Jump to ContentJump to Main Navigation
Show Summary Details
More options …

Proceedings on Privacy Enhancing Technologies

4 Issues per year

Open Access
Online
ISSN
2299-0984
See all formats and pricing
More options …

Certificate Transparency with Privacy

Saba Eskandarian / Eran Messeri / Joseph Bonneau / Dan Boneh
Published Online: 2017-10-10 | DOI: https://doi.org/10.1515/popets-2017-0052

Abstract

Certificate transparency (CT) is an elegant mechanism designed to detect when a certificate authority (CA) has issued a certificate incorrectly. Many CAs now support CT and it is being actively deployed in browsers. However, a number of privacy-related challenges remain. In this paper we propose practical solutions to two issues. First, we develop a mechanism that enables web browsers to audit a CT log without violating user privacy. Second, we extend CT to support non-public subdomains.

Keywords: Certificates; Certificate Transparency; Privacy; Private domains

References

  • [1] Certificate transparency policy (google groups). groups.google.com/a/chromium.org/forum/#!forum/ct-policy.

  • [2] Heather Adkins. An update on attempted man-in-the-middle attacks, 2011. security.googleblog.com/2011/08/update-on-attempted-man-in-middle.html.

  • [3] David Basin, Cas Cremers, Tiffany Hyun-Jin Kim, Adrian Perrig, Ralf Sasse, and Pawel Szalachowski. Arpki: Attack resilient public-key infrastructure. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pages 382–393. ACM, 2014.Google Scholar

  • [4] David A. Basin, Cas J. F. Cremers, Tiffany Hyun-Jin Kim, Adrian Perrig, Ralf Sasse, and Pawel Szalachowski. ARPKI: attack resilient public-key infrastructure. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, Scottsdale, AZ, USA, November 3-7, 2014, pages 382–393, 2014.Google Scholar

  • [5] Dan Boneh, Xavier Boyen, and Hovav Shacham. Short group signatures. In Advances in Cryptology - CRYPTO 2004, 24th Annual International CryptologyConference, Santa Barbara, California, USA, August 15-19, 2004, Proceedings, pages 41–55, 2004.Google Scholar

  • [6] Fabrice Boudot. Efficient proofs that a committed number lies in an interval. In Advances in Cryptology - EUROCRYPT 2000, International Conference on the Theory and Application of Cryptographic Techniques, Bruges, Belgium, May 14-18, 2000, Proceeding, pages 431–444, 2000.Google Scholar

  • [7] Stefan Brands. Rapid demonstration of linear relations connected by boolean operators. In Advances in Cryptology - EUROCRYPT ’97, International Conference on the Theory and Application of Cryptographic Techniques, Konstanz, Germany, May 11-15, 1997, Proceeding, pages 318–333, 1997.Google Scholar

  • [8] Jan Camenisch, Rafik Chaabouni, and Abhi Shelat. Efficient protocols for set membership and range proofs. In Advances in Cryptology - ASIACRYPT 2008, 14th International Conference on the Theory and Application of Cryptology and Information Security, Melbourne, Australia, December 7-11, 2008. Proceedings, pages 234–252, 2008.Google Scholar

  • [9] Jan Camenisch and Anna Lysyanskaya. A signature scheme with efficient protocols. In Security in Communication Networks, Third International Conference, SCN 2002, Amalfi, Italy, September 11-13, 2002. Revised Papers, pages 268–289, 2002.Google Scholar

  • [10] Jan Camenisch and Anna Lysyanskaya. Signature schemes and anonymous credentials from bilinear maps. In Advances in Cryptology - CRYPTO 2004, 24th Annual International CryptologyConference, Santa Barbara, California, USA, August 15-19, 2004, Proceedings, pages 56–72, 2004.Google Scholar

  • [11] Jan Camenisch and Markus Michels. Proving in zero-knowledge that a number is the product of two safe primes. In Advances in Cryptology - EUROCRYPT ’99, International Conference on the Theory and Application of Cryptographic Techniques, Prague, Czech Republic, May 2-6, 1999, Proceeding, pages 107–122, 1999.Google Scholar

  • [12] Melissa Chase and Sarah Meiklejohn. Transparency overlays and applications. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, Vienna, Austria, October 24-28, 2016, pages 168–179, 2016.Google Scholar

  • [13] David Chaum, Jan-Hendrik Evertse, and Jeroen van de Graaf. An improved protocol for demonstrating possession of discrete logarithms and some generalizations. In Advances in Cryptology - EUROCRYPT ’87, Workshop on the Theory and Application of of Cryptographic Techniques, Amsterdam, The Netherlands, April 13-15, 1987, Proceedings, pages 127–141, 1987.Google Scholar

