well-studied mathematical schemes of asymmetric cryptography and hierarchical structures, PKI is a powerful tool for securely communicating amongst large groups of users or computing nodes. The principle behind it is simple: a message – or certificate – is encrypted or signed with a private key and can be decrypted or verified with a corresponding public key.
The challenge in this scheme is to reliably distribute the public key, so a reader or recipient of a message can be sure about its origin. This is commonly achieved by establishing a trustworthy third party to assure authenticity and integrity of the public keys – a Public Key Infrastructure, or PKI.
Obviously, a PKI stands and falls with the trust one can place in the measures deployed to safeguard the cryptographic keys. This is where deploying Hardware Security Modules in a PKI becomes a critical success factor.
Organizations deploying their own internal PKIs have the flexibility to define the security models that fit their specific needs. They face a number of challenges in defining, maintaining and securing their PKI:
Internal PKI. This is the more traditional approach of setting up and managing a public key infrastructure where organizations setup, deploy and manage a PKI within the boundaries of their IT infrastructure. Setting up and maintaining an internal PKI becomes the favorable choice if the aspects of infrastructural and expertise maintenance costs are affordable for an organization.
PKI as a Service. As virtualization and cloud computing have taken up speed in the past few years; outsourcing of previously in-house kept services has become a cost effective approach for a variety of organizations. Having the option of outsourcing business critical services to economic, trustworthy and highly specialized third party providers has made the idea of outsourcing a PKI a luring alternative for many organizations. Especially in the context of cost and expertise that accompanies setting up and maintaining such an infrastructure within organizational boundaries.
Utimaco is the only HSM vendor with a global partner network, specialized in different disciplines of using HSMs – including the deployment in PKI. Click here to find a PKI implementation partner of your choice.
If you want to build a PKI for your own research project or a customer, start today with our fully functioning simulator. It allows you to test the capabilities of your development upfront and free of change. To download the simulator please see here below.