By Topic

Configuring enterprise public key infrastructures to permit integrated deployment of signature, encryption and access control systems

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

1 Author(s)
C. K. Williams ; Sci. Applications Int. Corp., McLean, VA, USA

With the emergence and widespread use of digital technology at all levels, from strategic bases and infrastructures down to the soldier on the ground, security of these systems and the networks that they connect to has taken on paramount importance. The past decade has seen widespread development, innovation, and growth within the DoD, Government, and commercial communities of public key infrastructure (PKI) to meet these security needs. PKI is a robust technology, supporting numerous applications, including user and computer authentication, secured communications, data encryption, and digital signature. As PKI technologies have moved from the laboratory and university into the mainstream, numerous operational issues have been realized that hamper their widespread adoption. These issues include: deployment and maintenance of certificate authority (CA) infrastructures; storage of digital certificates on computer servers and workstations; transportation of certificates from computer to computer; replacement of lost credentials; and "PKI-enabling" of applications. A burgeoning industry has arisen to meet these challenges, producing an alphabet soup of products; many of which have competing and mutually exclusive capabilities, limitations, and supporting requirements. This paper examines these problems, and proposes methods and techniques for the successful employment of PKI to support as wide a variety of end-user applications as possible. It discusses the following key engineering decisions that must be made, and best practices for making them: design of the CA infrastructure for maximum flexibility and vendor agnosticism; design of X.509 certificate templates to permit their proper selection and use for a wide variety of applications, including server security, user and computer authentication, digital signature, and data encryption; storage of certificates on hardware security modules (HSMs), smart cards, and removable tokens; and finally, PKI-enabling of networks and applications. Finally, it discusses "gotchas " and issues that must be dealt with in the process of operational deployment of these technologies.

Published in:

MILCOM 2005 - 2005 IEEE Military Communications Conference

Date of Conference:

17-20 Oct. 2005