Provable Security for PKI Schemes

PKI provides a critical foundation to applied cryptographic protocols. However, there are no rigorous security specifications for PKI, and therefore, no PKI schemes were proven secure. This is problematic considering the extensive reliance on PKI, the multiple failures of PKI systems, and the fact that some proposed and deployed PKI schemes have complex design and advanced goals. The lack of specifications and proofs for PKI schemes means that applied cryptographic systems that use PKI are analyzed by adopting overly simplified models of the PKI, often, simply assuming secure public keys. We present game-based security specifications for PKI schemes, and prove the security of the two most important and widely deployed schemes: PKIX and Certificate Transparency (CT), both based on version 3 of the X.509 standard, and using the (standard) CRL revocation mechanism. The proof shows a reduction from an adversary that `wins\u27 the PKI-specifications game to an adversary that `wins\u27 against the underlying signature scheme or hash function. This is the first reduction-based definition and proof of security for a realistic PKI scheme

MoSS: Modular Security Specifications Framework

Applied cryptographic protocols have to meet a rich set of security requirements under diverse environments and against diverse adversaries. However, currently used security specifications, based on either simulation (e.g., `ideal functionality\u27 in UC) or games, are monolithic, combining together different aspects of protocol requirements, environment and assumptions. Such security specifications are complex, error-prone, and foil reusability, modular analysis and incremental design. We present the Modular Security Specifications (MoSS) framework, which cleanly separates the security requirements (goals) which a protocol should achieve, from the models (assumptions) under which each requirement should be ensured. This modularity allows us to reuse individual models and requirements across different protocols and tasks, and to compare protocols for the same task, either under different assumptions or satisfying different sets of requirements. MoSS is flexible and extendable, e.g., it can support both asymptotic and concrete definitions for security. So far, we confirmed the applicability of MoSS to two applications: secure broadcast protocols and PKI schemes

AUC: Accountable Universal Composability

Accountability is a well-established and widely used security concept that allows for obtaining undeniable cryptographic proof of misbehavior, thereby incentivizing honest behavior. There already exist several general purpose accountability frameworks for formal game-based security analyses. Unfortunately, such game-based frameworks do not support modular security analyses, which is an important tool to handle the complexity of modern protocols. Universal composability (UC) models provide native support for modular analyses, including re-use and composition of security results. So far, accountability has mainly been modeled and analyzed in UC models for the special case of MPC protocols, with a general purpose accountability framework for UC still missing. That is, a framework that among others supports arbitrary protocols, a wide range of accountability properties, handling and mixing of accountable and non-accountable security properties, and modular analysis of accountable protocols. To close this gap, we propose AUC, the first general purpose accountability framework for UC models, which supports all of the above, based on several new concepts. We exemplify AUC in three case studies not covered by existing works. In particular, AUC unifies existing UC accountability approaches within a single framework