PKI证书服务的安全增强技术

信息安全研究 ›› 2019, Vol. 5 ›› Issue (1): 50-58.

PKI证书服务的安全增强技术

王琼霄¹,²,王聪丽¹,²,林璟锵¹,²,宋利¹,²

1. 中国科学院大学网络空间安全学院
2. 中国科学院大学网络空间安全学院

收稿日期:2019-01-08 出版日期:2019-01-15 发布日期:2019-01-08
通讯作者: 王琼霄
作者简介:王琼霄博士，高级工程师，主要研究方向为可信身份管理、网络认证、密码应用技术等. wangqiongxiao@iie.ac.cn 王聪丽硕士研究生，主要研究方向为网络安全、公钥基础设施等. wangcongli@iie.ac.cn 中国科学院大学网络空间安全学院林璟锵博士，研究员，主要研究方向为应用密码学、网络与系统安全. linjingqiang@iie.ac.cn 宋利硕士，工程师，主要研究方向为可信身份管理、网络认证等. songli@iie.ac.cn

Security Enhancement of Certificate Services in Public Key Infrastructures

Received:2019-01-08 Online:2019-01-15 Published:2019-01-08

摘要/Abstract

摘要： 公钥基础设施(public key infrastructure, PKI)基于公钥密码学提供身份鉴别、数据完整性、数据源鉴别等安全服务，是SSLTLS等重要网络安全协议的基础.PKI体系的安全性依赖于对证书认证中心(certificate authority, CA)的绝对信任，CA实现对于用户身份信息的审核确认，并为其签发相应的数字证书，数字证书可用于表示个人用户、服务器等不同实体的身份，也可包含身份主体所具有的安全属性等信息.然而，近年来CA签发虚假证书或证书被伪造的情况时有发生，CA未经严格履行用户审核、CA自身存在安全漏洞等原因导致上述问题的产生，严重影响了PKI应用的安全性.为解决CA单点失效导致证书服务不可信的问题，针对不同应用场景提出了新的PKI证书服务安全增强技术方案.针对证书服务不可信问题进行分析，对主要的PKI数字证书服务安全增强研究方案及其应用情况进行分类介绍.

关键词: 公钥基础设施, 数字证书, 证书认证中心, 证书透明化, SSL/TLS

Abstract: Based on public key cryptography, public key infrastructures (PKIs) provide security services for a range of network activities, such as authentication, data integrity, data source authentication, etc. Besides, PKIs build the foundation of many Internet security protocols, including SSL/TLS. A certification authority (CA) is the fullytrusted party in a PKI system, and is responsible for issuing digital certificate for an entity after validating the entity's identity information. A certification is capable for identifying a person or a server, in which the security attributes of the subject may be included. However, in recent years, fraudulent certificates appear frequently, which bringing the vulnerabilities to PKI-based applications. Fraudulent certificates may appear if a CA didn't validate the entity's information carefully, or it wasn't built with adequate security property. In order to solve these problems, security enhancements of PKI systems are proposed. In this paper, we analyze the security problems of CAs and discuss existing security enhancements of certificate services in PKI systems.

Key words: public key infrastructure, digital certificate, certificate authority, certificate trans-parency, SSL/TLS

王琼霄王聪丽林璟锵宋利. PKI证书服务的安全增强技术[J]. 信息安全研究, 2019, 5(1): 50-58.

