Provable Security for PKI Schemes

Sara Wrótniak; Hemi Leibowitz; Ewa Syta; Amir Herzberg

doi:10.1145/3658644.3670374

Provable Security for PKI Schemes

Sara Wrótniak, Hemi Leibowitz, Ewa Syta, Amir Herzberg

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

PKI schemes provide a critical foundation for applied cryptographic protocols. However, there are no rigorous security specifications for realistic PKI schemes, and therefore, no PKI schemes were proven secure. Cryptographic systems that use PKI are analyzed by adopting overly simplified models of PKI, often simply assuming securely-distributed public keys. This is problematic given the extensive reliance on PKI, the multiple failures of PKI systems, and the complexity of both proposed and deployed systems, which involve complex requirements and models. We present game-based security specifications for PKI schemes and analyze important and widely deployed PKIs: PKIX and two variants of Certificate Transparency (CT). These PKIs are based on the X.509v3 standard and its CRL revocation mechanism. Our analysis identified a few subtle vulnerabilities and provides reduction-based proofs showing that the PKIs ensure specific requirements under specific models (assumptions). To our knowledge, this is the first reduction-based proof of security for a realistic PKI scheme, e.g., supporting certificate chains.

Original language	English
Title of host publication	CCS 2024 - Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security
Publisher	Association for Computing Machinery, Inc
Pages	1552-1566
Number of pages	15
ISBN (Electronic)	9798400706363
DOIs	https://doi.org/10.1145/3658644.3670374
State	Published - 9 Dec 2024
Externally published	Yes
Event	31st ACM SIGSAC Conference on Computer and Communications Security, CCS 2024 - Salt Lake City, United States Duration: 14 Oct 2024 → 18 Oct 2024

Publication series

Name	CCS 2024 - Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security

Conference

Conference	31st ACM SIGSAC Conference on Computer and Communications Security, CCS 2024
Country/Territory	United States
City	Salt Lake City
Period	14/10/24 → 18/10/24

Bibliographical note

Publisher Copyright:
© 2024 Copyright held by the owner/author(s).

Keywords

PKI
provable-security

Access to Document

10.1145/3658644.3670374

Cite this

Wrótniak, S., Leibowitz, H., Syta, E., & Herzberg, A. (2024). Provable Security for PKI Schemes. In CCS 2024 - Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security (pp. 1552-1566). (CCS 2024 - Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security). Association for Computing Machinery, Inc. https://doi.org/10.1145/3658644.3670374

@inproceedings{f359b48e7fbd48a88240732bb2781d3a,

title = "Provable Security for PKI Schemes",

abstract = "PKI schemes provide a critical foundation for applied cryptographic protocols. However, there are no rigorous security specifications for realistic PKI schemes, and therefore, no PKI schemes were proven secure. Cryptographic systems that use PKI are analyzed by adopting overly simplified models of PKI, often simply assuming securely-distributed public keys. This is problematic given the extensive reliance on PKI, the multiple failures of PKI systems, and the complexity of both proposed and deployed systems, which involve complex requirements and models. We present game-based security specifications for PKI schemes and analyze important and widely deployed PKIs: PKIX and two variants of Certificate Transparency (CT). These PKIs are based on the X.509v3 standard and its CRL revocation mechanism. Our analysis identified a few subtle vulnerabilities and provides reduction-based proofs showing that the PKIs ensure specific requirements under specific models (assumptions). To our knowledge, this is the first reduction-based proof of security for a realistic PKI scheme, e.g., supporting certificate chains.",

keywords = "PKI, provable-security",

author = "Sara Wr{\'o}tniak and Hemi Leibowitz and Ewa Syta and Amir Herzberg",

note = "Publisher Copyright: {\textcopyright} 2024 Copyright held by the owner/author(s).; 31st ACM SIGSAC Conference on Computer and Communications Security, CCS 2024 ; Conference date: 14-10-2024 Through 18-10-2024",

year = "2024",

month = dec,

day = "9",

doi = "10.1145/3658644.3670374",

language = "אנגלית",

series = "CCS 2024 - Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security",

publisher = "Association for Computing Machinery, Inc",

pages = "1552--1566",

booktitle = "CCS 2024 - Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security",

