News

Dartmouth Researchers Continue Pushing Standard To Streamline PKI Verification

• By Dian Schaffhauser
• 07/10/09

Dartmouth College researchers who were pioneers in Public Key Infrastructure (PKI)--a system that secures and authenticates computer communications--are now playing leading roles in establishing Internet standards and guidelines for security. A system developed at the Hanover, NH-based college, called PRQP (which stands for PKI Resource Query Protocol), has been wending its way through the standards body Internet Engineering Task Force since 2006 as a way to more easily implement PKI-enhanced computing security.

"PRQP, very simply, provides a more distributed system for PKI; it works in a way to get trustworthy references in order to verify the PKI certificates of individuals or servers," said Massimiliano "Max" Pala, research fellow with ISTS and the Open Certificate Authority Lab director.

As PKI becomes ubiquitous, IT professionals could in the future presumably rely on PQRP standards-based products to operate PKI efficiently, therefore ensuring a consistent and robust measure of security.

"PKI labors under the misconception that it's difficult," said Scott Rea, senior PKI architect at Dartmouth. "PKI is most successful when it runs under the covers or in the background." And that's what it does on a lot of commercial Web sites that accept credit card numbers, ensuring security behind-the-scenes using PKI or "certificate authority" technology.

Dartmouth's Institute for Security, Technology, and Society has received funding from the Department of Homeland Security to explore ways to make PKI more user-friendly, for individuals and for businesses of all sizes. That's how PRQP was born.

According to Pala and Rea, adoption of PKI is growing, and there is a deliberate program to bring more and more organizations into the PKI fold. Consortiums have been established, grouped around common themes, so that all members within each group can trust each other's PKI certificates. For example, there are eight organizations now in the Higher Education Bridge Certificate Authority (HEBCA), which was formed to facilitate trusted electronic communications within and between institutions of higher education as well as with federal and state governments. Rea serves as director of the HEBCA Operating Authority and secretary of the HEBCA Policy Management Authority.

There are also bridges for federal employees and contractors, pharmaceutical companies and researchers, and defense and aerospace companies and contractors. All four existing bridge organizations have formed a "federation" to trust everyone within these networks at varying levels. Among all four bridges, about 15 million certificates have been issued (mainly to individuals, but servers and other network devices can also carry certificates). That figure is expected to double in the next 12 to 18 months. Dartmouth alone has 34,000 active certificates; the Dartmouth PKI has issued about 1,500 server certificates.