Dartmouth College
PKI Outreach

space picture

Justifying PKI

The need for improved cyber security is apparent.  Higher Education IT staff and systems are besieged by hacker attacks, viruses, and spam. Our networks tend to be very open and exposed to attack, and our users tend to exhibit risky behavior.  A PKI Lab survey of 171 Dartmouth undergraduates revealed that 75% of them shared their password, and fewer than half of those changed it after sharing.  In fact nearly two thirds of them never voluntarily change their password regardless of how they use it and despite recommendations to do so.  PKI’s strengths directly address many challenges we face, offering a way to get ahead of them and away from fire-fighting.

Despite its advantages, PKI has historically not been widely deployed in Higher Education due to:

  • High expense and complexity of implementing the infrastructure,
  • Application support for PKI unavailable or poorly implemented,
  • Lack of critical mass, and
  • Accepted adequacy of other solutions (such as name/password or IP address).
Servers, services, and tools for implementing PKI are now less expensive and more robust.  PKI infrastructure is mature and ready for extensive adoption.  Applications have lagged behind and still need refinement, but are steadily improving and will improve more rapidly with increased user demand and feedback.   Name/password and IP address authentication no longer provide adequate security and flexibility; new technologies, increased “bad guy” sophistication, increased number of services for each user, and higher usability expectations all conspire to render name/password and IP address solutions less secure, more expensive, and/or less satisfactory to users than a comprehensive PKI solution.

PKI needs intra- (and potentially inter-) institutional technical and administrative commitment and requires more policy and operational overhead to get started than traditional solutions do.  But once established PKI yields economy of scale, ease of use, and interoperability benefits far beyond competing solutions.  PKI is more secure and new, so it costs more to implement than keeping the status quo.  But the status quo exposes risks and incurs inefficiencies far more expensive in the long run than PKI’s initial investment.  The key is to overcome initial PKI adoption hurdles, and now is the time for Higher Education institutions to start.

The federal government (example 1234)state governments (article), and industry giants such as Microsoft (slightly old article) and Johnson and Johnson (article) are deploying PKI in a big way.

Global Higher Education PKI enables increased information sharing and technological collaboration in a much more pervasive fashion than is possible today.  PKI allows secure and controlled sharing of intellectual property, research, and teaching materials.  PKI adoption hurdles are lower than ever and benefits are greater than ever.  The time has come to stop studying and testing and take the plunge.

Our collaborators and Dartmouth PKI Lab are developing slides presenting the business case for deploying PKI and case studies presenting why and how Higher Education institutions have already deployed PKI.  As these become available, we will post them here.

The PKI Lab is investigating a novel use of PKI for P2P Authentication without requiring the overhead of an institutional Certification Authority.

Slides about benfits of PKI over username/password solutions
Slides about other benefits of PKI