新PKI技术 教学课件 荆继武 第17讲 ARECA.pptVIP

A Highly Attack Resilient Certification Authority Jiwu Jing What’s in ARECA Two phase signature scheme Rooted in specific threshold algorithm Tolerate hybrid conspiracy attacks Multi level zone architecture Different security zones separated Unidirectional information flow Agenda Introduction: RSA, CA Attack Resilience Related work Two phase scheme Multi-level zone architecture Conclusion RSA algorithm One of the most popular asymmetric algorithms Large prime p,q, N=p*q e and d, that de = 1 mod (p-1)(q-1) Signing a message M: sig = (HASH(M))d mod N Verify the signature: (sig)e = HASH(M) mod N Public key is e and N Private Key is d Introduction to CA CA is Certificate Authority Issue certificates to trusted bodies Use his private key which others do not know Certificate check Can be verified using CA’s public key Can get the owner’s ID and related public key Certificate owner check Use related public key to authenticate the owner CA in PKI (figure from GAO’s report) Threshold Crypto A secret is needed to perform a function, but the secret is shared by a group of people There is a threshold t, Less than t people working together cannot perform a function More than t people working together can perform that function What we mean: Attack Resilient Attack happening on a system May obtain any information in that system May use that system to do anything bad e.g. A Trojan horse, A bribed operator Attack Resilient, We mean When: attacks happen and we are not aware Result: The attacker will know nothing Our system will keep working ( well ) Why attack resilient CA PKI is a solution of e-gov/e-commerce security CA is the kernel of a PKI system CA has too much power (Should be trusted) CA security Can not depend on vulnerable sys/net CA becomes the target of attackers CA operator: insider crimes / misuses CA should provide non-stop services Our Goal of Resilient CA Very high security Attack resilient / Intrusion tolerant Protect from outside/inside attacks Simple princip