Automatically detecting the misuse of secrets: foundations, design principles, and applications

Kevin Milner, Cas Cremers, Jiangshan Yu, Mark Ryan

Research output: Chapter in Book/Report/Conference proceedingConference PaperResearchpeer-review

3 Citations (Scopus)

Abstract

We develop foundations and several constructions for security protocols that can automatically detect, without false positives, if a secret (such as a key or password) has been misused. Such constructions can be used, e.g., to automatically shut down compromised services, or to automatically revoke misused secrets to minimize the effects of compromise. Our threat model includes malicious agents, (temporarily or permanently) compromised agents, and clones.
Previous works have studied domain-specific partial solutions to this problem. For example, Google's Certificate Transparency aims to provide infrastructure to detect the misuse of a certificate authority's signing key, logs have been used for detecting endpoint compromise, and protocols have been proposed to detect cloned RFID/smart cards. Contrary to these existing approaches, for which the designs are interwoven with domain-specific considerations and which usually do not enable fully automatic response (i.e., they need human assessment), our approach shows where automatic action is possible. Our results unify, provide design rationales, and suggest improvements for the existing domain-specific solutions.
Based on our analysis, we construct several mechanisms for the detection of misuse. Our mechanisms enable automatic response, such as revoking keys or shutting down services, thereby substantially limiting the impact of a compromise.
In several case studies, we show how our mechanisms can be used to substantially increase the security guarantees of a wide range of systems, such as web logins, payment systems, or electronic door locks. For example, we propose and formally verify an improved version of Cloudflare's Keyless SSL protocol that enables key misuse detection.

Original languageEnglish
Title of host publicationProceedings - IEEE 30th Computer Security Foundations Symposium CSF 2017
Subtitle of host publication21 – 25 August 2017 Santa Barbara, California
EditorsBoris Kopf, Steve Chong
Place of PublicationPiscataway NJ USA
PublisherIEEE, Institute of Electrical and Electronics Engineers
Pages203-216
Number of pages14
ISBN (Electronic)9781538632161, 9781538632178
ISBN (Print)9781538632185
DOIs
Publication statusPublished - 2017
Externally publishedYes
EventIEEE Computer Security Foundations Symposium 2017 - Santa Barbara, United States of America
Duration: 21 Aug 201725 Aug 2017
Conference number: 30th
http://csf2017.tecnico.ulisboa.pt/cfp.html

Conference

ConferenceIEEE Computer Security Foundations Symposium 2017
Abbreviated titleCSF 2017
CountryUnited States of America
CitySanta Barbara
Period21/08/1725/08/17
Internet address

Cite this

Milner, K., Cremers, C., Yu, J., & Ryan, M. (2017). Automatically detecting the misuse of secrets: foundations, design principles, and applications. In B. Kopf, & S. Chong (Eds.), Proceedings - IEEE 30th Computer Security Foundations Symposium CSF 2017: 21 – 25 August 2017 Santa Barbara, California (pp. 203-216). [8049721] IEEE, Institute of Electrical and Electronics Engineers. https://doi.org/10.1109/CSF.2017.21