参考文献

[1] Microsoft. Microsoft security bulletin MS01-017: Erroneous veriSign-issued digital certificates pose spoofing Hazard [OL]. (2003-06-23) [2018-10-15]. https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2001/ms01-017 [2] Mike Z. Criminal charges are not pursued: Hacking PKI [OL]. (2008) [2018-10-15]. https://defcon.org/images/defcon-17/dc-17-presentations/defcon-17-zusman-hacking_pki.pdf [3] SSL Shopper. SSL certificate for Mozilla.com issued without validation [OL]. (2008-12-23) [2018-10-15]. https://www.sslshopper.com/article-ssl-certificate-for-mozilla.com-issued-without-validation.html [4] Google Security Blog. Enhancing digital certificate security [OL]. (2013-01-03) [2018-10-15]. https://security.googleblog.com/2013/01/enhancing-digital-certificate-security.html [5] Google Security Blog. Further improving digital certificate security [OL]. (2013-12-07) [2018-10-15]. https://security.googleblog.com/2013/12/further-improving-digital-certificate.html [6] Google Security Blog. Sustaining digital certificate security[OL]. (2015-10-28) [2018-10-15]. https://security.googleblog.com/2015/10/sustaining-digital-certificate-security.html [7] Ryan Sleevi. Intent to deprecate and Remove: Trust in existing symantec-issued certificates [OL]. (2017-03-24) [2018-10-15]. https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/eUAKwjihhBs/rpxMXjZHCQAJ [8] Darin Fisher. Intent to deprecate and remove: Trust in existing symantec-issued certificates [OL]. (2017-03-24) [2018-10-15]. https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/eUAKwjihhBs%5B251-275%5D [9] Ivan Ristić. Monitoring of symantec certificates. [OL]. (2017-08-15) [2018-10-15]. https://www.hardenize.com/blog/monitoring-of-symantec-certificates [10] Mozilla Security Blog. Comodo certificate issue – Follow up [OL]. (2011-03-25) [2018-10-15]. https://blog.mozilla.org/security/2011/03/25/comodo-certificate-issue-follow-up/ [11] VASCO Data Security International Inc. DigiNotar reports security incident [OL]. (2011-08-30) [2018-10-15]. https://www.vasco.com/about-vasco/press/2011/news_diginotar_reports_security_incident.html [12] CA Security. In the wake of unauthorized certificate issuance by the Indian CA NIC, can government CAs still be considered “Trusted Third Parties” [OL]. (2014-07-24) [2018-10-15]. https://casecurity.org/2014/07/24/unauthorized-certificate-issuance/ [13] Google. Maintaining digital certificate security [OL]. (2014-07-08) [2018-10-15]. https://security.googleblog.com/2014/07/maintaining-digital-certificate-security.html [14] Alexander S, Marc S, Jacob A, et al. MD5 considered harmful today [OL]. (2008-12-30) [2018-10-15]. http://www.win.tue.nl/hashclash/rogue-ca/ [15] Wikipedia. Flame (malware) [OL]. (2018-11-21) [2018-12-11]. https://en.wikipedia.org/wiki/Flame_(malware) [16] Evans C, Palmer C, Sleevi R. Public key pinning extension for HTTP [S/OL]. IETF RFC 7469, 2015[2018-10-15]. https://tools.ietf.org/html/rfc7469 [17] Modell M, Toth G, Loesch C, et al. Certificate patrol [OL]. 2014[2018-12-11]. http://patrol.psyced.org/ [18] Marlinspike M, Perrin T. Trust assertions for certificate keys [OL]. (2013-01-07) [2018-10-15]. http://tack.io/draft.html [19] Braun J, Volk F, Classen J, et al. CA trust management for the Web PKI [J]. Journal of Computer Security, 2014, 22(6):913-959 [20] Abadi M, Birrell A, Mironov I, et al. Global authentication in an untrustworthy world [C] //Proc of the 16th USENIX Conf on Hot Topics in Operating Systems. Berkeley: USENIX Association, 2013:19-19 [21] Kasten J, Wustrow E, Halderman J A. Cage: Taming certificate authorities by inferring restricted scopes [C]//Proc of the 17th Int Conf on Financial Cryptography and Data Security. Berlin: Springer, 2013: 329-337 [22] Amann J, Gasser O, Scheitle Q, et al. Mission accomplished?: HTTPS security after diginotar [C] //Proc of the 2017 Internet Measurement Conf. New York: ACM, 2017:325-340 [23] Schlyter J, Hoffman P. The DNS-based authentication of named entities (DANE) transport layer security (TLS) protocol: TLSA [S]. IETF RFC 6698, 2012[2018-10-15]. https://tools.ietf.org/html/rfc6698 [24] Hallam-Baker P, Stradling R. DNS certification authority authorization (CAA) resource record [S]. IETF RFC 6844, 2013[2018-10-15]. https://tools.ietf.org/html/rfc6844 [25] Larson M, Massey D, Rose S, et al. DNS security introduction and requirements [S]. IETF RFC 4033, 2005[2018-10-15]. https://tools.ietf.org/html/rfc4033 [26] Ateniese G, Mangard S. A new approach to DNS security (DNSSEC) [C] //Proc of the 8th ACM Conf on Computer and Communications Security. New York: ACM, 2001: 86-95 [27] Laurie B, Langley A, Kasper E. Certificate transparency [S]. IETF RFC 6962, 2013[2018-10-15]. https://tools.ietf.org/html/rfc6962 [28] Kim H J, Huang L S, Perring A, et al. Accountable key infrastructure (AKI): A proposal for a public-key validation infrastructure [C] //Proc of the 22nd Int World Wide Web Conf on Steering Committee. New York: ACM, 2013: 679-690 [29] Basin D, Cremers C, Kim H J, et al. ARPKI: Attack Resilient Public-Key Infrastructure [C]//Proc of the 2014 ACM SIGSAC Conf on Computer and Communications Security. New York: ACM, 2014: 382-393 [30] Nykvist C, Sjöström L, Gustafsson J, et al. Server-Side adoption of certificate transparency [C]//Proc of the 19th Int Conf on Passive and Active Network Measurement. Berlin: Springer, 2018: 186-199 [31] Dark Reading Reports. DigiCert announces certificate transparency support [OL]. (2013-09-24) [2018-10-15]. https://web.archive.org/web/20131010015324/http://www.darkreading.com/privacy/digicert-announces-certificate-transpare/240161779 [32] Google. Certificate Transparency [OL]. 2013 [2018-10-15]. https://www.certificate-transparency.org/