On the usefulness of proof-of-possession

Public key infrastructure standards assert that proof-of-possession of private key is an essential requirement during the enrollment process. Even though the justifications for this requirement seem to be well-known within the PKI community, they do not appear to be documented anywhere. In this paper, we document and examine potential rationales for proof-of-possession and discuss their merits. We conclude that if protocols and applications are designed “properly”, proof-of-possession does not add any security. However, the world is not perfect. Many existing applications and protocols are in fact not properly designed. Proof-of-possession is a useful safety precaution for the users of such applications and protocols. But there is no simple automated way for a relying party application to check whether proof-of-possession was done during enrollment. Therefore, we argue that designers of public key protocols must not assume that CAs require proof-of-possession during enrollment. 1 What is proof-of-possession? In a public key infrastructure (PKI), the process of submitting a certificate request to a certification authority (CA) or a registration authority (RA) is known as enrollment. After enrollment, the CA will issue a certificate to the enrolled public key. During enrollment, the end entity that submits the public key may be required to prove that it knows the corresponding private key and that it controls the use of this private key. This is commonly referred to as the proof of possession (PoP). Every PKI standard asserts that PoP is essential. However, none of them explicitly lays out the threats that are intended to be addressed by PoP. The rationales and implications of PoP have been discussed in standards meetings and mailing lists [6, 7]. Yet, there does not appear to be any easily available or commonly known papers or articles that document these issues. It appears to be yet another case of undocumented folklore within the communities involved. In this paper, we examine the potential rationales for PoP and discuss their merits. Our goal is to clarify the answers to the following questions: • Should the designer of a new PKI require PoP during enrollment? • Does the designer of a new public key based application or protocol benefit from having PoP done during enrollment? Our work was motivated by the on-going work in the 3 generation partnership project (3GPP) for designing support for subscriber certificates [10]. 3GPP security group considered various ways of securing the enrollment messages. One of them was to use the cellular signaling channel which provides mutual authentication and integrityprotection. This channel is severely bandwidth-limited. Thus it was necessary to check that every bit sent through this channel is really essential. This prompted us to start investigating the conditions under which PoP is indeed indispensable. In the rest of the paper, we use the term “PoP” as it is customarily used, without any additional qualification. The precise characterization is “proof-of-possession of private key during enrollment.” Public key protocols often involve other types of proofs of possession: for example, every time a relying party verifies a signature, it is proof that the signer possessed the signing key; “plaintext-aware” encryption schemes [8] include a proof that an entity claiming to have produced a ciphertext actually knew (hence possessed) the plaintext. Such proofs of possession are not the subject of this paper. In Section 2 we begin by defining the ways in which a private key of an asymmetric cryptosystem is used. In Section 3 we describe how the public key enrollment process is secured in PKIs. In Section 4 we describe attacks that are not intended to be prevented by PoP, and in Section 5 we describe potential attacks that can be prevented by PoP. In Section 6 we consider scenarios where mandating PoP is not advisable. In Section 7 we briefly describe the degree 2nd Annual PKI Research Workshop---Pre-Proceedings