Recent years have shown the fallacy of Certificate Authorities (CAs); insiders are able to steal master signing keys and impersonate certificates, exploitation of system vulnerabilities and other means of infiltration allow attackers to gain access to CAs and copy their keys, etc. At stake is the mere survival of public key infrastructures as trust in them is bootstrapped from trust in certificates that bind public keys to known identities. The current attack surface exposed by CAs makes trust in their issued certificates questionable. The main problem is the information that a current stolen key leaks about to-be-used future keys for signing future certificates.
This project introduces a new notion of backward security allowing a CA to revoke newly reconstructed secret keys, which were maliciously modified by an attacker and are known to the attacker, before the attacker is even able to sign valid certificates. The project also provides efficient self-recovery meaning that, in the presence of a powerful adversary, CAs are able to replace revoked keys by a new non-compromised signing key sequence. Self-recovering CAs promise strong security guarantees against the most powerful attacker who can read all digital state and this will have a major societal impact: enterprises and individuals will be able to trust such CAs and will regain trust in public key infrastructures as a whole. Self-recovering CAs eliminate a serious security threat to our economy and society.
|