TWC: Small: Self-Recovering Certificate Authorities using Backward and Forward Secure Key Management

TWC：小型：使用后向和前向安全密钥管理的自恢复证书颁发机构

• 批准号: 1617774
• 负责人: John Chandy
• 金额: $ 32.72万
• 依托单位: University of Connecticut
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2016
• 资助国家: 美国
• 起止时间: 2016-09-01 至 2021-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1617774&HistoricalAwards=false
• 关键词: TWC; Small; Self; Recovering; Certificate

Recent years have shown the fallacy of Certificate Authorities (CAs); insiders are able to steal master signing keys and impersonate certificates, exploitation of system vulnerabilities and other means of infiltration allow attackers to gain access to CAs and copy their keys, etc. At stake is the mere survival of public key infrastructures as trust in them is bootstrapped from trust in certificates that bind public keys to known identities. The current attack surface exposed by CAs makes trust in their issued certificates questionable. The main problem is the information that a current stolen key leaks about to-be-used future keys for signing future certificates. This project introduces a new notion of backward security allowing a CA to revoke newly reconstructed secret keys, which were maliciously modified by an attacker and are known to the attacker, before the attacker is even able to sign valid certificates. The project also provides efficient self-recovery meaning that, in the presence of a powerful adversary, CAs are able to replace revoked keys by a new non-compromised signing key sequence. Self-recovering CAs promise strong security guarantees against the most powerful attacker who can read all digital state and this will have a major societal impact: enterprises and individuals will be able to trust such CAs and will regain trust in public key infrastructures as a whole. Self-recovering CAs eliminate a serious security threat to our economy and society.

近年来已经显示出证书颁发机构(CA)的谬误；内部人员能够窃取主签名密钥并冒充证书，利用系统漏洞和其他渗透手段允许攻击者访问CA并复制他们的密钥等。危急关头仅仅是公钥基础设施的生存，因为对它们的信任是从对将公钥绑定到已知身份的证书的信任中引导的。CA目前暴露的攻击面使人们对其颁发的证书的信任受到质疑。主要问题是当前被盗的密钥泄露了有关将来用于签名未来证书的密钥的信息。该项目引入了一种新的向后安全概念，允许CA撤销新重建的密钥，这些密钥被攻击者恶意修改，甚至在攻击者能够签署有效证书之前就为攻击者所知。该项目还提供了有效的自我恢复，这意味着在强大的对手在场的情况下，CA能够用新的未泄露的签名密钥序列来替换被撤销的密钥。自我恢复的CA承诺针对可以读取所有数字状态的最强大的攻击者提供强大的安全保证，这将产生重大的社会影响：企业和个人将能够信任这样的CA，并将重新获得对公钥基础设施的整体信任。自行恢复的CA消除了对我们经济和社会的严重安全威胁。