  • [14] David Chaum and Torben P. Pedersen. Wallet databases with observers. In Advances in Cryptology - CRYPTO ’92, 12th Annual International Cryptology Conference, Santa Barbara, California, USA, August 16-20, 1992, Proceedings, pages 89–105, 1992.Google Scholar

  • [15] Laurent Chuat, Pawel Szalachowski, Adrian Perrig, Ben Laurie, and Eran Messeri. Efficient gossip protocols for verifying the consistency of certificate logs. In 2015 IEEE Conference on Communications and Network Security, CNS 2015, Florence, Italy, September 28-30, 2015, pages 415–423, 2015.Google Scholar

  • [16] Jeremy Clark and Paul C. van Oorschot. Sok: SSL and HTTPS: revisiting past challenges and evaluating certificate trust model enhancements. In 2013 IEEE Symposium on Security and Privacy, SP 2013, Berkeley, CA, USA, May 19-22, 2013, pages 511–525, 2013.Google Scholar

  • [17] Gaby G. Dagher, Benedikt Bünz, Joseph Bonneau, Jeremy Clark, and Dan Boneh. Provisions: Privacy-preserving proofs of solvency for bitcoin exchanges. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, Denver, CO, USA, October 12-6, 2015, pages 720–731, 2015.Google Scholar

  • [18] Ivan Damgård and Eiichiro Fujisaki. An integer commitment scheme based on groups with hidden order. IACR Cryptology ePrint Archive, 2001:64, 2001.Google Scholar

  • [19] Benjamin Dowling, Felix Günther, Udyani Herath, and Douglas Stebila. Secure logging schemes and certificate transparency. In Computer Security - ESORICS 2016 - 21st European Symposium on Research in Computer Security, Heraklion, Greece, September 26-30, 2016, Proceedings, Part II, pages 140–158, 2016.Google Scholar

  • [20] Peter Eckersley. Sovereign keys: A proposal to make https and email more secure. Electronic Frontier Foundation, 18, 2011.Google Scholar

  • [21] Mohammad Etemad and Alptekin Küpçü. Efficient Key Authentication Service for Secure End-to-End Communications, pages 183–197. Springer International Publishing, Cham, 2015.Google Scholar

  • [22] C. Evans, C. Palmer, and R. Sleevi. Public key pinning extension for http. RFC 7469, April 2015.Google Scholar

  • [23] Sascha Fahl, Sergej Dechand, Henning Perl, Felix Fischer, Jaromir Smrcek, and Matthew Smith. Hey, NSA: stay away from my market! future proofing app markets against powerful attackers. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, Scottsdale, AZ, USA, November 3-7, 2014, pages 1143–1155, 2014.Google Scholar

  • [24] Electronic Frontier Foundation. Sovereign keys. www.eff.org/sovereign-keys.

  • [25] Sharon Goldberg, Moni Naor, Dimitrios Papadopoulos, and Leonid Reyzin. NSEC5 from elliptic curves: Provably preventing DNSSEC zone enumeration with shorter responses. IACR Cryptology ePrint Archive, 2016:83, 2016.Google Scholar

  • [26] P. Hoffman and J. Schlyter. The dns-based authentication of named entities (dane) transport layer security (tls) protocol: Tlsa. RFC 6698, August 2012.Google Scholar

  • [27] James Kasten, Eric Wustrow, and J Alex Halderman. Cage: Taming certificate authorities by inferring restricted scopes. In International Conference on Financial Cryptography and Data Security, pages 329–337. Springer, 2013.CrossrefGoogle Scholar

  • [28] Tiffany Hyun-Jin Kim, Lin-Shung Huang, Adrian Perrig, Collin Jackson, and Virgil D. Gligor. Accountable key infrastructure (AKI): a proposal for a public-key validation infrastructure. In 22nd International World Wide Web Conference, WWW ’13, Rio de Janeiro, Brazil, May 13-17, 2013, pages 679–690, 2013.Google Scholar

  • [29] Tiffany Hyun-Jin Kim, Lin-Shung Huang, Adrian Perring, Collin Jackson, and Virgil Gligor. Accountable key infrastructure (aki): a proposal for a public-key validation infrastructure. In Proceedings of the 22nd international conference on World Wide Web, pages 679–690. ACM, 2013.Google Scholar

  • [30] B. Laurie and E. Kasper. Revocation transparency. www.links.org/files/RevocationTransparency.pdf.

  • [31] B. Laurie, A. Langley, and E. Kasper. Certificate transparency. RFC 6962, June 2013.Google Scholar

  • [32] B. Laurie, A. Langley, E. Kasper, E. Messeri, and R. Stradling. Certificate transparency version 2.0. RFC-bis 6962-bis, 2017.Google Scholar

  • [33] Ben Laurie. Improving ssl certificate security, 2011. security.googleblog.com/2011/04/improving-ssl-certificate-security.html.

