Secure Logging Schemes and Certificate Transparency
详细信息    查看全文
  • 刊名:Lecture Notes in Computer Science
  • 出版年:2016
  • 出版时间:2016
  • 年:2016
  • 卷:9879
  • 期:1
  • 页码:140-158
  • 全文大小:531 KB
  • 参考文献:1.Basin, D.A., Cremers, C.J.F., Kim, T.H.J., Perrig, A., Sasse, R., Szalachowski, P.: ARPKI: attack resilient public-key infrastructure. In: Ahn, G.J., Yung, M., Li, N. (eds.) ACM CCS 2014, pp. 382–393. ACM Press, November 2014
    2.Bellare, M., Goldreich, O., Goldwasser, S.: Incremental cryptography: the case of hashing and signing. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 216–233. Springer, Heidelberg (1994)
    3.Bellare, M., Micciancio, D.: A new paradigm for collision-free hashing: incrementality at reduced cost. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 163–192. Springer, Heidelberg (1997)CrossRef
    4.Braun, J., Kiefer, F., Hülsing, A.: Revocation and non-repudiation: when the first destroys the latter. In: Katsikas, S., Agudo, I. (eds.) EuroPKI 2013. LNCS, vol. 8341, pp. 31–46. Springer, Heidelberg (2014)CrossRef
    5.Comodo Group: Comodo fraud incident, 31 Mar 2011. https://​www.​comodo.​com/​Comodo-Fraud-Incident-2011-03-23.​html
    6.Crosby, S.A.: Efficient Tamper-Evident Data Structures for Untrusted Servers. Ph.D. thesis, Rice University, Houston, Texas, USA (2009)
    7.Crosby, S.A., Wallach, D.S.: Efficient data structures for tamper-evident logging. In: 18th USENIX Security Symposium 2009, pp. 317–334. USENIX Association (2009). http://​www.​usenix.​org/​events/​sec09/​tech/​full_​papers/​crosby.​pdf
    8.Dowling, B., Günther, F., Herath, U., Stebila, D.: Secure logging schemes and Certificate Transparency (full version). Cryptology ePrint Archive, Report 2016/452 (2016). http://​eprint.​iacr.​org/​2016/​452
    9.Electronic Frontier Foundation: Sovereign Keys. https://​www.​eff.​org/​sovereign-keys
    10.Evans, C., Palmer, C., Sleevi, R.: Public Key Pinning Extension for HTTP. RFC 7469 (Proposed Standard), April 2015. http://​www.​ietf.​org/​rfc/​rfc7469.​txt
    11.Fox, I.T.: Black Tulip: Report of the investigation into the DigiNotar certificate authority breach, August 2012. http://​www.​rijksoverheid.​nl/​bestanden/​documenten-en-publicaties/​rapporten/​2012/​08/​13/​black-tulip-update/​black-tulip-update.​pdf
    12.Goldwasser, S., Micali, S., Rivest, R.L.: A digital signature scheme secure against adaptive chosen-message attacks. SIAM J. Comput. 17(2), 281–308 (1988)MathSciNet CrossRef MATH
    13.Hoffman, P., Schlyter, J.: The DNS-Based Authentication of Named Entities (DANE) Transport Layer Security (TLS) Protocol: TLSA. RFC 6698 (Proposed Standard), August 2012. http://​www.​ietf.​org/​rfc/​rfc6698.​txt
    14.Huang, D.: Early impacts of Certificate Transparency, April 2016. https://​www.​facebook.​com/​notes/​protect-the-graph/​early-impacts-of-certificate-transparency/​1709731569266987​/​
    15.Kent, S.: Attack model and threat for Certificate Transparency, October 2015. https://​tools.​ietf.​org/​html/​draft-ietf-trans-threat-analysis-03
    16.Kim, T.H., Huang, L., Perrig, A., Jackson, C., Gligor, V.D.: Accountable key infrastructure (AKI): a proposal for a public-key validation infrastructure. In: 22nd International World Wide Web Conference (WWW) 2013, pp. 679–690. ACM (2013)
    17.Laurie, B., Langley, A., Kasper, E.: Certificate Transparency. RFC 6962 (Experimental), June 2013. http://​www.​ietf.​org/​rfc/​rfc6962.​txt
    18.Laurie, B.: Certificate transparency. ACM Queue Secur. 12(8), 10 (2014)CrossRef
    19.Laurie, B., Kasper, E.: Revocation Transparency (2012). http://​www.​links.​org/​files/​RevocationTransp​arency.​pdf
    20.Li, F., Hadjieleftheriou, M., Kollios, G., Reyzin, L.: Dynamic authenticated index structures for outsourced databases. In: ACM SIGMOD International Conference on Management of Data 2006, pp. 121–132. ACM (2006)
    21.Marchesini, J.C., Smith, S.: Modeling public key infrastructures in the real world. In: Chadwick, D., Zhao, G. (eds.) EuroPKI 2005. LNCS, vol. 3545, pp. 118–134. Springer, Heidelberg (2005)CrossRef
    22.Maurer, U.M.: Modelling a public-key infrastructure. In: Bertino, E., Kurth, H., Martella, G., Montolivo, E. (eds.) Computer Security – ESORICS ’96. LNCS, vol. 1146, pp. 325–350. Springer, Heidelberg (1996)CrossRef
    23.Melara, M.S., Blankstein, A., Bonneau, J., Felten, E.W., Freedman, M.J.: CONIKS: bringing key transparency to end users. In: USENIX Security 2015, pp. 383–398. USENIX Association (2015)
    24.Merkle, R.C.: Secrecy, authentication, and public key systems. Technical report 1979–1, Information Systems Laboratory, Stanford University, June 1979
    25.Merkle, R.C.: A certified digital signature. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 218–238. Springer, Heidelberg (1990)
    26.Nissim, K., Naor, M.: Certificate revocation and certificate update. In: USENIX Security 1998. USENIX Association (1998)
    27.Nordberg, L., Gillmor, D., Ritter, T.: Gossiping in CT, August 2015. https://​tools.​ietf.​org/​html/​draft-ietf-trans-gossip-00
    28.Ogawa, M., Horita, E., Ono, S.: Proving properties of incremental merkle trees. In: Nieuwenhuis, R. (ed.) CADE 2005. LNCS (LNAI), vol. 3632, pp. 424–440. Springer, Heidelberg (2005)CrossRef
    29.Ryan, M.D.: Enhanced certificate transparency and end-to-end encrypted mail. In: NDSS 2014, The Internet Society, February 2014
    30.Somogyi, S., Eijdenberg, A.: Improved digital certificate security, September 2015. http://​googleonlinesecu​rity.​blogspot.​de/​2015/​09/​improved-digital-certificate-security.​html
    31.Villemson, J.: Size-efficient interval time stamps. Ph.D. thesis, Tartu (2002)
  • 作者单位:Benjamin Dowling (17)
    Felix Günther (18)
    Udyani Herath (17)
    Douglas Stebila (19)

