paint-brush
Why Is Public Key Infrastructure Outdated?by@sankritk
581 reads
581 reads

Why Is Public Key Infrastructure Outdated?

by Sankrit KMarch 30th, 2023
Read on Terminal Reader
Read this story w/o Javascript
tldt arrow

Too Long; Didn't Read

Public Key Infrastructure (PKI) is a system of digital certificates used to verify the identity of a sender or receiver of electronic information. PKI is based on asymmetric cryptography, which uses a pair of matching keys to encrypt and decrypt data. This article will explore why PKI may no longer be relevant in today's day and age.
featured image - Why Is Public Key Infrastructure Outdated?
Sankrit K HackerNoon profile picture

Public Key Infrastructure (PKI) is a system of digital certificates used to verify the identity of a sender or receiver of electronic information. PKI is based on asymmetric cryptography, which uses a pair of matching keys - one public and one private - to encrypt and decrypt data.


PKI has been used for many years to secure communications over the internet. Today, it is the go-to method for many to verify the identity of a website or an email sender. However, PKI has a number of weaknesses that make it unsuitable for use today. It may is no longer considered to be an effective security measure.


This article will explore why PKI may no longer be relevant in today's day and age.

PKI Is Not Trustless

Trustlessness refers to the ability of a system to function without the need for any centralized authority. A trustless system helps to ensure that participants cannot cheat or collude with each other without relying on any entity.


In order for PKI to work, there must be a trusted third party (TTP) called "Certificate Authority (CA)" that can issue and revoke digital certificates. Unfortunately, TTPs are often untrustworthy themselves. In fact, many TTPs have been compromised by hackers. As a result, the trust placed in PKI is often misplaced.

PKI Is Complex and Difficult to Manage

Complexity is the devil when it comes to security. The more complex a system is, the more opportunities for attackers to find vulnerabilities.


PKI is notoriously complex. It requires a great deal of expertise to set up and manage. This complexity makes PKI difficult to use and often leads to errors that can be exploited by attackers.


This complexity arises out of several components being involved and thus makes the entire infrastructure difficult to manage. Further, the process of issuing and revoking digital certificates requires a high degree of expertise, which can be costly to acquire.

PKI Is Not Immune to Quantum Computing

Quantum computers are the next frontier for computers. They use quantum mechanical phenomena, like superpositioning and entanglement, to perform calculations. They are able to solve certain problems much faster than traditional computers.


The way they work is by taking advantage of the fact that a quantum bit (qubit) can exist in multiple states simultaneously. This allows them to perform several calculations at once.


Simply put, just like how traditional computers use bits that can either be a 0 or a 1. Quantum computers use qubits, which can be both a 0 and a 1 at the same time.


While quantum computers are not widely available today, they are becoming more and more powerful. For perspective, a quantum computer with just 50 qubits would be able to outperform the world's most powerful supercomputer.


PKI assumes it is impossible for attackers to factor in large primes quickly. However, this assumption is no longer true in the age of quantum computing as these next-gen computers can compute many iterations simultaneously.


As a result, PKI is no longer secure against attackers with access to quantum computers. In the future, quantum computers will become more powerful and more widely available. This will make PKI increasingly vulnerable.


Unfortunately, quantum computers also pose a threat to PKI. They can be used to break the RSA and ECC algorithms, which are the most commonly used algorithms in PKI. As a result, quantum computers could be used to spoof digital certificates and impersonate legitimate websites or email senders.

PKI Is Threatened by Rogue CAs

A rogue CA is a Certificate Authority that has been compromised by an attacker. The attacker can use the rogue CA to issue fraudulent digital certificates. These fraudulent certificates can be used to impersonate legitimate websites or email senders.


Rogue CAs are a serious threat to PKI because they undermine the trust that is placed in CAs. In order for PKI to work, participants must be able to trust that the CA will issue legitimate certificates. However, if a CA is compromised, this trust is broken.


Rogue CAs can be used to launch man-in-the-middle attacks. In these attacks, the attacker uses a fraudulent certificate to impersonate a legitimate website or email sender. The victim is then redirected to the attacker's website or email server.


The attacker can then intercept and read communications between the victim and the legitimate website or email server. They can also inject malicious content into these communications.

Why Is PKI Still Used Extensively?

Despite PKI being complex, expensive, and difficult to implement, it is still used extensively. The main reason is that it is universally adopted and is an industry-standard.


PKI even supports using Transport Layer Security (TLS), an evolution of SSL, as well as a variety of other protocols.


PKI is also used to secure a variety of other communications, including email, instant messaging, and VoIP. PKI is the most widely used security solution for these types of communications.


Blockchain technology relies on digital signatures to authenticate transactions. These signatures are generated with private keys, which must be securely stored. The only well-established way to do this is with PKI.


PKI is also used to secure communications between nodes in a blockchain network. Nodes use digital certificates to authenticate each other. This prevents attackers from impersonating nodes and injecting malicious data into the network.


In essence, the use of PKI in blockchain can be attributed to the dire need for greater usability, which would ultimately lead to mass adoption.

Conclusion

Most emerging web3 protocols focus more on usability by trying to integrate existing key management solutions on top, resulting in a more jerry-rigged system. While this may work in the short term, it is not a viable long-term solution.


A more comprehensive and standardized approach with a granular approach to security is needed in order to ensure the integrity of digital systems in the future.