Reducing Trust in Automated Certificate Authorities via Proofs-of-Authentication

TL;DR

This paper introduces a cryptographic method to reduce trust in automated CAs by embedding proofs of authentication, enhancing security without requiring major changes to existing protocols.

Contribution

It proposes a novel cryptographic technique for CAs to embed proofs of authentication, compatible with current OIDC deployments, to mitigate impersonation risks.

Findings

Implemented a proof of concept using Guillou-Quisquater signatures

Achieved minimal modifications to existing Sigstore CA infrastructure

Enhanced security by embedding proofs of authentication in certificates

Abstract

Automated certificate authorities (CAs) have expanded the reach of public key infrastructure on the web and for software signing. The certificates that these CAs issue attest to proof of control of some digital identity. Some of these automated CAs issue certificates in response to client authentication using OpenID Connect (OIDC, an extension of OAuth 2.0). This places these CAs in a position to impersonate any identity. Mitigations for this risk, like certificate transparency and signature thresholds, have emerged, but these mitigations only detect or raise the difficulty of compromise. Researchers have proposed alternatives to CAs in this setting, but many of these alternatives would require prohibitive changes to deployed authentication protocols. In this work, we propose a cryptographic technique for reducing trust in these automated CAs. When issuing a certificate, the CAs embed a proof of authentication from the subject of the certificate -- but without enabling replay attacks. We explain multiple methods for achieving this with tradeoffs between user privacy, performance, and changes to existing infrastructure. We implement a proof of concept for a method using Guillou-Quisquater signatures that works out-of-the-box with existing OIDC deployments for the open-source Sigstore CA, finding that minimal modifications are required.