Public Key Infrastructure (PKI) Interoperability: A Security Services Approach to Support Transfer of Trust

摘要

Public key infrastructure (PKI) technology is at a primitive stage characterized by deployment of PKIs that are engineered to support the provision of security services within individual enterprises, and are not able to support the vendor-neutral interoperability necessary for large, heterogeneous organizations such as the United States Federal government. Current efforts to realize interoperability focus on technical compatibility between PKIs. This thesis defines interoperability as the capacity to support trust through retention of security services across PKI domains at a defined level of assurance and examines the elements of PKI interoperability using this more comprehensive approach. The initial sections discuss the security services PKIs support, the cryptography PKIs employ, the certificate/key management functions PKIs perform, and the architectural elements PKIs require. This provides the framework necessary for discussing interoperability. Next, the two fundamental aspects of interoperability, technical and functional, are presented as well as their constituent elements and the existing barriers to interoperability. Finally, the proposed U.S. Department of Defense and Federal government PKI architectures are analyzed and recommendations made to facilitate interoperability.