On the Trustworthiness of Trusted Third Parties

Trusted Third Parties (TTPs) are a standard building block in secure systems and are used in many cryptographic protocols. A TTP is an entity which facilitates interaction between the users in a system. As the name suggests, TTPs are trusted, and can thus be relied on to perform critical parts of a protocol without need for external scrutiny. Due to this property, they can serve the role of making protocols easier to design, maintain and participate in.

Since TTPs are trusted, they often have access to some of the most sensitive information in a system; e.g., in backup systems, or when used for privileged roles such as certificate authorities. If a TTP is not as trustworthy as assumed, the consequences can be severe. This is often the case in practice, where multiple examples of failures among high-profile TTPs exist. For example, data leaks are common news and certificate authorities have been caught issuing incorrect certificates. This illustrates the problem that the trustworthiness of a TTP is often more of a convenient assumption than a system property motivated by properly investigated system mechanisms.

In academic literature, a common suggestion for how to adress the problem of assumed trust in TTPs is to just avoid TTPs entirely and instead rely on distributed systems. For example, blockchains are designed to fully eliminate TTPs such as banks from financial systems. In doing so, however, these systems also lose the benefits of using a TTP such as simpler design and efficient execution. With currently available tools, you are therefore forced to make a difficult choice between having your cake or eating it. If one wants the benefits of efficiency and simple design associated with TTPs, one also has to accept the risks associated with trusting a single party.

In this thesis we intend to have our cake and eat it too. We investigate and propose novel tools and approaches for monitoring and forcing the behavior of TTPs, so that they can act as TTPs without having to be trusted to act correctly. This allows us to obtain the benefits of TTPs without introducing central points of failure.

The problem of establishing trustworthy third parties is investigated from different angles and for different scenarios. The first area of study is privacy revocation systems. In this area we introduce tools for making sure that privacy revocation authorities cannot misuse their powers without public detection, both in the specific case of Vehicular Ad-Hoc Networks and in the general case of Anonymous Credential systems. The second area of study is methods for avoiding exposure of sensitive data to intermediary TTPs in the Internet of Things (IoT). In this area, we investigate the feasibility of existing methods for reducing data exposure to proxies, and propose a novel protocol for central data aggregation without revealing individual user inputs to the central aggregating party. In the third area of study, we look at what type of attacks that can be defended against when using Trusted Execution Environments (TEEs) for storing sensitive information with a TTP. The fourth and final area is key transparency logs, which are systems for detecting illegitimate public keys served by a Public Key Infrastructure (PKI). In this area, we point out that current tools for key transparency have insufficient security, since they can only provide weak consistency. We therefore introduce a novel technique which gives strong consistency.