Certificate Transparency with Privacy

Open access

Abstract

Certificate transparency (CT) is an elegant mechanism designed to detect when a certificate authority (CA) has issued a certificate incorrectly. Many CAs now support CT and it is being actively deployed in browsers. However, a number of privacy-related challenges remain. In this paper we propose practical solutions to two issues. First, we develop a mechanism that enables web browsers to audit a CT log without violating user privacy. Second, we extend CT to support non-public subdomains.

[1] Certificate transparency policy (google groups). groups.google.com/a/chromium.org/forum/#!forum/ct-policy.

[2] Heather Adkins. An update on attempted man-in-the-middle attacks, 2011. security.googleblog.com/2011/08/update-on-attempted-man-in-middle.html.

[3] David Basin, Cas Cremers, Tiffany Hyun-Jin Kim, Adrian Perrig, Ralf Sasse, and Pawel Szalachowski. Arpki: Attack resilient public-key infrastructure. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pages 382–393. ACM, 2014.

[4] David A. Basin, Cas J. F. Cremers, Tiffany Hyun-Jin Kim, Adrian Perrig, Ralf Sasse, and Pawel Szalachowski. ARPKI: attack resilient public-key infrastructure. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, Scottsdale, AZ, USA, November 3-7, 2014, pages 382–393, 2014.

[5] Dan Boneh, Xavier Boyen, and Hovav Shacham. Short group signatures. In Advances in Cryptology - CRYPTO 2004, 24th Annual International CryptologyConference, Santa Barbara, California, USA, August 15-19, 2004, Proceedings, pages 41–55, 2004.

[6] Fabrice Boudot. Efficient proofs that a committed number lies in an interval. In Advances in Cryptology - EUROCRYPT 2000, International Conference on the Theory and Application of Cryptographic Techniques, Bruges, Belgium, May 14-18, 2000, Proceeding, pages 431–444, 2000.

[7] Stefan Brands. Rapid demonstration of linear relations connected by boolean operators. In Advances in Cryptology - EUROCRYPT ’97, International Conference on the Theory and Application of Cryptographic Techniques, Konstanz, Germany, May 11-15, 1997, Proceeding, pages 318–333, 1997.

[8] Jan Camenisch, Rafik Chaabouni, and Abhi Shelat. Efficient protocols for set membership and range proofs. In Advances in Cryptology - ASIACRYPT 2008, 14th International Conference on the Theory and Application of Cryptology and Information Security, Melbourne, Australia, December 7-11, 2008. Proceedings, pages 234–252, 2008.

[9] Jan Camenisch and Anna Lysyanskaya. A signature scheme with efficient protocols. In Security in Communication Networks, Third International Conference, SCN 2002, Amalfi, Italy, September 11-13, 2002. Revised Papers, pages 268–289, 2002.

[10] Jan Camenisch and Anna Lysyanskaya. Signature schemes and anonymous credentials from bilinear maps. In Advances in Cryptology - CRYPTO 2004, 24th Annual International CryptologyConference, Santa Barbara, California, USA, August 15-19, 2004, Proceedings, pages 56–72, 2004.

[11] Jan Camenisch and Markus Michels. Proving in zero-knowledge that a number is the product of two safe primes. In Advances in Cryptology - EUROCRYPT ’99, International Conference on the Theory and Application of Cryptographic Techniques, Prague, Czech Republic, May 2-6, 1999, Proceeding, pages 107–122, 1999.

[12] Melissa Chase and Sarah Meiklejohn. Transparency overlays and applications. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, Vienna, Austria, October 24-28, 2016, pages 168–179, 2016.

[13] David Chaum, Jan-Hendrik Evertse, and Jeroen van de Graaf. An improved protocol for demonstrating possession of discrete logarithms and some generalizations. In Advances in Cryptology - EUROCRYPT ’87, Workshop on the Theory and Application of of Cryptographic Techniques, Amsterdam, The Netherlands, April 13-15, 1987, Proceedings, pages 127–141, 1987.

[14] David Chaum and Torben P. Pedersen. Wallet databases with observers. In Advances in Cryptology - CRYPTO ’92, 12th Annual International Cryptology Conference, Santa Barbara, California, USA, August 16-20, 1992, Proceedings, pages 89–105, 1992.

