RITM: Revocation in the Middle

Szałachowski, Paweł; Chuat, Laurent; Lee, Tae‐Ho; Perrig, Adrian

doi:10.1109/icdcs.2016.91

Cited by 17 publications

(10 citation statements)

References 28 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Short-lived, multisigned certificates greatly reduce the need for a revocation system, but do not completely suppress it. Given that designing a satisfactory revocation system has proven to be an extremely challenging task [25,38,39], we consider it to go beyond the scope of this paper. Nevertheless, the security of BlockPKI can be further improved by combining it with any existing revocation scheme.…”

Section: Discussionmentioning

confidence: 99%

BlockPKI: An Automated, Resilient, and Transparent Public-Key Infrastructure

Dykcik

Chuat

Szałachowski³

et al. 2018

2018 IEEE International Conference on Data Mining Workshops (ICDMW)

Self Cite

View full text Add to dashboard Cite

This paper describes BlockPKI, a blockchain-based public-key infrastructure that enables an automated, resilient, and transparent issuance of digital certificates. Our goal is to address several shortcomings of the current TLS infrastructure and its proposed extensions. In particular, we aim at reducing the power of individual certification authorities and make their actions publicly visible and accountable, without introducing yet another trusted third party. To demonstrate the benefits and practicality of our system, we present evaluation results and describe our prototype implementation.

show abstract

Section: Discussionmentioning

confidence: 99%

BlockPKI: An Automated, Resilient, and Transparent Public-Key Infrastructure

Dykcik

Chuat

Szałachowski³

et al. 2018

2018 IEEE International Conference on Data Mining Workshops (ICDMW)

Self Cite

View full text Add to dashboard Cite

show abstract

“…One approach is through a middlebox. Revocation in the Middle (RITM) [8] is one such strategy that distributes revocation information to middleboxes throughout the Internet via a CDN. As the middlebox intercepts traffic, it checks each certificate's revocation status and appends this status to the connection as part of a TLS extension.…”

Section: Network-assisted Revocationmentioning

confidence: 99%

“…For CRLs and OCSP these requirements are highly variable depending on the usage of certificates by a given client, though average costs can be established for both of these strategies. For 7 While other revocation strategies also allow clients to adopt a hard-fail policy (such as OCSP Must-Staple [25] and RITM [8]), no other previously proposed strategy can do so without adding new entities in the PKI ecosystem or forcing relatively high numbers of servers to change their configurations and key management practices.…”

Section: A Efficiencymentioning

confidence: 99%

“…Among these concerns are scalability [2]- [4], privacy [5], page loading delays [5], and susceptibility to downgrade attacks [2], [5], [6]. The remaining strategies have other debilitating weaknesses, such as requiring significant infrastructure changes [7], [8] or opening new attack surfaces [9]. Due to these critical issues, certificate revocation is ignored by most clients, leaving many computers and mobile devices vulnerable to attack [10].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Let's Revoke: Scalable Global Certificate Revocation

Smith¹,

Dickenson²,

Seamons³

2020

Proceedings 2020 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

Current revocation strategies have numerous issues that prevent their widespread adoption and use, including scalability, privacy, and new infrastructure requirements. Consequently, revocation is often ignored, leaving clients vulnerable to man-in-the-middle attacks. This paper presents Let's Revoke, a scalable global revocation strategy that addresses the concerns of current revocation checking. Let's Revoke introduces a new unique identifier to each certificate that serves as an index to a dynamically-sized bit vector containing revocation status information. The bit vector approach enables significantly more efficient revocation checking for both clients and certificate authorities. We compare Let's Revoke to existing revocation schemes and show that it requires less storage and network bandwidth than other systems, including those that cover only a fraction of the global certificate space. We further demonstrate through simulations that Let's Revoke scales linearly up to ten billion certificates, even during mass revocation events.

show abstract

“…They scanned over the whole Internet and found misconfigured trust relationships between certificate chains that can be exploited. Other studies such as [15], [32] have also analysed the aspect of HTTPS certificate validation and revocation and found several issues that can allow attackers to interfere with the security provided by HTTPS.…”

Section: Related Workmentioning

confidence: 99%

Investigating Secure Implementation of Government Web based Systems in Tanzania

Kondoro¹,

Mtebe²

2018

IJCA

View full text Add to dashboard Cite

The government of Tanzania has been adopting various webbased systems to improve public services to its citizens. With these systems being online, security and privacy have started to play a key role. Many systems use HTTP over Transport Layer Security (HTTPS) to secure their web front ends. However, many HTTPS implementations still suffer from several security and privacy problems. This study investigated the security of HTTPS implementations government webbased systems in Tanzania. Using a sample of 74 government web-based systems, an automated tool testssl was used to check for well-known HTTPS/SSL vulnerabilities, configuration mistakes, support for outdated and vulnerable protocols, and adherence to HTTPS best practices. Results show that 43% of web systems have serious HTTPS security issues due to vulnerabilities, and configuration mistakes. These issues can lead to system compromise , disclosure of sensitive information, and loss of privacy to citizens. The study highlights these security issues that may have been overlooked and offers suggestions that may prevent them in the future

show abstract

RITM: Revocation in the Middle

Cited by 17 publications

References 28 publications

BlockPKI: An Automated, Resilient, and Transparent Public-Key Infrastructure

BlockPKI: An Automated, Resilient, and Transparent Public-Key Infrastructure

Let's Revoke: Scalable Global Certificate Revocation

Investigating Secure Implementation of Government Web based Systems in Tanzania

Contact Info

Product

Resources

About