Maintaining Security and Trust in Large Scale Public Key Infrastructures
Total Page:16
File Type:pdf, Size:1020Kb
Maintaining Security and Trust in Large Scale Public Key Infrastructures Vom Fachbereich Informatik der Technischen Universit¨atDarmstadt genehmigte Dissertation zur Erlangung des Grades Doktor-Ingenieur (Dr.-Ing.) von Dipl. Wirtsch.-Inform. Johannes Braun geboren in Herrenberg. Referenten: Prof. Dr. Johannes Buchmann Prof. Dr. Max M¨uhlh¨auser Tag der Einreichung: 16.03.2015 Tag der m¨undlichen Pr¨ufung: 30.04.2015 Hochschulkennziffer: D 17 Darmstadt 2015 List of Publications [B1] Johannes Braun. Ubiquitous support of multi path probing: Preventing man in the middle attacks on Internet communication. IEEE Conference on Com- munications and Network Security (CNS 2014) - Poster Session, pages 510{ 511, IEEE Computer Society, 2014. Cited on pages 52 and 173. [B2] Johannes Braun, Florian Volk, Jiska Classen, Johannes Buchmann, and Max M¨uhlh¨auser.CA trust management for the Web PKI. Journal of Computer Security, 22: 913{959, IOS Press, 2014. Cited on pages 9, 66, 89, and 104. [B3] Johannes Braun, Johannes Buchmann, Ciaran Mullan, and Alex Wiesmaier. Long term confidentiality: a survey. Designs, Codes and Cryptography, 71(3): 459{478, Springer, 2014. Cited on page 161. [B4] Johannes Braun and Gregor Rynkowski. The potential of an individ- ualized set of trusted CAs: Defending against CA failures in the Web PKI. International Conference on Social Computing (SocialCom) - PAS- SAT 2013, pages 600{605, IEEE Computer Society, 2013. Extended version: http://eprint.iacr.org/2013/275. Cited on pages 9, 32, and 57. [B5] Johannes Braun, Florian Volk, Johannes Buchmann, and Max M¨uhlh¨auser. Trust views for the Web PKI. Public Key Infrastructures, Services and Appli- cations - EuroPKI 2013, vol. 8341 of LNCS, pages 134{151. Springer, 2013. Cited on pages 9 and 66. [B6] Johannes Braun, Franziskus Kiefer, and Andreas H¨ulsing.Revocation & non- repudiation: When the first destroys the latter. Public Key Infrastructures, Services and Applications - EuroPKI 2013, vol. 8341 of LNCS, pages 31{46. Springer, 2013. Cited on pages 9 and 152. [B7] Johannes Braun, Moritz Horsch, and Andreas H¨ulsing.Effiziente Umsetzung des Kettenmodells unter Verwendung vorw¨artssicherer Signaturverfahren. iv List of Publications Tagungsband zum 13. Deutschen IT-Sicherheitskongress 2013, pages 347{359. BSI, SecuMedia Verlag, 2013. Cited on pages 9 and 152. [B8] Andreas H¨ulsingand Johannes Braun. Langzeitsichere Signaturen durch den Einsatz hashbasierter Signaturverfahren. Tagungsband zum 13. Deutschen IT-Sicherheitskongress 2013, pages 565{576. BSI, SecuMedia Verlag, 2013. Cited on pages 9, 10, and 152. [B9] Johannes Braun, Alexander Wiesmaier, and Johannes Buchmann. On the security of encrypted secret sharing. 46th Hawaii International Conference on Systems Science (HICSS-46), pages 4966{4976. IEEE Computer Society, 2013. [B10] Johannes Braun, Andreas H¨ulsing,Alexander Wiesmaier, Martin A. G. Vigil, and Johannes Buchmann. How to avoid the breakdown of public key in- frastructures - forward secure signatures for certificate authorities. Public Key Infrastructures, Services and Applications - EuroPKI 2012, vol. 7868 of LNCS, pages 53{68. Springer, 2012. Cited on pages 9, 136, and 152. [B11] Johannes Braun, Moritz Horsch, and Alexander Wiesmaier. iPIN and mTAN for secure eID applications. 8th International Conference on Information Security Practice and Experience (ISPEC 2012), vol. 7232 of LNCS, pages 259{276. Springer, 2012. Cited on page 158. [B12] Johannes Braun and Johannes Buchmann. Perfect confidentiality network - a solution for information theoretically secure key agreement. 5th IFIP International Conference on New Technologies, Mobility & Security (NTMS 2012), pages 1{5, IEEE Computer Society, 2012. [B13] Moritz Horsch, Johannes Braun, Alexander Wiesmaier, Joachim Schaaf, and Claas Baum¨oller. Verteilte Dienstnutzung mit dem neuen Personalausweis. D-A-CH Security 2012. syssec Verlag, 2012. [B14] Detlef H¨uhnlein,Dirk Petrautzki, Johannes Schm¨olz,Tobias Wich, Moritz Horsch, Thomas Wieland, Jan Eichholz, Alexander Wiesmaier, Johannes Braun, Florian Feldmann, Simon Potzernheim, J¨orgSchwenk, Christian Kahlo, Andreas K¨uhne,and Heiko Veit. On the design and implementa- tion of the Open eCard App. GI SICHERHEIT 2012 Sicherheit - Schutz und Zuverl¨assigkeit, vol. P-195 of LNI, pages 95{110. Bonner K¨ollenVerlag, 2012. List of Publications v [B15] Johannes Braun, Andreas H¨ulsing,and Alexander Wiesmaier. Schlanke In- frastrukturen f¨urden digitalen Rechtsverkehr - vorw¨artssichere Verfahren f¨ur qualifizierte elektronische Signaturen. Technical report. TU Darmstadt / IS- PRAT e.V., 2012. [B16] Alexander Wiesmaier, Moritz Horsch, Johannes Braun, Franziskus Kiefer, Detlef H¨uhnlein,Falko Strenzke, and Johannes Buchmann. An efficient PACE implementation for mobile devices. 