We've discussed PKI and digital certificates before on this forum (part 1, part 2, part 3), so a lengthy introduction to the concepts shouldn't be necessary. Basically, a PKI attaches identities to digital certificates for the purpose of assured, verifiable, and secure digital communications. Most PKI implementations are concerned with human identities, although some exist for the purpose of identifying machines, companies, groups, or other entities.
During the late 1990s, and faced with the security problems posed by open internet access to military information, the DoD committed to PKI for its members as a concept, and began to make plans for implementing it. Late in 2002, after several years of development, they
marked the one-millionth CAC card
issued, calling it a "monumental step" - but there was still a long way to go at that time, and millions of digital certificates yet to issue. Now the online edition of
Military Information Technology
has just published an
interview with Gil Nolte,
a National Security Agency (NSA) official who serves as director of the DoD PKI programs, and he gives a frank and open view of the CAC PKI efforts to date. According to Nolte, more than 80% of all active-duty military personnel now have CAC smart cards. While that's encouraging, in that six million American citizens now possess at least a rudimentary knowledge of public key cryptography and how to use it, Nolte's commentary regarding the failures and problems which have been encountered in the CAC project are somewhat disturbing. The success of the project must be weighed against the "workarounds" necessary to make it "march in step" to the demands and limitations of the US military organization.
was chosen by the DoD as the platform for the CAC. The latest generation of these smart cards contain multiple credentials, including unique RFID, barcode, photo ID, and biometric information (fingerprints), along with the crypto keys and certificates. A
of the modern CAC card shows how they work. To obtain a one, a soldier follows a relatively
The cards, and their biometric data, crypto-keys, and certificates are issued and maintained by a system known as the Defense Enrollment Eligibility Reporting System (DEERS) and the Real-time Automated Personnel Identification System
(RAPIDS). To find the nearest RAPIDS enrollment center, a simple search functionality
is provided on the open web.
After the soldier has found a suitable enrollment location, he schedules an appointment and at the appropriate time, arrives to begin the application process. The time required for this process has been greatly reduced during the past few years - nowadays the average wait for a CAC card is only about 12 minutes, although delays are still somewhat common. Indeed, delays in the application and issuance of the CAC have been the project's largest single problem. The streamlined application process seems to have helped, but according to Nolte, "We still have issues - some sites are still reporting long issuing times."
Before we take a deeper look at the other problems faced by the CAC PKI, we should be aware of what they actually do for the military personell who receive them. Besides providing physical identification capabilities mentioned previously, the CAC contains a couple of digital certificates. A client certificate, which authenticates the soldier and grants access to 2-way SSL protected websites; and an email certificate which provides the soldier with the ability to sign their email communications, providing assurance to the receiver that he is indeed who he says he is. Additionally, email to a soldier may be encrypted when necessary and prudent using their email certificate. To send an encrypted message to a soldier, their public key is obtained through an internal database.
Leading up to the invasion of Iraq, the US military
from certain personnel which was being sent home to friends and family. Concerns about inadvertent leaks of battlefield information and other secrets forced the clampdown. It's unclear whether the new encryption capabilities which are available via the CAC could be used to reduce this risk, but it could reduce the potential for certain types of leaks. It's also unclear whether the military's public-key database is available to the public, or even to family members, but it's certainly possible for the soldier to carry his family's public keys with him in any case - now that the capability for sending secure email is available and understood by regular personnel
While it seems clear that the biggest stumbling block to a successful PKI in the US military has been the delay - the waiting time between
sending the certreq
and receiving the certificates, there were several other big problems to work out. Among these, probably the biggest and most confounding was simply trust. In the early stages of PKI within the military, there were reports that several different vendors and implementations were being used and/or developed, leading to complex and confusing cross-validation requirements. Nowadays, the one and only root PKI authority, the one which signs and approves all other military PKI authority, is managed by the National Security Agency. This subjugation was a critical step for the largest PKI in the world - although I can imagine that there were more than a few rankled generals and admirals who had to submit applications for their authority to the NSA.
Another big problem which has cropped up for the DoD's PKI is related to the enormous Certificate Revocation List (CRL) which must be maintained and updated for proper validation of each transaction which occurs using a DoD certificate. The list of revoked certificates is currently well over 21 megabytes, and searching the list for invalid certificates is currently forcing some applications to forego a comprehensive check before carrying out a given transaction. This flaw was predictable, CRL maintenance is one of the "hard" problems facing any CA, but it remains a significant security flaw in the operation of the PKI. An unverified transaction can provide important information or access to an intruder, who might even be the enemy. However, most of the application owners have accepted the risk, and continue to operate without CRL verification. They're waiting on a fix from the root authority, according to Nolte. Let's just hope that their continued development funding doesn't get sucked into Iraq.
It's also worth mentioning, when considering the problems faced by the DoD PKI, that most of the functionality which implements the PKI is MS Windows-based. Indeed, the RAPID system itself
runs under Windows NT
and most, if not all secured email communication which are sent from military personnel are also sent using MS Windows software. In light of the recent
ASN.1 parser critical vulnerability
discovered in Windows, which could lead to exploits which give complete control of systems which make use of certificates and cryptography, it's disconcerting, but not surprising, to realize that the US military has placed all of their PKI "eggs" in one basket. Hopefully, such vulnerabilities are patched religiously, or at least methodically, by the administrators of these systems.
Finally, taking a look at the future of the DoD's PKI efforts, Nolte notes that there's a "long list" of functional capabilities for the CAC PKI which have been prioritized by the information officers representing the military. Among them, the most critical appears to be replacement of lost or damaged keys. Now, most CA operators do not provide this functionality, since most CA operators do not retain copies of the private keys. The DoD however, being an escrow CA operator, can provide the ability to restore lost or damaged private keys. The problem with doing so, of course, is validation and proper identification of the recipient, as well as proper storage and retrieval methods for the keys themselves. Anything which makes it "easy" to recover a lost key also makes it easier to obtain it illicitly - this is why most CA operators don't provide key escrow, period. Nolte relates an incident which highlights the problem, where a very high ranking officer lost his keys, and was unable to access vital data for several days during a critical time last year.
Trade-offs are a necessary part of any large organizations' security and public key infrastructure, as anyone who has worked on one knows. At some point, however, sacrificing enhanced security for the sake of simplicity makes what remains of the security a farce. It's not clear to me that the CAC is a farce yet, but continued pressure to "make it easier" could certainly reduce it to that level. I wish them continued success, but not at the cost of reliability or real security.