by University of Surrey
Nada El Kassem from the University of Surrey introduced secure enrollment as a critical process for accurate registration and authentication while protecting identities within the REWIRE Framework. Secure enrollment manages to prevent fraud, ensure data integrity, and enhance trust and access control. The main challenge in the current state of secure enrollment systems concerns primarily centralization. In this context, users are required to rely only on a single trusted authority for authentication. At the same time, privacy concerns also arise, given that users are often required to present all attributes certified during enrollment, which also contributes to a lack of flexibility in disclosing only necessary information.
General requirements include fine-grained decentralized access control based on certified attributes and dynamic enrollment and revocation capabilities. Security requirements also include integrity (through signatures), confidentiality (through encryption), binding attributes to user identity to prevent collusion, and selective disclosure to preserve user privacy. Given these core requirements, Attribute-Based Sign Encryption (ABSE) seems to be potentially a solution that combines attribute keys certified by authorities with encryption and signing. This approach allows senders to encrypt and sign messages under certain attributes, with recipients only able to access them if they possess the corresponding keys.
In the context of secure enrollment, security attributes such as authenticated traces, certified trusted computing base, and verifiable policy enforcement are crucial. These attributes are certified by a Privacy CA and can be used in policies for device enrollment in specific domains. The key entities involved in secure enrollment involved in the process are: (a) a Privacy CA that certifies attributes, (b) a device to be enrolled, identified by a unique key, (c) a domain manager that manages domain enrollment based on required attributes or policies, and potentially (d) the device manufacturer for resource-constrained devices. At a high level, the device authenticates to the Privacy CA (possibly via the manufacturer) to receive attribute keys. To enroll in a domain, the device demonstrates the required attributes to the domain manager through encryption, leading to successful enrollment.
On the issuance of verifiable credentials (certified attributes bound to device identities) for domain enrollment by the Privacy CA, the device requests enrollment from the domain manager, who may ask the Privacy CA for a domain-specific attribute key, signed and encrypted before being sent to the device. If the device meets security policies, it can decrypt and obtain the domain key, which is linked to its identity. This key can then be used in later stages to prove membership in that domain, leading to the issuance of a credential by the domain manager.
In addition, cryptographic algorithms are used for high-end device enrollment, including attribute key issuance and domain enrollment utilizing sign encryption. Verification occurs when the domain key is retrieved upon policy satisfaction and secure device status. For low-end, low-resource devices, several additional challenges are involved, requiring hash-based cryptography for integrity and authentication. Hash functions with collision resistance and pre-image resistance properties can provide a secure method for enrollment. An authentication protocol for Low-End Devices involves the manufacturer producing one-time public keys sent to the domain manager. The domain manager creates a Merkle tree, binding these keys to a public root key. Devices authenticate by using a one-time public key, creating a signature, and sending it with an authentication path from the Merkle tree, allowing the verifier to reach the trusted root.
Secure enrollment is essential for protecting sensitive information and ensuring the system’s integrity for REWIRE. The REWIRE framework is designed for both low-end and high-end devices, enhancing security and user trust using mathematical proofs and formal verification, while supporting the security properties and providing confirmation protocol efficiency.