Tamper-Evident Digital Signatures: Protecting Certification Authorities Against Malware - PowerPoint PPT Presentation

About This Presentation
Title:

Tamper-Evident Digital Signatures: Protecting Certification Authorities Against Malware

Description:

Hidden communication channel. Steganography Information hiding. Original Image. Extracted Image ... Something hidden? Certificate Authority. Page 7 ... – PowerPoint PPT presentation

Number of Views:58
Avg rating:3.0/5.0
Slides: 13
Provided by: stude815
Category:

less

Transcript and Presenter's Notes

Title: Tamper-Evident Digital Signatures: Protecting Certification Authorities Against Malware


1
Tamper-Evident Digital SignaturesProtecting
Certification Authorities Against Malware
  • Jong Youl Choi
  • Computer Science Dept.
  • Indiana University at Bloomington

Philippe Golle Palo Alto Research Center CA, USA
Markus Jakobsson School of Informatics Indiana
University at Bloomington
2
Threats to Certificate Authorities
  • Certificate repudiation
  • A user chooses weak private key
  • Intentionally let his private key be leaking
    discretely for forgery
  • Certificate private key leaking
  • Malicious attack such as Trojan horse
  • Leaking CAs private via covert-channel

3
What is a covert channel?
  • Hidden communication channel
  • Steganography Information hiding

Original Image
Extracted Image
4
Prisoners' problem Simmons,93
  • Two prisoners want to exchange messages, but must
    do so through the warden
  • Subliminal channel in DSA

What Plan?
Plan A
5
Leaking attack on RSA-PSS
  • Random salt is usedfor padding string in
    encryption
  • In verification process, salt is extracted from
    EM
  • Hidden informationcan be embedded insalt value

RSA-PSS PKCS 1 V2.1
6
Approaches
  • Detect leaking
  • A warden observes outputs from CA

Something hidden?
  • Malicious attack
  • Replacement of function

Pseudo Random Number Generator
Certificate Authority
mk
Sigk
7
Approaches (Contd)
  • Observing is not so easy because random number
    ...
  • looks innocuous
  • Or, doesnt reveal any state
  • A warden (observer) can be attacked

Something hidden?
Pseudo Random Number Generator
Certificate Authority
mk
Sigk
8
Undercover observer
  • Signer outputs non-interactive proof as well as
    signature
  • Ambushes until verification is invalid

Pseudo Random Number Generator
mk
Sigk
9
Tamper-evident Chain
  • Predefined set of random values in lieu of
    random number on the fly
  • Hash chain verification

Hash()
Hash()
Hash()
Hash()
Hash()
x3
.
xn
x1
x2
Xn1
x3
Sig1
Sig2
.
Sign
Sig3
? X1Hash(X2)
? Xn-1Hash(Xn)
? X2Hash(X3)
10
DSA Signature Scheme
  • Gen x ? y gx mod p
  • Sign m ? (s, r) where r (gk mod p) mod q
    and s k-1(h(m) x r) for random
    value k
  • Verify For given signature (s, r), u1 h(m)
    s-1 u2 r s-1 and check rgu1 yu2 mod p mod q

11
Hash chain construction
Hash()
Hash()
Hash()
Hash()
Hash()
k1
k2
k3
.
kn
kn1
k3
.
rgk1
rgk2
rgkn
rgk3
rgk3
P1
P2
Pn
P3
Pn1
.
Sign
.
Sig2
Sig3
Sig1
? X1Hash(X2)
? Xn-1Hash(Xn)
? X2Hash(X3)
12
Conclusion
  • Any leakage from CAs is dangerous
  • CAs are not strong enough from malicious attacks
  • We need observers which are under-cover
  • A small additional cost for proofs

Or, Send me email jychoi_at_cs.indiana.edu
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Tamper-Evident Digital Signatures: Protecting Certification Authorities Against Malware" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!