}

Wrótniak, S, Leibowitz, H, Syta, E & Herzberg, A 2024, Provable Security for PKI Schemes. in CCS 2024 - Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security. CCS 2024 - Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security, Association for Computing Machinery, Inc, pp. 1552-1566, 31st ACM SIGSAC Conference on Computer and Communications Security, CCS 2024, Salt Lake City, United States, 14/10/24. https://doi.org/10.1145/3658644.3670374

Provable Security for PKI Schemes. / Wrótniak, Sara; Leibowitz, Hemi; Syta, Ewa et al.
CCS 2024 - Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security. Association for Computing Machinery, Inc, 2024. p. 1552-1566 (CCS 2024 - Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Provable Security for PKI Schemes

AU - Wrótniak, Sara

AU - Leibowitz, Hemi

AU - Syta, Ewa

AU - Herzberg, Amir

PY - 2024/12/9

Y1 - 2024/12/9

N2 - PKI schemes provide a critical foundation for applied cryptographic protocols. However, there are no rigorous security specifications for realistic PKI schemes, and therefore, no PKI schemes were proven secure. Cryptographic systems that use PKI are analyzed by adopting overly simplified models of PKI, often simply assuming securely-distributed public keys. This is problematic given the extensive reliance on PKI, the multiple failures of PKI systems, and the complexity of both proposed and deployed systems, which involve complex requirements and models. We present game-based security specifications for PKI schemes and analyze important and widely deployed PKIs: PKIX and two variants of Certificate Transparency (CT). These PKIs are based on the X.509v3 standard and its CRL revocation mechanism. Our analysis identified a few subtle vulnerabilities and provides reduction-based proofs showing that the PKIs ensure specific requirements under specific models (assumptions). To our knowledge, this is the first reduction-based proof of security for a realistic PKI scheme, e.g., supporting certificate chains.

AB - PKI schemes provide a critical foundation for applied cryptographic protocols. However, there are no rigorous security specifications for realistic PKI schemes, and therefore, no PKI schemes were proven secure. Cryptographic systems that use PKI are analyzed by adopting overly simplified models of PKI, often simply assuming securely-distributed public keys. This is problematic given the extensive reliance on PKI, the multiple failures of PKI systems, and the complexity of both proposed and deployed systems, which involve complex requirements and models. We present game-based security specifications for PKI schemes and analyze important and widely deployed PKIs: PKIX and two variants of Certificate Transparency (CT). These PKIs are based on the X.509v3 standard and its CRL revocation mechanism. Our analysis identified a few subtle vulnerabilities and provides reduction-based proofs showing that the PKIs ensure specific requirements under specific models (assumptions). To our knowledge, this is the first reduction-based proof of security for a realistic PKI scheme, e.g., supporting certificate chains.

KW - PKI

KW - provable-security

UR - https://www.scopus.com/pages/publications/85215502830

U2 - 10.1145/3658644.3670374

DO - 10.1145/3658644.3670374

M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???

AN - SCOPUS:85215502830

T3 - CCS 2024 - Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security

SP - 1552

EP - 1566

BT - CCS 2024 - Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security

PB - Association for Computing Machinery, Inc

T2 - 31st ACM SIGSAC Conference on Computer and Communications Security, CCS 2024

Y2 - 14 October 2024 through 18 October 2024

ER -

Wrótniak S, Leibowitz H, Syta E, Herzberg A. Provable Security for PKI Schemes. In CCS 2024 - Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security. Association for Computing Machinery, Inc. 2024. p. 1552-1566. (CCS 2024 - Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security). doi: 10.1145/3658644.3670374

Provable Security for PKI Schemes

Abstract

Publication series

Conference

Bibliographical note

Keywords

Access to Document

Other files and links

Fingerprint

Cite this