[15] Laurent Chuat, Pawel Szalachowski, Adrian Perrig, Ben Laurie, and Eran Messeri. Efficient gossip protocols for verifying the consistency of certificate logs. In 2015 IEEE Conference on Communications and Network Security, CNS 2015, Florence, Italy, September 28-30, 2015, pages 415–423, 2015.

[16] Jeremy Clark and Paul C. van Oorschot. Sok: SSL and HTTPS: revisiting past challenges and evaluating certificate trust model enhancements. In 2013 IEEE Symposium on Security and Privacy, SP 2013, Berkeley, CA, USA, May 19-22, 2013, pages 511–525, 2013.

[17] Gaby G. Dagher, Benedikt Bünz, Joseph Bonneau, Jeremy Clark, and Dan Boneh. Provisions: Privacy-preserving proofs of solvency for bitcoin exchanges. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, Denver, CO, USA, October 12-6, 2015, pages 720–731, 2015.

[18] Ivan Damgård and Eiichiro Fujisaki. An integer commitment scheme based on groups with hidden order. IACR Cryptology ePrint Archive, 2001:64, 2001.

[19] Benjamin Dowling, Felix Günther, Udyani Herath, and Douglas Stebila. Secure logging schemes and certificate transparency. In Computer Security - ESORICS 2016 - 21st European Symposium on Research in Computer Security, Heraklion, Greece, September 26-30, 2016, Proceedings, Part II, pages 140–158, 2016.

[20] Peter Eckersley. Sovereign keys: A proposal to make https and email more secure. Electronic Frontier Foundation, 18, 2011.

[21] Mohammad Etemad and Alptekin Küpçü. Efficient Key Authentication Service for Secure End-to-End Communications, pages 183–197. Springer International Publishing, Cham, 2015.

[22] C. Evans, C. Palmer, and R. Sleevi. Public key pinning extension for http. RFC 7469, April 2015.

[23] Sascha Fahl, Sergej Dechand, Henning Perl, Felix Fischer, Jaromir Smrcek, and Matthew Smith. Hey, NSA: stay away from my market! future proofing app markets against powerful attackers. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, Scottsdale, AZ, USA, November 3-7, 2014, pages 1143–1155, 2014.

[24] Electronic Frontier Foundation. Sovereign keys. www.eff.org/sovereign-keys.

[25] Sharon Goldberg, Moni Naor, Dimitrios Papadopoulos, and Leonid Reyzin. NSEC5 from elliptic curves: Provably preventing DNSSEC zone enumeration with shorter responses. IACR Cryptology ePrint Archive, 2016:83, 2016.

[26] P. Hoffman and J. Schlyter. The dns-based authentication of named entities (dane) transport layer security (tls) protocol: Tlsa. RFC 6698, August 2012.

[27] James Kasten, Eric Wustrow, and J Alex Halderman. Cage: Taming certificate authorities by inferring restricted scopes. In International Conference on Financial Cryptography and Data Security, pages 329–337. Springer, 2013.

[28] Tiffany Hyun-Jin Kim, Lin-Shung Huang, Adrian Perrig, Collin Jackson, and Virgil D. Gligor. Accountable key infrastructure (AKI): a proposal for a public-key validation infrastructure. In 22nd International World Wide Web Conference, WWW ’13, Rio de Janeiro, Brazil, May 13-17, 2013, pages 679–690, 2013.

[29] Tiffany Hyun-Jin Kim, Lin-Shung Huang, Adrian Perring, Collin Jackson, and Virgil Gligor. Accountable key infrastructure (aki): a proposal for a public-key validation infrastructure. In Proceedings of the 22nd international conference on World Wide Web, pages 679–690. ACM, 2013.

[30] B. Laurie and E. Kasper. Revocation transparency. www.links.org/files/RevocationTransparency.pdf.

[31] B. Laurie, A. Langley, and E. Kasper. Certificate transparency. RFC 6962, June 2013.

[32] B. Laurie, A. Langley, E. Kasper, E. Messeri, and R. Stradling. Certificate transparency version 2.0. RFC-bis 6962-bis, 2017.

