Certificate Transparency with Enhancements and Short Proofs

Singh, Abhishek; Sengupta, Binanda; Ruj, Sushmita

doi:10.1007/978-3-319-59870-3_22

Cited by 15 publications

(4 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The complexity of the proofs is O(log n) both in time and space. There is another proposal in the same direction that aims at providing constant size proofs, but at the cost of using bilinearmap accumulators [62].…”

Section: Revocationmentioning

confidence: 99%

A Blockchain Approach for Decentralized V2X (D-V2X)

Agudo

Montenegro-Gomez

López

2021

IEEE Trans. Veh. Technol.

View full text Add to dashboard Cite

New mobility paradigms have appeared in recent years, and everything suggests that some more are coming. This fact makes apparent the necessity of modernizing the road infrastructure, the signalling elements and the traffic management systems. Many initiatives have emerged around the term Intelligent Transport System (ITS) in order to define new scenarios and requirements for this kind of applications. We even have two main competing technologies for implementing Vehicular communication protocols (V2X), C-V2X and 802.11p, but neither of them is widely deployed yet.One of the main barriers for the massive adoption of those technologies is governance. Current solutions rely on the use of a public key infrastructure that enables secure collaboration between the different entities in the V2X ecosystem, but given its global scope, managing such infrastructure requires reaching agreements between many parties, with conflicts of interest between automakers and telecommunication operators. As a result, there are plenty of use cases available and two mature communication technologies, but the complexity at the business layer is stopping the drivers from taking advantage of ITS applications.Blockchain technologies are defining a new decentralized paradigm for most traditional applications, where smart contracts provide a straightforward mechanism for decentralized governance. In this work, we propose an approach for decentralized V2X (D-V2X) that does not require any trusted authority and can be implemented on top of any communication protocol. We also define a proof-of-concept technical architecture on top of a cheap and highly secure System-on-Chip (SoC) that could allow for massive adoption of D-V2X.

show abstract

Section: Revocationmentioning

confidence: 99%

A Blockchain Approach for Decentralized V2X (D-V2X)

Agudo

Montenegro-Gomez

López

2021

IEEE Trans. Veh. Technol.

View full text Add to dashboard Cite

show abstract

“…Besides these issues, CT left revocation as an open problem and still relies on existing methods for revocation. Proposals like revocation transparency [52], CIRT [53], CT with Enhancements and Short Proofs [54], and PKI safety net (PKISN) [55] have been suggested to solve CT's revocation problem, but none has been incorporated in CT yet. While existing certificate revocation schemes CRL [16] and OCSP [17] are still unsatisfactory.…”

Section: B Remaining Challengesmentioning

confidence: 99%

Attack-Resilient TLS Certificate Transparency

et al. 2020

View full text Add to dashboard Cite

The security of Public-Key Infrastructure (PKI) for Internet-based communications has lately attracted researchers' attention because of Certification Authorities (CAs) crashes and consequent attacks. Google Certificate Transparency and subsequent log-based PKI proposals (e.g., AKI and ARPKI) have succeeded in making certificate-management processes more transparent, accountable, and verifiable. However, those proposals failed to solve the root CA generous delegation of trust to intermediate CAs, non-conformant certificate-issuance by them, and lack of rigorous authentication of domain ownership during certificate-issuance problems. This study presents Attack-Resilient TLS Certificate Transparency (ARCT) based on log servers to address these problems. ARCT enables root CA to enforce intermediate CAs to follow community standards through leveraging a log server at each root level. It also introduces a collaborative domain ownership verification method that deters false certificate-issuance and ensures that a set of CAs validates every certificate before any client will accept it. A certificate collectively approved by a set of CAs assures users that the certificate has been seen, and not instantly detected malicious, by a group of CAs. Finally, formal security and performance evaluations prove the reliability and effectiveness of ARCT.

show abstract

“…CT was not designed to provide certificate revocation. Revocation transparency, 49 CIRT, 50 CT with Enhancements and Short Proofs, 51 and PKI safety net (PKISN) 52 were proposed to resolve the TLS certificate revocation left by CT as an open problem. However, CT does not provide any certificate revocation to date.…”

Section: Related Workmentioning

confidence: 99%

SCM: Secure and accountable TLS certificate management

Khan

Zhang

Zhu

et al. 2020

Int J Communication

View full text Add to dashboard Cite

Summary In classical public‐key infrastructure (PKI), the certificate authorities (CAs) are fully trusted, and the security of the PKI relies on the trustworthiness of the CAs. However, recent failures and compromises of CAs showed that if a CA is corrupted, fake certificates may be issued, and the security of clients will be at risk. As emerging solutions, blockchain‐ and log‐based PKI proposals potentially solved the shortcomings of the PKI, in particular, eliminating the weakest link security and providing a rapid remedy to CAs' problems. Nevertheless, log‐based PKIs are still exposed to split‐world attacks if the attacker is capable of presenting two distinct signed versions of the log to the targeted victim(s), while the blockchain‐based PKIs have scaling and high‐cost issues to be overcome. To address these problems, this paper presents a secure and accountable transport layer security (TLS) certificate management (SCM), which is a next‐generation PKI framework. It combines the two emerging architectures, introducing novel mechanisms, and makes CAs and log servers accountable to domain owners. In SCM, CA‐signed domain certificates are stored in log servers, while the management of CAs and log servers is handed over to a group of domain owners, which is conducted on the blockchain platform. Different from existing blockchain‐based PKI proposals, SCM decreases the storage cost of blockchain from several hundreds of GB to only hundreds of megabytes. Finally, we analyze the security and performance of SCM and compare SCM with previous blockchain‐ and log‐based PKI schemes.

show abstract

Certificate Transparency with Enhancements and Short Proofs

Cited by 15 publications

References 21 publications

A Blockchain Approach for Decentralized V2X (D-V2X)

A Blockchain Approach for Decentralized V2X (D-V2X)

Attack-Resilient TLS Certificate Transparency

SCM: Secure and accountable TLS certificate management

Contact Info

Product

Resources

About