I. Field
The following description relates generally to data protection and more particularly to multiple party digital signatures.
II. Background
When a mobile device downloads data (or has data pushed to it in some fashion), it makes an assessment of such data's trustworthiness. This is particularly important for executable data or code, for example. Conversely, if an attacker can convince a device that malicious data is trustworthy such attacker has a way of subverting the device's integrity.
The creation of digital signatures by use of public key techniques is typically utilized to ensure trustworthiness of data. Typically, a private key is used to generate a signature, the authenticity of which may then be verified by using the conjugate public key. Public keys are commonly transmitted and stored in certificates, which bear the key itself and associated validity and policy meta-information, and which are signed by a higher order certification authority. The public key of each certification authority may also be stored in a certificate, thereby implying a chain of trust and a certification hierarchy.
A private key is compromised whenever it is disclosed to unauthorized parties or used in an unauthorized way. Once a key is compromised, the chain of trust is broken. Additionally, a private key may be lost, and therefore rendered unusable. In both scenarios, the key should be revoked, and a new key generated.
If a single key is used to sign blocks of data, then a single compromise will allow an attacker to exploit the system. If the signer becomes aware of the compromise, then the key may be revoked. However, there are isolated environments (such as bootstrap loaders) that may not have real-time access to certificate revocation information. Furthermore, if the compromise occurs because the signer has “turned rogue,” there is no effective countermeasure.
Once a mobile device has been compromised, it may not, or it may be difficult to, be returned to a trustworthy state without physical access to the device. In the case of cell phones, for example, the cost of recalling devices after a widespread security breach is immense. Furthermore, the attacker may be in physical possession of the device and thus has no motivation to return the device to a trustworthy state.
Therefore, a high-level assurance of the trustworthiness of data on a mobile device, at not only download time but also whenever it is used, is needed. While contemporary digital signature techniques go some way to solving this problem, they do not provide the necessary assurance under certain conditions. For example, when a mobile device is booting it has no access to a network and hence no access to revocation information, however the integrity of the bootstrap mechanism is fundamental.
In addition, there are multiple legitimate stakeholders involved in determining what data should be trusted by a mobile device. Assurance mechanisms need to account for multiple authorities, and furthermore account for the case where an authority acts improperly.