When Air Force Lieutenant Jane Jacobs sends sensitive information to Air Force offices, she doesn't worry about it getting into the wrong hands. She's logged onto her computer, using her Common Access Card, an identity card with its own microchip and memory. By inserting her card into a card reader attached to her computer, she's using the Department of Defense's (DOD) Public Key Infrastructure (PKI).

She can then send encrypted e-mail and sensitive but unclassified documents over the Internet. Prior to using PKI, she could never be sure that the person receiving her e-mail was the intended recipient. Now she has no doubt. And by attaching a digital signature to her documents, Lt. Jacobs assures the person receiving her document that it is indeed from her. Using the public key infrastructure can also give Lt. Jacobs confidence that the data she sends has not been compromised in transit.

Why DOD Wants PKI

The DOD has mandated the use of PKI by October 2003 for all of the military services and their contractors with access to DOD networks. "The DOD PKI is a vital element of the Defense-in-Depth strategy," says Bobby Blount, associate department head in MITRE's Space, Intelligence, and Information Operations Division. Blount also serves as the chief engineer for the Air Force Electronic System Center's Information Assurance Product Area Directorate.

"PKI supports the DOD's enterprise-wide information assurance initiatives and will help the DOD achieve information superiority in a network-centric warfare environment," says Blount. "Besides increasing security, the DOD expects PKI to provide cost savings by avoiding service duplication and by consolidating procurements."

Better services at lower cost are possible because PKI gives organizations the ability to process more sensitive data in shared networks. PKI also lets organizations automate sensitive functions previously kept off-line and use the Internet for business purposes.

The Defense Department is not alone in implementing PKI. It's a proven approach used by many organizations and countries. For example, the Wells Fargo Bank uses PKI for supporting secure e-business, and Johnson and Johnson uses it for supporting operating companies, external contractors, partners, and customers. Australia and Ireland use PKI for secure tax filing, and the Canadian government uses it for secure government-to-citizen transactions.

What is PKI?

The Common Access Card contains a computer chip with 32-kilobytes of memory. The memory stores three software certificates that are managed by NSA and DISA.

As Lt. Jacobs discovered, PKI is an infrastructure that integrates digital certificates, public key cryptography, and certification authorities into a total enterprise-wide network security architecture. PKI provides users with identification, confidentiality, integrity, and non-repudiation services. This is done by issuing key-pairs to each user. Each key-pair includes two keys (containing very large numbers: over 300 digits in length), which are mathematically linked in a very subtle way. For each key-pair, one is kept private and the other made public.

Setting up a PKI infrastructure for each DOD agency is a complex task, as PKI comprises a set of policies, people, processes, technology, and services. MITRE is helping the Air Force PKI System Program Office at Lackland Air Force Base, Texas, to engineer and implement the DOD PKI across the Air Force enterprise. "The Air Force will use PKI for both business and tactical operations," says David Eyestone, a lead engineer and group leader in MITRE's Space, Intelligence, and Information Operations Division.

"Current applications include secure e-mail, Web servers, and digital signature applications," says Eyestone. "Digital signatures are used for conducting financial transactions in the Automated Business Services System and approving travel vouchers in the Defense Travel System. In the future, digital signatures will be attached to other electronic forms, such as performance reports for officers and enlisted personnel."

Defining the Common Access Card

In helping the Air Force implement the Common Access Card that Lt. Jacobs uses, MITRE works closely with the National Security Agency (NSA) and the Defense Information Systems Agency (DISA). As part of this project, MITRE has evaluated different cryptographic middleware and Common Access Card reader products, serving as an impartial broker for the Air Force.

Part of the card's 32-kilobyte storage space is used for three software certificates, which are managed by NSA and DISA. There's an identification certificate, an e-mail signing certificate, and an e-mail encryption certificate. Our engineers tested new certificate formats, including a few extra pieces of information, or fields, to take advantage of the Windows 2000 cryptographic logon capability. Sam Schaen, a principal engineer in MITRE's Security and Information Operations Division, is advising DISA. He got MITRE's Air Force Team involved in testing the new certificates prior to fielding.

Now, when Lt. Jacobs uses her Common Access Card to log onto her network domain, she is asked for her personal identification number (PIN). Her PIN accesses the private part of her key pair, which is used to sign her network logon request, which is sent to a Windows 2000 domain controller. If the data in the request checks out, Lt. Jacobs will be allowed to log onto the network. This process uses public key cryptography, an area MITRE has worked in for a number of years, to protect the key exchange.