  • [34] Moxie Marlinspike and Trevor Perrin. Trust assertions for certificate keys. tack.io/draft.html, 2013.

  • [35] Sarah Meiklejohn, C. Christopher Erway, Alptekin Küpçü, Theodora Hinkle, and Anna Lysyanskaya. ZKPDL: A language-based system for efficient zero-knowledge proofs and electronic cash. In 19th USENIX Security Symposium, Washington, DC, USA, August 11-13, 2010, Proceedings, pages 193–206, 2010.Google Scholar

  • [36] Marcela S. Melara, Aaron Blankstein, Joseph Bonneau, Edward W. Felten, and Michael J. Freedman. CONIKS: bringing key transparency to end users. In 24th USENIX Security Symposium, USENIX Security 15, Washington, D.C., USA, August 12-14, 2015., pages 383–398, 2015.Google Scholar

  • [37] Andrew Miller, Michael Hicks, Jonathan Katz, and Elaine Shi. Authenticated data structures, generically. In ACM SIGPLAN Notices, volume 49, pages 411–423. ACM, 2014.Google Scholar

  • [38] Namecoin. namecoin.org.Google Scholar

  • [39] Torben P. Pedersen. Non-interactive and information-theoretic secure verifiable secret sharing. In Advances in Cryptology - CRYPTO ’91, 11th Annual International Cryptology Conference, Santa Barbara, California, USA, August 11-15, 1991, Proceedings, pages 129–140, 1991.Google Scholar

  • [40] Roel Peeters and Tobias Pulls. Insynd: Improved privacy-preserving transparency logging. In Computer Security - ESORICS 2016 - 21st European Symposium on Research in Computer Security, Heraklion, Greece, September 26-30, 2016, Proceedings, Part II, pages 121–139, 2016.Google Scholar

  • [41] Tobias Pulls and Roel Peeters. Balloon: A forward-secure append-only persistent authenticated data structure. In Computer Security - ESORICS 2015 - 20th European Symposium on Research in Computer Security, Vienna, Austria, September 21-25, 2015, Proceedings, Part II, pages 622–641, 2015.Google Scholar

  • [42] Ronald L. Rivest. Can we eliminate certificate revocations lists? In Financial Cryptography, Second International Conference, FC’98, Anguilla, British West Indies, February 23-25, 1998, Proceedings, pages 178–183, 1998.Google Scholar

  • [43] Mark Dermot Ryan. Enhanced certificate transparency and end-to-end encrypted mail. In 21st Annual Network and Distributed System Security Symposium, NDSS 2014, San Diego, California, USA, February 23-26, 2014, 2014.Google Scholar

  • [44] Claus-Peter Schnorr. Efficient signature generation by smart cards. J. Cryptology, 4(3):161–174, 1991.Google Scholar

  • [45] Abhishek Singh, Binanda Sengupta, and Sushmita Ruj. Certificate transparency with enhancements and short proofs. 2017.Google Scholar

  • [46] R. Stradling and E. Messeri. Certificate transparency: Domain label redaction. Internet-draft, 2017.Google Scholar

  • [47] Emin Topalovic, Brennan Saeta, Lin shung Huang, Collin Jackson, and Dan Boneh. Towards short-lived certificates. In W2SP, 2012.Google Scholar

  • [48] Jelle van den Hooff, M. Frans Kaashoek, and Nickolai Zeldovich. Versum: Verifiable computations over large public logs. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, Scottsdale, AZ, USA, November 3-7, 2014, pages 1304–1316, 2014.Google Scholar

  • [49] Dan Wendlandt, David G. Andersen, and Adrian Perrig. Perspectives: improving ssh-style host authentication with multi-path probing. In 2008 USENIX Annual Technical Conference, Boston, pages 321–334, 2008.Google Scholar

  • [50] Andrew Whalley. Distrusting wosign and startcom certificates, 2016. security.googleblog.com/2016/10/distrusting-wosign-and-startcom.html.

  • [51] J. Yu, M. Ryan, and C. Kremers. Decim: Detecting endpoint compromise in messaging. IACR Cryptology ePrint Archive, 2015, 2015.Google Scholar

About the article

Received: 2017-02-28

Revised: 2017-06-01

Accepted: 2017-06-02

Published Online: 2017-10-10

Published in Print: 2017-10-01


Citation Information: Proceedings on Privacy Enhancing Technologies, Volume 2017, Issue 4, Pages 329–344, ISSN (Online) 2299-0984, DOI: https://doi.org/10.1515/popets-2017-0052.

Export Citation

© 2017 Saba Eskandarian et al., published by De Gruyter Open. This work is licensed under the Creative Commons Attribution-NonCommercial-NoDerivatives 3.0 License. BY-NC-ND 3.0

Comments (0)

Please log in or register to comment.
Log in