<title>Tailoring PKI for the battlespace</title>

Abstract

A Public Key Infrastructure (PKI) can provide useful communication protections for friendly forces in the battlespace. The PKI would be used in conjunction with communication facilities that are accorded physical and Type-1 cryptographic protections. The latter protections would safeguard the confidentiality and (optionally) the integrity of communications between enclaves of users, whereas the PKI protections would furnish identification, authentication, authorization and privacy services for individual users. However, Commercial-Off-the-Shelf (COTS) and most Government-Off-the-Shelf (GOTS) PKI solutions are not ideally tailored for the battlespace environment. Most PKI solutions assume a relatively static, high-bandwidth communication network, whereas communication links in the battlespace will be dynamically reconfigured and bandwidth-limited. Most enterprise-wide PKI systems assume that users will enroll and disenroll at an orderly pace, whereas the battlespace PKI “enterprise” will grow and shrink abruptly as units are deployed or withdrawn from the battlespace. COTS and GOTS PKIs are seldom required to incorporate temporary enterprise mergers, whereas the battlespace “enterprise” will need to incorporate temporary coalitions of forces drawn from various nations. This paper addresses both well-known and novel techniques for tailoring PKI for the battlespace environment. These techniques include the design of the security architecture, the selection of appropriate options within PKI standards, and some new PKI protocols that offer significant advantages in the battlespace.