We develop foundations and several constructions forsecurity protocols that can automatically detect, without falsepositives, if a secret (such as a key or password) has been misused.Such constructions can be used, e.g., to automatically shut downcompromised services, or to automatically revoke misused secrets tominimize the effects of compromise. Our threat model includes malicious agents, (temporarily or permanently)compromised agents, and clones. Previous works have studied domain-specific partial solutions to thisproblem. For example, Google's Certificate Transparency aims to provideinfrastructure to detect the misuse of a certificate authority's signingkey, logs have been used for detecting endpoint compromise, andprotocols have been proposed to detect cloned RFID/smart cards.Contrary to these existing approaches, for which the designs areinterwoven with domain-specific considerations and which usually do notenable fully automatic response (i.e., they need human assessment), ourapproach shows where automatic action is possible. Our resultsunify, provide design rationales, and suggest improvements for theexisting domain-specific solutions. Based on our analysis, we construct several mechanisms for the detectionof misuse. Our mechanisms enable automatic response, such as revokingkeys or shutting down services, thereby substantially limiting theimpact of a compromise.In several case studies, we show how our mechanisms can be used tosubstantially increase the security guarantees of a wide range ofsystems, such as web logins, payment systems, or electronic door locks.For example, we propose and formally verify an improved version ofCloudflare's Keyless SSL protocol that enables key misuse detection.
展开▼