6th ACM Symposium on Information, Computer and Communications Security (ASIA CCS 2011), pages 176{185. ACM, 2011. [B17] Johannes Braun, Moritz Horsch, Alexander Wiesmaier, and Detlef H¨uhnlein. Mobile Authentisierung und Signatur. In Peter Schartner und J¨urgenTaeger, editor, D-A-CH Security 2011, pages 32{43. syssec Verlag, 2011. [B18] Johannes Braun, Alexander Wiesmaier TU Darmstadt; Eric Klieme, Linda Strick, and Wolfgang Wunderlich Fokus Fraunhofer. Der elektronische Safe als vertrauensw¨urdigerCloud Service. Technical report. TU Darmstadt / Fokus Fraunhofer / ISPRAT e.V., 2011. Patents: [B19] Alexander Wiesmaier, Johannes Braun, and Moritz Horsch. EP 2639997 (B1) - Method and system for secure access of a first computer to a second computer. European Patent Office, September 2014. Granted EP Patent 2 639 997. [B20] Claas Baum¨oller,Joachim Schaaf, Moritz Horsch, Alexander Wiesmaier and Johannes Braun. EP 2600270 (A1) - Identification element-based authen- tication and identification with decentralized service use. European Patent Office, June 2013. Pending Application EP Patent 2 600 270. Acknowledgments My first thanks go to Professor Johannes Buchmann for giving me the possibility to write this thesis. I thank him for his support and guidance throughout the past five years and for now giving me the opportunity to take over new and interesting tasks within the Collaborative Research Center CROSSING. Next, I want to thank my collaborators and colleagues that provided valuable comments and helped me to improve this work during many discussions. Finally, I want to especially thank my family and friends. They supported and believed in me all the time. To Angelika Braun, my beloved wife. Without you by my side, this would not have been possible. Abstract In Public Key Infrastructures (PKIs), trusted Certification Authorities (CAs) issue public key certificates which bind public keys to the identities of their owners. This enables the authentication of public keys which is a basic prerequisite for the use of digital signatures and public key encryption. These in turn are enablers for e- business, e-government and many other applications, because they allow for secure electronic communication. With the Internet being the primary communication medium in many areas of economic, social, and political life, the so-called Web PKI plays a central role. The Web PKI denotes the global PKI which enables the authentication of the public keys of web servers within the TLS protocol and thus serves as the basis for secure communications over the Internet. However, the use of PKIs in practice bears many unsolved problems. Numerous security incidents in recent years have revealed weaknesses of the Web PKI. Be- cause of these weaknesses, the security of Internet communication is increasingly questioned. Central issues are (1) the globally predefined trust in hundreds of CAs by browsers and operating systems. These CAs are subject to a variety of jurisdic- tions and differing security policies, while it is sufficient to compromise a single CA in order to break the security provided by the Web PKI. And (2) the handling of re- vocation of certificates. Revocation is required to invalidate certificates, e.g., if they were erroneously issued or the associated private key has been compromised. Only this can prevent their misuse by attackers. Yet, revocation is only effective if it is published in a reliable way. This turned out to be a difficult problem in the context of the Web PKI. Furthermore, the fact that often a great variety of services depends on a single CA is a serious problem. As a result, it is often almost impossible to revoke a CA's certificate. However, this is exactly what is necessary to prevent the malicious issuance of certificates with the CA's key if it turns out that a CA is in fact not trustworthy or the CA's systems have been compromised. In this thesis, we therefore turn to the question of how to ensure that the CAs an Internet user trusts in are actually trustworthy. Based on an in depth analysis of the Web PKI, we present solutions for the different issues. In this thesis, the feasibility x Abstract and practicality of the presented solutions is of central importance. From the prob- lem analysis, which includes the evaluation of past security incidents and previous scientific work on the matter, we derive requirements for a practical solution. For the solution of problem (1), we introduce user-centric trust management for the Web PKI. This allows to individually reduce the number of CAs a user trusts in to a fraction of the original number. This significantly reduces the risk to rely on a CA, which is actually not trustworthy. The assessment of a CA's trustworthiness is user dependent and evidence-based. In addition, the