Failures of public key infrastructure: 53 year survey
Adrian-Tudor Dumitrescu, Johan Pouwelse
TL;DR
This paper surveys 53 years of PKI history, highlighting its persistent limitations, risks, and implementation challenges in digital identity systems, emphasizing lessons learned from global experiences to improve future security frameworks.
Contribution
It provides a comprehensive timeline and analysis of PKI failures and risks, offering insights into its evolution and application in digital identity projects worldwide.
Findings
PKI has faced ongoing security and reliability issues.
Digital identity implementations often encounter PKI-related challenges.
Lessons from global PKI failures inform future security practices.
Abstract
The Public Key Infrastructure existed in critical infrastructure systems since the expansion of the World Wide Web, but to this day its limitations have not been completely solved. With the rise of government-driven digital identity in Europe, it is more important than ever to understand how PKI can be an efficient frame for eID and to learn from mistakes encountered by other countries in such critical systems. This survey aims to analyze the literature on the problems and risks that PKI exhibits, establish a brief timeline of its evolution in the last decades and study how it was implemented in digital identity projects.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsSmart Grid Security and Resilience · Information and Cyber Security · Network Security and Intrusion Detection