[33] Ben Laurie. Improving ssl certificate security, 2011. security.googleblog.com/2011/04/improving-ssl-certificate-security.html.

[34] Moxie Marlinspike and Trevor Perrin. Trust assertions for certificate keys. tack.io/draft.html, 2013.

[35] Sarah Meiklejohn, C. Christopher Erway, Alptekin Küpçü, Theodora Hinkle, and Anna Lysyanskaya. ZKPDL: A language-based system for efficient zero-knowledge proofs and electronic cash. In 19th USENIX Security Symposium, Washington, DC, USA, August 11-13, 2010, Proceedings, pages 193–206, 2010.

[36] Marcela S. Melara, Aaron Blankstein, Joseph Bonneau, Edward W. Felten, and Michael J. Freedman. CONIKS: bringing key transparency to end users. In 24th USENIX Security Symposium, USENIX Security 15, Washington, D.C., USA, August 12-14, 2015., pages 383–398, 2015.

[37] Andrew Miller, Michael Hicks, Jonathan Katz, and Elaine Shi. Authenticated data structures, generically. In ACM SIGPLAN Notices, volume 49, pages 411–423. ACM, 2014.

[38] Namecoin. namecoin.org.

[39] Torben P. Pedersen. Non-interactive and information-theoretic secure verifiable secret sharing. In Advances in Cryptology - CRYPTO ’91, 11th Annual International Cryptology Conference, Santa Barbara, California, USA, August 11-15, 1991, Proceedings, pages 129–140, 1991.

[40] Roel Peeters and Tobias Pulls. Insynd: Improved privacy-preserving transparency logging. In Computer Security - ESORICS 2016 - 21st European Symposium on Research in Computer Security, Heraklion, Greece, September 26-30, 2016, Proceedings, Part II, pages 121–139, 2016.

[41] Tobias Pulls and Roel Peeters. Balloon: A forward-secure append-only persistent authenticated data structure. In Computer Security - ESORICS 2015 - 20th European Symposium on Research in Computer Security, Vienna, Austria, September 21-25, 2015, Proceedings, Part II, pages 622–641, 2015.

[42] Ronald L. Rivest. Can we eliminate certificate revocations lists? In Financial Cryptography, Second International Conference, FC’98, Anguilla, British West Indies, February 23-25, 1998, Proceedings, pages 178–183, 1998.

[43] Mark Dermot Ryan. Enhanced certificate transparency and end-to-end encrypted mail. In 21st Annual Network and Distributed System Security Symposium, NDSS 2014, San Diego, California, USA, February 23-26, 2014, 2014.

[44] Claus-Peter Schnorr. Efficient signature generation by smart cards. J. Cryptology, 4(3):161–174, 1991.

[45] Abhishek Singh, Binanda Sengupta, and Sushmita Ruj. Certificate transparency with enhancements and short proofs. 2017.

[46] R. Stradling and E. Messeri. Certificate transparency: Domain label redaction. Internet-draft, 2017.

[47] Emin Topalovic, Brennan Saeta, Lin shung Huang, Collin Jackson, and Dan Boneh. Towards short-lived certificates. In W2SP, 2012.

[48] Jelle van den Hooff, M. Frans Kaashoek, and Nickolai Zeldovich. Versum: Verifiable computations over large public logs. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, Scottsdale, AZ, USA, November 3-7, 2014, pages 1304–1316, 2014.

[49] Dan Wendlandt, David G. Andersen, and Adrian Perrig. Perspectives: improving ssh-style host authentication with multi-path probing. In 2008 USENIX Annual Technical Conference, Boston, pages 321–334, 2008.

[50] Andrew Whalley. Distrusting wosign and startcom certificates, 2016. security.googleblog.com/2016/10/distrusting-wosign-and-startcom.html.

[51] J. Yu, M. Ryan, and C. Kremers. Decim: Detecting endpoint compromise in messaging. IACR Cryptology ePrint Archive, 2015, 2015.

Journal Information

Metrics

All Time Past Year Past 30 Days
Abstract Views 0 0 0
Full Text Views 406 406 113
PDF Downloads 163 163 33