Tamper-Evident Digital Signatures: Protecting Certification Authorities Against Malware

Tamper-Evident Digital Signatures:Protecting Certification Authorities Against Malware

Jong Youl ChoiDept. of Computer ScienceIndiana University at Bloomington

Philippe GollePalo Alto Research Center

Markus JakobssonSchool of InformaticsIndiana University at Bloomingtonjychoi@cs.indiana.ed

upgolle@parc.com

markus@indiana.edu

Page 2Threats to Certificate Authorities• Stealing private key

– Malicious attack such as Trojan horse, virus

– Leaking CA’s private key via covert-channel

• Hidden communication channel– CAs use lots of random numbers– Hard to prove randomness since it is

directly related to privacy

Page 3

What is a covert channel?• Hidden communication channel• Steganography – Information hiding

Original Image Extracted Image

Page 4Prisoners' problem [Simmons,’93]

• Two prisoners want to exchange messages, but must do so through the warden

• Subliminal channel in DSA

What Plan?

Plan A

Page 5

Leaking attack on RSA-PSS• A random salt is used

as a padding string in a signature

• In verification process, the salt is extracted from the message

• Hidden informationcan be embedded inthe salt

RSA-PSS : PKCS #1 V2.1

Page 6

Approaches• Need an observer to detect leaking• An observer investigates outputs

from CA

mk

Pseudo Random Number Generator

Sigk

Something hidden?

Certificate Authority

• Malicious attack• Replacement of function

Page 7

Hindsight• Observing is not easy

because of a random number– looking innocuous – Not revealing any state

• Fine as long as a random number is generated in a designated way

• Using hindsight, we detect abnormal behavior generating a random number

Page 8

Weakness of an observer• An observer can be attacked,

causing a single point of failure

mk

Pseudo Random Number Generator

Sigk

Something hidden?

Certificate Authority

Public verifiability with multiple observers

Page 9

Undercover observer• CA outputs non-interactive proof

as well as signature• Ambushes until verification is invalid

mk

Pseudo Random Number Generator

Sigk

Page 10

Tamper-evident Chain• Predefined set of random values

in lieu of random number on the fly • Hash chain verification

s1 s2 s3 …. sn Seed

Sig1 Sig2 …. Sign

h()h()h()h()h()

?s1=h(s2)

?sn-1=h(sn)

s’3

Sig’3

?s2=h(s3)

?s0=h(s1)

s0

h()

Page 11

DSA Signature Scheme• Gen : x y = gx mod p• Sign : m (s, r)

where r = (gk mod p) mod q and s = k-1(h(m) + x r) for random value k

• Verify : For given signature (s, r),u1 = h(m) s-1

u2 = r s-1

and check r=gu1 yu2 mod p mod q

Page 12

Hash chain construction

k1 k2 k3 …. kn

PRNG

Sig1 Sig2 …. Sign

h()h()h()h()

?w1=h(r2||w2)

?wn-1=h(rn||wn)

k’3

Sig’3

?w2=h(r3||w3)

r1=gk1 r2=gk2 …. rn=gknr3=gk3

w1 w2….

wnw3

r3’=gk3

w0

?w0=h(r1||w1)

Seed

Page 13

Conclusion• Any leakage from CAs is dangerous• CAs are not strong enough

from malicious attacks• We need observers which are under-

cover• A small additional cost for proofs

Or, Send me emails : jychoi@cs.indiana.edu