Introduction to the application of Intrusion Tolerance in CA

If the CA authentication center is the key to PKI, the CA private key is the key. Because the CA authentication center is a trusted third party, it uses the CA private key to sign the request certificate, which indicates that the information in the certificate is trusted. If the CA private key is disclosed or damaged, it will cause great harm. In this way, we propose a task for the CA Certification Center-how to protect the CA private key while providing online services, or how to prevent the CA private key from being leaked or damaged when the attack is inevitable.
Shamir's [t, n] threshold cryptographic algorithm tells us that, for a secret (digital information), it can be split into different mutually (different from the original Secret) through computation) only part of the confidential information is included in each shard. The secret can be completely recovered only after the T Shard is obtained, however, it is meaningless to master the information smaller than the T-shard. This gives us an idea. In the CA authentication center, the CA private key is a 1024-bit or longer number, so can we split it into N copies, then place n quotas on N different servers. All these quotas are connected to the proxy server only through a specific port in a specific communication mode, the proxy server can be connected to the Internet to receive external service requests. In this case, it is difficult to obtain the CA private key if the proxy server is attacked or under human control, in addition, it is difficult to control the T-shard server through the proxy server. The following solution is to give full play to the role of the CA private key under such processing. After all, we still need to provide services to the outside world. Otherwise, it would be better to perform physical isolation.
1. the CA private key is mainly used to sign the request certificate or to sign the CRL. The proxy server can be designed to send the request certificate to the T sub-shard server in a special way, so that each sub-shard server can form a t sub-signature for the request certificate signature and then return it to the proxy server, re-construct the sub-signature on the proxy server to obtain the final and correct signature. In this process, the real CA private key is never displayed.
Ii. sharding update: Shamir's [t, n] threshold cryptographic algorithm can update n shards at will, but the final reconstructed results will not change. In this way, if a shard is modified by intruders, the signature value obtained by the signature will not be correct, and the update mechanism will be triggered. Even if the intruder has a certain Shard, but does not modify it, and wants to continue to control the other Shard, then we can update the shard within a cycle (it can be estimated that the time required by the intruder to control a server, using this time as a cycle) makes the score obtained by intruders meaningless.
3. If you set more proxy servers, even if a proxy server is attacked, but it cannot destroy the private key or get the private key, other proxy servers can still work normally, in this way, the goal of tolerating intrusion by others is achieved.
In fact, the idea of tolerating intrusions can be applied in many places. In many cases, I think it is suitable for the minority of Chinese to obey the principle of majority, in a company, a password is divided into six copies for each of the six leaders to know, so only three, or four, or more leaders can agree to obtain the score for restructuring. This new Intrusion Tolerance Technology, of course, is also based on firewalls and intrusion detection. It is very useful to protect sensitive data when the firewall cannot block and the intrusion detection does not detect attacks.
I have just started to study this field. I hope that I can communicate with my friends and learn from each other. In this case, algorithms are very important, in addition, it is important to plan the layout and communication modes of several internal servers, and to implement the same service after splitting and without splitting.