Two-Head Dragon Protocol: Preventing Cloning of Signature Keys
Cryptographic techniques based on possession of private keys rely very much on the assumption that the private keys can be used only by the key’s owner. As contemporary architectures of operating systems do not provide such a guarantee, special devices such as smart cards and TPM modules are intended to serve as secure storage for such keys. When carefully designed, these devices can be examined and certified as secure devices for holding private keys. However, this approach has a serious drawback: certification procedure is expensive, requires very specialized knowledge and its result cannot be verified independently by an end-user. On the other hand, malicious cryptography techniques can be used to circumvent the security mechanisms installed in a device. Moreover, in practice we often are forced to retreat to solutions such as generation of the private keys outside secure devices. In this case we are forced to trust blindly the parties providing such services.
We propose an architecture for electronic signatures and signature creation devices such that in case of key leakage, any use of leaked keys will be detected with a fairly high probability. The main idea is that using the private keys outside the legitimate place leads to disclosure of these keys preventing any claims of validity of signatures in any thinkable legal situation.
Our approach is stronger than fail-stop signatures. Indeed, fail-stop signatures protect against derivation of keys via cryptanalysis of public keys, but cannot do anything about key leakage or making a copy of the key by a service provider that generates the key pairs for the clients.
Our approach is a simple alternative to the usual attempts to make cryptographic cards and TPM as tamper resistant as possible, that is, to solve the problem alone by hardware means. It also addresses the question of using private keys stored in not highly secure environment without a dramatic redesign of operating systems. It can be used as a stand alone solution, or just as an additional mechanism for building trust of an end-user.
Keywordssignature-creation device electronic signature cloning tamper evidence key compromise legal undeniability
Unable to display preview. Download preview PDF.
- 2.Drimer, S., Murdoch, S.J., Anderson, R.J.: Thinking inside the box: System-level failures of tamper proofing. In: IEEE Symposium on Security and Privacy, pp. 281–295. IEEE Computer Society, Los Alamitos (2008)Google Scholar
- 3.Itkis, G.: Cryptographic tamper evidence. In: CCS 2003: Proc. 10th ACM Conference on Computer and Communications Security, pp. 355–364. ACM, New York (2003)Google Scholar
- 4.Pfitzmann, B., Waidner, M.: Fail-stop-signaturen und ihre anwendung. In: Pfitzmann, A., Raubold, E. (eds.) VIS. Informatik-Fachberichte, vol. 271, pp. 289–301. Springer, Heidelberg (1991)Google Scholar
- 9.Boneh, D., Ding, X., Tsudik, G., Wong, C.M.: Instantenous revocation of security capabilities. In: USENIX Security Symposium (2001), http://www.usenix.org/events/sec01/full_papers/boneh/boneh_html/index.html
- 11.Brands, S.: An efficient off-line electronic cash system based on the representation problem. Technical report (1993)Google Scholar
- 16.Bellare, M., Rogaway, P.: Random oracles are practical: A paradigm for designing efficient protocols. In: ACM Conference on Computer and Communications Security, pp. 62–73 (1993)Google Scholar
- 20.Bellare, M., Rogaway, P.: Random oracles are practical: A paradigm for designing efficient protocols (1995), http://cseweb.ucsd.edu/~mihir/papers/ro.pdf