Technical Field
This disclosure relates generally to protecting security systems against compromise of trust anchors, such as Certificate Authorities (CAs).
Background of the Related Art
A certificate authority or certification authority (CA) is an entity that issues digital certificates. A digital certificate certifies the ownership of a public key by a named subject (e.g., a server domain) of the certificate. The existence of a digital certificate enables others to rely upon digital signatures or other assertions made about a private key that corresponds to the certified public key. Certificate Authorities (CAs) are considered a “trust anchor” because they maintain the private key used to sign certificates. In addition, typically CAs use the RSA public key algorithm for signing, and this algorithm is believed to be secure for sufficiently large key sizes.
In several publicized events, attackers have exploited vulnerabilities in certificate authorities, which have allowed them to generate valid certificates (i.e., getting their code or public keys signed by a CA). Using these valid certificates, attackers have validated malware, impersonated legitimate web sites (e.g., Yahoo®, Google® and others), and performed man-in-the-middle (MITM) attacks, thereby allowing them to obtain sensitive user information, such as login/password, email accounts, and the like.
There are a number of current approaches to address this problem. One approach is to mark or remove certificates using certificate revocation lists. Another is to provide on-line certificate status, or to provide higher assurances with respect to issuing the certificate (e.g., Extended Validation Secure Sockets Layer (SSL) certificates). Public key pinning is an approach by which domain owners specify a set of public keys that must be present in the host's certificate chain when establishing a Transport Layer Security (TLS) connection. The Domain Name System (DNS)-Based Authentication of Named Entities (DANE) solution associates public keys with particular server names. The Trust Assertions for Certificate Key (TACK) solution pins hostnames to special public keys that are used to validate server TLS public keys.
Many of these approaches, such as certificate revocation lists (CRL) and on-line certificate status, are only useful after a compromised CA signing key has been detected and flagged. Others present complex implementation issues or scalability challenges, in part because notifying and updating possible affected clients in a very short period of time to avoid widespread attacks is often very difficult.
There remains a need to provide enhanced techniques to make it more difficult for an attacker to compromise a trust anchor and thereby obtain access to what should otherwise be protected communications between a client and a server.