SoK: SCT Auditing in Certificate Transparency

03/03/2022
by   Sarah Meiklejohn, et al.
0

The Web public key infrastructure is essential to providing secure communication on the Internet today, and certificate authorities play a crucial role in this ecosystem by issuing certificates. These authorities may misissue certificates or suffer misuse attacks, however, which has given rise to the Certificate Transparency (CT) project. The goal of CT is to store all issued certificates in public logs, which can then be checked for the presence of potentially misissued certificates. Thus, the requirement that a given certificate is indeed in one (or several) of these logs lies at the core of CT. In its current deployment, however, most individual clients do not check that the certificates they see are in logs, as requesting a proof of inclusion directly reveals the certificate and thus creates the clear potential for a violation of that client's privacy. In this paper, we explore the techniques that have been proposed for privacy-preserving auditing of certificate inclusion, focusing on their effectiveness, efficiency, and suitability in a near-term deployment. In doing so, we also explore the parallels with related problems involving browser clients. Guided by a set of constraints that we develop, we ultimately observe several key limitations in many proposals, ranging from their privacy provisions to the fact that they focus on the interaction between a client and a log but leave open the question of how a client could privately report any certificates that are missing.

READ FULL TEXT

page 1

page 2

page 3

page 4

research
09/21/2018

The Rise of Certificate Transparency and Its Implications on the Internet Ecosystem

In this paper, we analyze the evolution of Certificate Transparency (CT)...
research
06/22/2018

Aggregation-Based Gossip for Certificate Transparency

Certificate Transparency (CT) is a project that mandates public logging ...
research
05/13/2019

Private Queries on Public Certificate Transparency Data

Despite increasing advancements in today's information exchange infrastr...
research
11/09/2020

Think Global, Act Local: Gossip and Client Audits in Verifiable Data Structures

In recent years, there has been increasing recognition of the benefits o...
research
06/23/2021

Finding Phish in a Haystack: A Pipeline for Phishing Classification on Certificate Transparency Logs

Current popular phishing prevention techniques mainly utilize reactive b...
research
11/10/2017

Verifiable Light-Weight Monitoring for Certificate Transparency Logs

Trust in publicly verifiable Certificate Transparency (CT) logs is reduc...
research
02/02/2022

Saving Brian's Privacy: the Perils of Privacy Exposure through Reverse DNS

Given the importance of privacy, many Internet protocols are nowadays de...

Please sign up or login with your details

Forgot password? Click here to reset