A Closer Look at plain PKI Authentication — Myths and Facts
Yes, when it comes to public key infrastructure based authentication stories, people get hyped about possessing private key and distributing the public key. In this note, for brevity sake, we do not delve into certificate validity and trust issues.
Scenerio A: At periphery, it seems the right way to explain that “no one else” possess the private key that you have, and hence when you sign a “challenge” to prove your identity (proof of the possession of the private key), while the verifying party with your public key, that they have been distributed with, can verify the signature and determine the signature is coming from you and thus you can be transferred to an authenticated state.
Two issues with this explanation without the “context” verification by the verifying party.
Say, an eaves dropper intercepts your signed challenge and spoofs the signed challenge. Perfectly, verifiable that by the verifying party that it had been signed by the corresponding private key, but the verifying party is misled on identity that the eavesdropper (aka man-in-middle) is the possessor of the private key and thus authenticated.
Next is the case of private keys stolen or cracked! In this case, not much can be done but cleanup public keys and reinstate new pair of asymmetric keys.
Scenario B: The public keys at the verifier are replaced by the attackers public keys as depicted below.
What could happen in this case? Yup, denial of service for legitimate users and their signatures with their original private keys, eventhough intact and preserved, would go unverifiable. Yes the attackers can go wild until the replacement is detected. In this case, it really doesn't make sense to claim “oh, the private keys/secrets are not exposed!”
Now that we have looked “plain” PKI-based authentication and the pitfalls, the question is: what is missing? Yes, the context-awareness that is needed sorely. Sometimes it could be as weak as url cross-check.
Oddly, there is always a justification from “risk” perspective until that underlying assumption upon which the risk is assessed, is no more valid!
The context can be tied back to the ownership — what can be described as bearer-sensitive (whoever possess the secrets and verifying whoever is challenging).
