Public Key Infrastructure

Technical Brief


The market for PKI certificates is moving quickly at an upward trajectory. It is bound to match and exceed the amount of mobile phones and personal computers that are available. Its versatility and adaptability has become its core strengths in its expansion. Presently total certificates are nearing over 13 million with 350,000 being added onto our networks weekly. Symantec Corporation leads the pack with 26% market share as a major certificate authority and increases it impact with its ever increasing presence in business to business and government sectors. It has completed a divesture of the company into two separate publicly traded companies earlier this year to the Carlyle Group. This move should allow the remaining faction of Symantec to move nimbly and further its hold in the security market and allow it to improve PKI services. Comodo CA is the second largest public key infrastructure provider with a share of 19%. The company seems set to either stay in its state of being a secondary leader or have a decrease in market share as multiple controversies plague their reputation. Although no company is completely defiant of security loopholes a number of their products have been in the center of enabling outbreaks. In as recent as 2015, Comodo CA was associated with PrivDog a man in the middle attack tool that claimed to protect consumers from malicious web advertising. In 2009 they were accused by Microsoft’s Michael Burgess of issuing digital certificates to known malware sites after they were notified directly of the findings and did not take action until the information was taken to the public. GoDaddy has 16% market has been the most visible of the top certificate authority in the public due to their highly publicized sponsorship of a race car within NASCAR and often salacious super bowl commercial advertisements.

PKI Market Share


The biggest concern of businesses and consumers alike is the threat of lost privacy and monetary harm. Public key infrastructure certificates are utilized with the intent of enabling users of a mostly unsecure public network such as the Internet to securely and privately exchange data and money. As business transactions continue to rise in the internet, digital protections are increased to meet the demand. Signing off on legal agreements as well as the purchase of items are now replicated and the procedures of PKI provides the need for identity confirmation in these instances. Through non-repudiation both the consumer and the service provider are able to verify the validity of a transaction. Digitally signed transactions between parties are easily re-validated to prove where the exchange originated and create persistent, tamper resistant evidence that may be critical to highly sensitive electronic transactions. The process of PKI certificates also gives way to allows users to digitally sign documents, applications, and deliver authority information like credentials, licenses, and relationships. As communications increase throughout the internet secure communication and validations of identity within interactions becomes a continuous demand. The public key infrastructure is also able to maintain the integrity of digitally signed data not reduced by being forwarded across systems or borders.


The opportunities that PKI provides are endless. Notably in Taiwan, online gaming subscriptions are controlled by public key infrastructure cards that are issued and used by thousands of users. In addition, Taiwan’s national healthcare system provides PKI capable smartcards that includes citizen’s healthcare information that can then be used to be made available to their medical professionals. In the International Civil Aviation Organization, electronic passport chips are digitally signed and will one day be upgraded to include personal certificates for passport owners. The XML based protocol 3-D Secure developed by Visa and adopted by other industry competitors is based on public key infrastructure technology and can be seen on newly issued debit and credit cards today. These once costly innovations are now increasingly common place as the once costly implementations of PKI become inexpensive due to combining efforts with cloud technology for storage use.


As with most products, there are difficulties that are endured; public key infrastructure is no exception. When thinking in terms of everyday e-commerce with business models such as Amazon, it is problematic in analyzing how a merchant can readily arrange enough keys for their customers. In addition, individuals who are attempting to make quick transactions and may have not previously created a purchase order with the merchant prior to the event may find the initial procedure slow moving. There is also the difficulty of finding reliable storage options that w ould be able to successfully preserve the integrity of a user’s private keys. The advantage of nonrepudiation can also be a disadvantage of sorts. In some localities legislation has been garnered so that if a user’s private key has been used while being verified and certified by a certificate authority, any action completed by the utilization of that key entails its legal responsibility. Under further examination, this legislature ties consumers to situations that may be encountered even if their private key is compromised due to insufficient key storage.

Even when security precautions are set and strictly followed, even the certificate authority itself can become a liability. In 2011, Dutch certificate authority DigiNotar confirmed that their systems had been compromised. A hacker, who would also later boast that they were able to infiltrate fellow CA Comodo’s systems as well, eventually became in control of DigiNotar’s certificate issuing servers and was able to alter log files. The attacker obtained digital certificates that were used against users of products provided by Google, Yahoo, Mozilla and other high profile companies.

“ One of the most worrisome aspects of the DigiNotar breach at the time it leaked out was that the company not only was a commercial CA, but it also issued government certificates, calling into question the legitimacy of those certificates, as well.” Machiavelli, about Fra Luca's System

Probably the largest security mistakes that the now bankrupt certificate authority was guilty of were a lack of anti-virus software on their servers as well as not having proper segmentation of their network that allowed certificate issuing servers to be carelessly available through the internet. Proper implementation and upkeep of an organization’s public key infrastructure should be a priority however a certificate authority must also make sure they are meeting or exceeding security guidelines to protect their stakeholders.


Although the concept of public key infrastructure is not new, the standards of the technology are still in its growing stages. The substantial spread of mobile devices and the growing reliance of mobile applications on everyday life will continue to necessitate PKI in practices not limited to email, mobile banking, social media structures, and subscription services that depend heavily on trust anchoring, device identity and authentication. Businesses will continue to find it indispensable in reducing costs and improving security in the increasing practice of the Bring Your Own Device (BYOD) programs and secure connections to wireless services and VPN networks.

Another future propellant in increasing PKI implementation is the amplified sophistication of everyday items that are technology driven. These internet of things are already available in our healthcare establishments with medical devices and patient monitoring tracking bracelets. They are already in our homes through surveillance equipment, integrated digital assistants such as Amazon’s Echo and Google’s Home, televisions, digital thermostats, smart watches, and even smart door locks that can be paired with your mobile device like Kevo by Kwikset. The growth of an increasingly digitally smart world will also bring about its security issues and concerns of data retention.

Internet of Things Home


The technology that encompasses in the creation and maintenance of PKI is vast and has progressively become less expensive to implement a vital form of data protection. Like all security measures that involve the internet, the procedure that public key infrastructure provides alone is not full proof yet technological advancement continues to overcome whatever it safeguards. By nurturing the growth of public key infrastructure alongside a combination of other security precautions it is an important facet in providing any organization or consumer a safer network. As the use of PKI spreads and interests in its evolution continues, public key infrastructure has and will continue to prove it to be instrumental in the protections against data loss and identity management in both modes of government, business, and consumer use.