Tamper-Evident Digital Signatures:Protecting Certification Authorities Against Malware

Jong Youl ChoiComputer Science Dept.Indiana University at Bloomington

Philippe GollePalo Alto Research CenterCA, USA

Markus JakobssonSchool of InformaticsIndiana University at Bloomington

Page 2Threats to Certificate Authorities• Certificate repudiation

– A user chooses weak private key – Intentionally let his private key be

leaking discretely for forgery• Certificate private key leaking

– Malicious attack such as Trojan horse– Leaking CA’s private via covert-channel

Page 3

What is a covert channel?• Hidden communication channel• Steganography – Information hiding

Original Image Extracted Image

Page 4Prisoners' problem [Simmons,’93]• Two prisoners want to exchange

messages, but must do so through the warden

• Subliminal channel in DSA

What Plan?

Plan A

Page 5

Leaking attack on RSA-PSS• Random salt is used

for padding string in encryption

• In verification process, salt is extracted from EM

• Hidden informationcan be embedded insalt value RSA-PSS : PKCS #1 V2.1

Page 6

Approaches• Detect leaking• A warden observes outputs from CA

mk

Pseudo Random Number Generator

Sigk

Something hidden?

Certificate Authority

• Malicious attack• Replacement of function

Page 7

Approaches (Cont’d)• Observing is not so easy

because random number ...– looks innocuous– Or, doesn’t reveal any state

• A warden (observer) can be attacked

mk

Pseudo Random Number Generator

Sigk

Something hidden?

Certificate Authority

Page 8

Undercover observer• Signer outputs non-interactive proof

as well as signature• Ambushes until verification is invalid

mk

Pseudo Random Number Generator

Sigk

Page 9

Tamper-evident Chain• Predefined set of random values

in lieu of random number on the fly • Hash chain verification

x1 x2 x3 …. xn Xn+1

Sig1 Sig2 …. Sign

Hash()Hash()Hash()Hash()Hash()

?X1=Hash(X2)

?Xn-1=Hash(Xn)

x’3

Sig’3

?X2=Hash(X3)

Page 10

DSA Signature Scheme• Gen : x y = gx mod p• Sign : m (s, r)

where r = (gk mod p) mod q and s = k-1(h(m) + x r) for random value k

• Verify : For given signature (s, r),u1 = h(m) s-1

u2 = r s-1

and check r=gu1 yu2 mod p mod q

Page 11

Hash chain constructionk1 k2 k3 …. kn kn+1

Sig1Sig2 …. Sign

Hash()Hash()Hash()Hash()Hash()

?X1=Hash(X2)

?Xn-1=Hash(Xn)

k’3

Sig’3

?X2=Hash(X3)

r=gk1 r=gk2 …. r=gknr=gk3

P1 P2 ….PnP3 Pn+1

r’=gk3

Page 12

Conclusion• Any leakage from CAs is dangerous• CAs are not strong enough

from malicious attacks• We need observers which are under-

cover• A small additional cost for proofs

Or, Send me email : jychoi@cs.indiana.edu