Core Concepts
Armored Core proposes removing the private signing keys of Certificate Authorities and replacing them with Physically Unclonable Function-based operations to establish physically trusted binding of certificates, thereby eliminating the risk of signing key exposure.
Abstract
The paper presents Armored Core, a novel design for enhancing the security of Public Key Infrastructure (PKI) by removing the private signing keys of Certificate Authorities (CAs) and replacing them with Physically Unclonable Function (PUF)-based operations.
Key highlights:
The exposure of CA's private signing keys is a critical security issue in PKI, as it allows attackers to generate fraudulent certificates. Existing mitigations, such as hardware security modules and trusted execution environments, have proven ineffective against targeted attacks.
Armored Core proposes using PUF to establish physically trusted binding of certificates, eliminating the need for a digital signing key. CAs issue PUF-based X.509v3 certificates, where the endorsement of domain public keys is done using PUF responses instead of cryptographic signatures.
Armored Core introduces a PUF transparency logging mechanism, built upon Certificate Transparency, to record the PUF invocation behaviors of CAs, enabling monitoring and auditing of PUF usage.
The authors provide a formal cryptographic proof of Armored Core's main functions and implement a prototype on real-world PKI codebases, demonstrating its effectiveness and efficiency. The integration of Armored Core improves computing efficiency by over 4.9% and reduces certificate storage by more than 20%.
Armored Core addresses the key design challenges of non-queryable PUF for CAs, pre-storage of CRPs on clients, and hardware-bound CA functions, enabling seamless integration with existing PKI systems.
Stats
The paper states that Armored Core can improve computing efficiency by over 4.9% and reduce certificate storage by more than 20% compared to traditional PKI systems.
Quotes
"As many real-life incidents and CVEs have shown, the exposure risk of private signing keys of CA continues to persist. Even today, various vulnerabilities can lead to the direct or indirect exposure of these crucial keys."
"The existing mitigations are difficult to eliminate the risk of signing key exposure. Attackers can employ targeted exploitation to bypass the defenses. One successful exploitation is enough for them to issue numerous fraudulent certificates."