Key management, crypto-agility & tech evolution via long-term innovation partnerships
Public key infrastructure (PKI) underpins trust in the digital world, enabling IoT, V2X and other evolutions reliant on secure communication between verified devices. Despite the many changes to come with the arrival of post-quantum, the importance of PKI remains a constant.
PKI refers primarily to the infrastructure that enables digital certificates and, as the name implies, public keys. Digital certificates allow two users to make verified transactions using asymmetric keys. Without the ability to verify the identities of transacting parties, electronic interactions would not be secure or, more recently, compliant.
PKI in action: Verifying identities & transactions
Both the public and private sector rely on public key infrastructure to enable secure applications and e-signatures. The rise of cloudification and interconnected devices and networks has compounded both the frequency of electronic interactions and their consequences. More and more organizations opt for PKI to facilitate code signing and secure device-to-device communication.
INCERT, a state innovation partner launched by the Luxembourgish government, set up public key infrastructure technology to enable the country’s electronic travel and identification documents. Its national initiatives include eTravel documents, digital covid certificates and digital identity wallets.
INCERT has taken its expertise abroad to support Nigeria in its implementation of electronic identity documents, and Mongolia and Ethiopia in their electronic governance.
Securing V2X with PKI
Authentication will be essential for the evolution and safety of society’s internet of things.
So-called man-in-the-middle attacks, for example, occur when an attacker intercepts an organization’s confidential information, often by establishing false trust through IP, DNS or HTTPS spoofing.
PKI provides a stronger method of authentication to prevent such attacks. IoT hinges on constant communication between smart devices. V2X, a derivative of IoT, refers to vehicle-to-everything in which connected cars wirelessly share (and receive) data with the world around them. It lets them interact with smart cities and transmit data gathered from its sensors and systems.
V2X unlocks multiple benefits, from sustainability to safety. By optimizing traffic flow and simplifying the use of charging facilities, V2X aims to decrease congestion and carbon emissions. Interaction between vehicles could help eliminate some of the human error that makes motor vehicle crashes a leading cause of death worldwide.
PKI for safer software-defined vehicles
The software-defined vehicles at the heart of V2X are extremely intelligent computers to which we entrust our physical safety. To function, they require regular over-the-air software updates from multiple manufacturers.
These updates keep the car optimized and secure, but, ironically, also serve as entry points for bad actors. Yet another scenario in which PKI-enabled secure verification is essential.
“PKI is the main root of trust technology used today,” explains Sylvain Arts, Chief Business Officer, INCERT. “It’s a central pillar across all industries, particularly among car manufacturers, who will not use blockchain due to the black box effect.”
Other forms of authentication may be unable to protect against today’s sophisticated attacks. Once a device is compromised, so too is every other system within the vehicle, and in worst-case scenarios, the entire supply chain.
PKI & KMS go hand in hand
As more and more manufacturers acknowledge the importance of PKI, they may be neglecting a critical component: key management. Without a secure, unified key management system, inconsistent and careless practices leave keys compromised.
PKI presumes the confidentiality of private keys. To put effort and resources into a PKI solution without also establishing a KMS solution is like buying a new bike without investing in a lock.
KMS is, therefore, a critical step in implementing PKI.
From state-level PKI development to Keys&More
The natural link between KMS and PKI led INCERT to evolve from a state-level PKI partner to a commercial KMS solution provider. After witnessing PKI technology in action, it became apparent that key management systems were essential, not just to security but to longevity.
When done right, both PKI and KMS facilitate post-quantum migration and quantum resilience.
Following its initial launch, Keys&More has since brought its PKI development in house, giving clients greater agility and a wider degree of encryption support.
“We want to keep control over our own PKI so that we can anticipate and adapt to the reality of post-quantum for our clients,” Arts continues. “Without in-house PKI, Keys&More and our clients would be at the mercy of technology providers. As an innovation center, we want agility and pricing to be in our hands, not in the hands of legacy providers.”
As an innovation partner with in-house KMS and PKI solutions, Keys&More develops long-term commercial solutions for the automotive manufacturers that it serves. The government cryptography experts behind Keys&More participate on standards boards and in the discussions shaping future policy.
Similar to INCERT’s long-term, high-level partnerships, Keys&More establishes transformative, lasting relationships with manufacturers that (1) address immediate needs and challenges, (2) tap into strategic opportunities and (3) prepare them for the transition to a post-quantum world.
“We’re involved with industry standards, developing algorithms and leveraging our expertise in quantum and post-quantum,” Arts concludes. “We understand this world.”