The signing key exposure of Certificate Authorities (CAs) remains a critical concern in PKI. These keys can be exposed even today by various attacks or operational errors. Traditional protections fail to eliminate such risk and one leaked key is enough to compromise the CA. This long-standing dilemma motivates us to consider removing CAs' signing keys and propose Armored Core, a PKI security extension using the trusted binding of Physically Unclonable Function (PUF) for certificate operations. It makes key exposure impossible by eliminating the digital signing keys for CA. To achieve this, we design a set of PUF-based X.509v3 certificate functions for CAs to generate physically trusted "signatures" without using a digital key. We have presented cryptographic proofs for these functions. Moreover, we introduce the first PUF transparency mechanism to effectively monitor the PUF operations in CAs. Armored Core is integrated into real-world PKI systems including Let's Encrypt Pebble and Certbot. We also provide a PUF-embedded RISC-V CPU prototype to verify the feasibility. The evaluation results show that Armored Core achieves key removal without introducing extra overhead, but improves the performance by 11% on storage and 4.9%~73.7% on computation.
翻译:暂无翻译