PROJECT TITLE :
Design, Analysis, and Implementation of ARPKI: An Attack-Resilient Public-Key Infrastructure - 2018
This Transport Layer Security (TLS) Public-Key Infrastructure (PKI) is based on a weakest-link security model that depends on over a thousand trust roots. The recent history of malicious and compromised Certification Authorities has fueled the need for alternatives. Creating a replacement, secure infrastructure is, but, a surprisingly difficult task thanks to the large variety of parties involved and the numerous ways that they will interact. A principled approach to its design is therefore mandatory, as humans cannot feasibly think about all the cases that may occur thanks to the multitude of interleavings of actions by legitimate parties and attackers, like private key compromises (e.g., domain, Certification Authority, log server, other trusted entities), key revocations, key updates, etc. We tend to present ARPKI, a PKI architecture that ensures that certificate-related operations, like certificate issuance, update, revocation, and validation, are clear and accountable. ARPKI efficiently supports these operations, and gracefully handles catastrophic events such as domain key loss or compromise. Moreover ARPKI is the primary PKI design that's co-designed with a proper model, and we have a tendency to verify its core security property using the TAMARIN prover. We have a tendency to prove that ARPKI offers extremely robust security guarantees, where compromising even n - 1 trusted signing and verifying entities is insufficient to launch a person-in-the-middle attack. Moreover, ARPKI's use deters misbehavior as all operations are publicly visible. Finally, we tend to present a symptom-of-concept implementation that gives all the options required for deployment. Our experiments indicate that ARPKI efficiently handles the certification method with low overhead. It will not incur additional latency to TLS, since no additional round visits are needed.
Did you like this research project?
To get this research project Guidelines, Training and Code... Click Here