PKI Research.

Mental Models. One branch of this work explored whether, for basic applications the deployment community considered, the reality of what the systems were doing with the cryptography matched what the users and designers thought they were doing.

• Server-side SSL. Can a user correctly distinguish what his or her computer is saying about the trustworthiness of a remote ?

  Web users rely on their browsers to display signals--such as the lock icon--to communicate the identity and security of the server at the other end. Two students and Prof. Smith extended Felten's classic work by discovering and demonstrated that the richness of what a browser will render on behalf of a remote server can permit a malicious server to send content that effectively mimics arbitrary aspects of the browser's user interface, including these security signals [YYS02].

• Digital Signatures. Can a user conclude that, if their Office or email tools report a document was signed by , that was aware of and approved the virtual piece of paper that sees? We've also been exploring the vulnerabilities of current implementations--and the fundamental limits of this technology. As part of the former, we've shown how commercial PKI packages can permit creation of documents that change in usefully malicious ways (such as an expense report whose numbers grow after the chair signs it) without invalidating the signature [KSA02]. (Jøsang [JDA02] concurrently published similar results--using an orthogonal set of techniques!)
• Client-side SSL. This variation of the standard SSL protocol uses identity PKI--based on a key pair at the browser--to let a server authenticate the user of a Web application. However, client-side SSL raises a new set of user interface and protocol issues: how does know that her browser only uses her private key for the service wanted? Our work on keyjacking that suggests this problem is serious and subtle: in particular, the standard Windows/IE environment requires the entire machine to be the TCB [MSZ03,MSZ04].

This work led to speculation on the role of HCI for effective PKI, and an invitation to participate in the 2003 ACM Workshop on Human-Computer Interaction and Security Systems--the foundation of the new field of HCISEC [Smi03c].

We also initiated projects to address some of these problems.

• Trusted Paths for Browsers. Our Web spoofing work above demonstrated that popular browser interfaces cannot securely express the existence of an SSL channel or the identity of the server. We followed up that work by designing, prototyped, and tested an effective countermeasure within open-source Mozilla [YS02,YSA04].
• Secure-Hardware-Enhanced MyProxy (SHEMP). Our keyjacking work discussed above showed that standard desktops are not good places to keep private keys. Our Bear/Enforcer trusted computing work provides a way to increase assurance of ordinary desktops; the Grid community's MyProxy provides a foundation for authentication using temporary keypairs, and OASIS' XACML provides a standard way of expressing policies. In ongoing work, Ph.D.student John Marchesini is combining these tools to produce a way for users to employ proxy keypairs for signatures and encryption as well, limited by predefined policies geared toward the trustworthiness of the client platform [MS04b,MS04a].

Relying Parties. Another branch explored how we can ease the job of the relying party.

• Virtual Hierarchies. Within broader PKI trust architectures, relying parties must choose between the robustness of mesh architectures and the easy path construction of hierarchies. In early work (and as part of the Marianas project with David Nicol), Marchesini and Smith used the 4758 trusted computing platform and P2P to build virtual hierarchies for PKI that achieve the advantages of both approaches [MS02].
• Distributed SEM. In traditional PKI, a CA binds a public key to some property of the keyholder. Relying parties need to be able to determine whether or not the CA has revoked this binding. To simplify revocation checking in non-compromise scenarios, Boneh et al proposed theSemi-Trusted Mediator (SEM) approach [BDTW01]. Both a mediator and the user hold shares of the user's private key and must participate in the private key operation; the mediator can instantly revoke the key by deleting its each share.

  The initial SEM approach had problems with trust and scalability. As part of his senior thesis, Gabe Vanrenen and Smith designed and prototyped a way to distribute SEM by using a P2P network of mediators (to improve availability), hardware-enhanced trusted computing platforms (to improve trust), and threshold cryptography and strong forward secrecy (to mitigate damage from compromised mediators)  [VS04]. We've since ported this onto our Bear/Enforcer trusted computing platform [VSM05].

Expressiveness. We've also explored the expressiveness of current PKI systems.

• Greenpass. In traditional PKI, a central, distinguished authority binds names to public keys. In many real-world scenarios, names may not be the appropriate parameter, and a central authority may not exist. In our Greenpass project, we explore this setting in practice--using lightweight SPKI/SDSI authorization grafted on to X.509 to permit local users to delegate access to guests, in a WLAN secured by EAP-TLS [GKS+04]. This projected attracted a $100K donation from Cisco, and also formed the initial inspiration of my Intel URC grant.
• In our paper at Allerton in 2004, we took a more thorough the mismatches between the authorization expressed by standard PKI tools and the authorization actually required by real-world scenarios [SMS04].

Performance. With Ph.D. student Meiyuan Zhao, we have also been exploring large-scale performance of PKI-based protocols, using parallel simulation.

• With Dave Nicol, we examined the performance impact of the signatures and verification that S-BGP uses to secure Internet routing path announcements. As part of this work, we discovered some ways of amortizing signatures that has less impact than the most optimistic S-BGP optimizations proposed, without their costs [NSZ04].
• Subsequently, we extended this analysis to examine origin authentication, certificate revocation, and recent aggregate signature proposals [ZSN05].
• In ongoing work sponsored by Sun Corporation, Meiyuan is using this same framework to examine the performance of certificate path discovery protocols designed by Sun's Internet Security Labs.