    17. Queensland University of Technology, Brisbane, Australia
    18. Technische Universität Darmstadt, Darmstadt, Germany
    19. McMaster University, Hamilton, ON, Canada
  • 丛书名:Computer Security ¨C ESORICS 2016
  • ISBN:978-3-319-45741-3
  • 刊物类别:Computer Science
  • 刊物主题:Artificial Intelligence and Robotics
    Computer Communication Networks
    Software Engineering
    Data Encryption
    Database Management
    Computation by Abstract Devices
    Algorithm Analysis and Problem Complexity
  • 出版者:Springer Berlin / Heidelberg
  • ISSN:1611-3349
  • 卷排序:9879
文摘
Since hundreds of certificate authorities (CAs) can issue browser-trusted certificates, it can be difficult for domain owners to detect certificates that have been fraudulently issued for their domain. Certificate Transparency (CT) is a recent standard by the Internet Engineering Task Force (IETF) that aims to construct public logs of all certificates issued by CAs, making it easier for domain owners to monitor for fraudulently issued certificates. To avoid relying on trusted log servers, CT includes mechanisms by which monitors and auditors can check whether logs are behaving honestly or not; these mechanisms are primarily based on Merkle tree hashing and authentication proofs. Given that CT is now being deployed, it is important to verify that it achieves its security goals. In this work, we define four security properties of logging schemes such as CT that can be assured via cryptographic means, and show that CT does achieve these security properties. We consider two classes of security goals: those involving security against a malicious logger attempting to present different views of the log to different parties or at different points in time, and those involving security against malicious monitors who attempt to frame an honest log for failing to include a certificate in the log. We show that Certificate Transparency satisfies these security properties under various assumptions on Merkle trees all of which reduce to collision resistance of the underlying hash function (and in one case with the additional assumption of unforgeable signatures).

© 2004-2018 中国地质图书馆版权所有 京ICP备05064691号 京公网安备11010802017129号

地址:北京市海淀区学院路29号 邮编:100083

电话:办公室:(+86 10)66554848;文献借阅、咨询服务、科技查新:66554700