Key Management Based on Ownership of Multiple Authenticators in Public Key Authentication

TL;DR

This paper proposes a new public key authentication mechanism that simplifies user management of multiple authenticators by using a shared ownership verification key, enhancing convenience and privacy.

Contribution

It introduces the Ownership Verification Key (OVK) system allowing users to access services with any authenticator and manage keys efficiently across devices.

Findings

Feasibility demonstrated through proof of concept

Achieves security goals for key management

Mitigates certain security threats

Abstract

Public key authentication (PKA) has been deployed in various services to provide stronger authentication to users. In PKA, a user manages private keys on her devices called authenticators, and services bind the corresponding public keys to her account. To protect private keys, a user uses authenticators which never export private keys outside. On the other hand, a user regularly uses multiple authenticators like PCs and smartphones. She replaces some of her authenticators according to their lifecycle, such as purchasing new devices and losing devices. It is a burden for a user to register, update and revoke public keys in many services every time she registers new accounts with services and replaces some of her authenticators. To ease the burden, we propose a mechanism where users and services manage public keys based on the owner of authenticators and users can access services with PKA using any of their authenticators. We introduce a key pair called an Ownership Verification Key (OVK), which consists of the private key (OVSK) and the corresponding public key (OVPK). All authenticators owned by a user derive the same OVSK from the pre-shared secret called the seed. Services verify the ownership of the authenticators using the corresponding OVPK to determine whether binding the requested public key to her account. To protect user privacy while maintaining convenience, authenticators generate a different OVK for each service from the seed independently. We demonstrate the feasibility through the Proof of Concept implementation, show that our proposed mechanism achieves some security goals, and discuss how the mechanism mitigates threats not completely handled.