Besides maximizing the DOD's investment in Windows 2000, the logon procedure bypasses one of the weakest links in any computer system, which is the password. With PKI, the DOD has moved to a higher level of security assurance. Not only do participants have to know their PINs, but they must also be in possession of their Common Access Cards to log on. This is called two-factor authentication.

Checking the Certificate

MITRE is also working to improve the system's revocation check, which matches the certificate with a master list to see if it has been stolen, lost, or superseded. The current process is very bandwidth intensive. Recall that when Lt. Jacobs logs on, the software certificate on her card is checked with a master list of certificate numbers, called a Certificate Revocation List (CRL - pronounced "Krill"). The CRL for each network domain is actually downloaded to each user's workstation. Every few days a new list is sent out.

"The problem with CRLs is that they become very unwieldy in an infrastructure as large and dynamic as the DOD," says Eric Dube, a MITRE information systems engineer. "Currently, the largest DOD CRL has more than 100,000 entries, is 3-megabytes in size, and continues to grow," notes Dube. "It's inefficient to push these multimegabyte CRLs to every desktop to check revocation status. It's like downloading an entire phone book when you really only need one phone number."

To remedy this problem MITRE is working with the Air Force to field an online certificate status protocol (OCSP) initial capability. OCSP allows users to "dial information" by sending a request to a special server called an OCSP responder. "This responder replies with a revocation status on only the requested digital certificates-not the whole phone book," says Dube.

The efficiencies in the OCSP responder solution promise to preserve precious bandwidth across the Air Force enterprise. It could also make real-time revocation checking feasible for tactical users who are constrained by bandwidth.

MITRE provided systems engineering support for the OCSP effort-working with the Air Force PKI System Program Office to develop systems requirements, conducting a market evaluation, and coordinating a test plan for a pilot. With lessons learned from the pilot, the team will be better prepared to roll out an OCSP capability across the Air Force enterprise.

Our personnel are working across MITRE divisions on the OCSP effort. For example, team members include Steve Boczenowski, a principal engineer, and Lorrayne Schaefer, a lead engineer, both with MITRE's Security and Information Operations Division. Boczenowski is providing technical center resources, while Schaefer is sharing information gained from supporting OCSP for the Navy.

Taking PKI to the Next Level

As the Air Force deploys the current level of PKI throughout its organization, MITRE is looking to the future and the next level of information assurance. One possibility is biometrics, e.g., fingerprints or iris scans. "Biometrics are a good way to recognize and verify the identity of people," says Mike Leonard, a lead information systems engineer in MITRE's Space, Intelligence, and Information Operations Division. "They can't be lost, forgotten, or borrowed."

"We are looking at a variety of commercial-off-the-shelf biometrics technologies that rely on human behavioral or physiological characteristics. Behavioral biometrics include voice verification, keystroke dynamics, and signature recognition," says Leonard. "But these characteristics aren't as stable over a long period when compared to physiological characteristics. For example, your voice can change due to a cold."

Some of the best performing biometrics rely on physiological characteristics-examples include fingerprints, hand geometry, and the iris. In fact, fingerprints are used now in the DOD to issue and unlock Common Access Cards. "I foresee biometrics technology eventually moving to the desktop for network and application logon," says Leonard. "Making typing mistakes and locking out the Common Access Cards could become a thing of the past."

In exploring future PKI applications, MITRE has also worked with the DOD's Common Access Card/Biometrics Working Group to explore how biometrics can be used to provide stronger authentication in combination with the Common Access Card. The group is examining three areas:

1. Developing a biometric alternative to the Common Access Card's PIN.
2. Storing a biometrics template on the card for use with other applications.
3. Using biometrics with a Common Access Card equipped with built-in "contactless" technology for physical access to facilities without swiping or inserting a card into a reader.

We are also helping the Air Force extend PKI into tactical environments where the critical issues are limited bandwidth and availability. A MITRE team is working with the Air Combat Command to identify and validate tactical PKI requirements. The team will use a prototype deployable PKI certificate management system to test the issuance of certificates using high and low data rates, along with other variables.

It won't be long before Lt. Jacobs finds the Air Force PKI system even easier to use.

—by David Van Cleave

Related Information

• How Does PKI Work?
• Securing Enterprise Resources with PKIs
• Authentication: Are You Who You Say You Are?

Websites

• Department of Defense: Public Key Infrastructure Introduction
• DOD DISA Information Assurance Support Environment (IASE): Public Key Infrastructure

Solutions That Make a Difference.®
Copyright © 1997-2013, The MITRE Corporation. All rights reserved.
MITRE is a registered trademark of The MITRE Corporation.
Material on this site may be copied and distributed with permission only.

Privacy Policy | Contact Us