Revisiting User Privacy for Certificate Transparency

Kales, Daniel; Omolola, Olamide; Ramacher, Sebastian

doi:10.1109/eurosp.2019.00039

Cited by 13 publications

(5 citation statements)

References 34 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Lueks and Goldberg were the first to propose using PIR for CT [48], and a more performant solution was later proposed by Kales, Omolola, and Ramacher [35]. Recently, Kogan and Corrigan-Gibbs proposed a PIR solution, Checklist, for the related problem of Safe Browsing [36].…”

Section: Private Information Retrieval (Pir)mentioning

confidence: 99%

SoK: SCT Auditing in Certificate Transparency

Meiklejohn

DeBlasio

O’Brien

et al. 2022

PoPETs

View full text Add to dashboard Cite

The Web public key infrastructure is essential to providing secure communication on the Internet today, and certificate authorities play a crucial role in this ecosystem by issuing certificates. These authorities may misissue certificates or suffer misuse attacks, however, which has given rise to the Certificate Transparency (CT) project. The goal of CT is to store all issued certificates in public logs, which can then be checked for the presence of potentially misissued certificates. Thus, the requirement that a given certificate is indeed in one (or several) of these logs lies at the core of CT. In its current deployment, however, most individual clients do not check that the certificates they see are in logs, as requesting a proof of inclusion directly reveals the certificate and thus creates the clear potential for a violation of that client’s privacy. In this paper, we explore the techniques that have been proposed for privacy-preserving auditing of certificate inclusion, focusing on their effectiveness, efficiency, and suitability in a near-term deployment. In doing so, we also explore the parallels with related problems involving browser clients. Guided by a set of constraints that we develop, we ultimately observe several key limitations in many proposals, ranging from their privacy provisions to the fact that they focus on the interaction between a client and a log but leave open the question of how a client could privately report any certificates that are missing.

show abstract

Section: Private Information Retrieval (Pir)mentioning

confidence: 99%

SoK: SCT Auditing in Certificate Transparency

Meiklejohn

DeBlasio

O’Brien

et al. 2022

PoPETs

View full text Add to dashboard Cite

show abstract

“…As Android does not allow third-party developers to implement applications for Android's TEE Trusty [7], we use hardware-backed crypto operations already implemented by Android instead. We use the code of [70] to instantiate FSS-PIR. We implement the AGCT in C++ and follow previous work on cuckoo hashing [108] by using tabulation hashing for the hash functions.…”

Section: Discussionmentioning

confidence: 99%

“…We omit the overhead of remote attestation for the sake of simplicity. For RIPPLE PIR , we use the FSS-PIR scheme of [17,70] as the baseline and the addresses are hashed with SHA-256 and trimmed to 40−1+log 2 (p•𝐸 avg ), where p represents the number of participants and 𝐸 avg represents the average number of encounters per participant per simulation step. We set 𝐸 avg = 100 while benchmarking based on numbers provided by research on epidemiological modeling [40,95].…”

Section: Discussionmentioning

confidence: 99%

Privacy-Preserving Epidemiological Modeling on Mobile Graphs

Günther¹,

Holz²,

Judkewitz³

et al. 2022

Preprint

View full text Add to dashboard Cite

Over the last two years, governments all over the world have used a variety of containment measures to control the spread of COVID-19, such as contact tracing, social distance regulations, and curfews. Epidemiological simulations are commonly used to assess the impact of those policies before they are implemented in actuality. Unfortunately, their predictive accuracy is hampered by the scarcity of relevant empirical data, concretely detailed social contact graphs. As this data is inherently privacy-critical, there is an urgent need for a method to perform powerful epidemiological simulations on real-world contact graphs without disclosing sensitive information.In this work, we present RIPPLE, a privacy-preserving epidemiological modeling framework that enables the execution of a wide range of standard epidemiological models for any infectious disease on a population's most recent real contact graph while keeping all contact information private locally on the participants' devices. In this regard, we also present PIR-SUM, a novel extension to private information retrieval that allows users to securely download the sum of a set of elements from a database rather than individual elements. Our theoretical constructs are supported by a proof-ofconcept implementation in which we show that a 2-week simulation over a population of half a million can be finished in 7 minutes with each participant consuming less than 50 KB of data.

show abstract

“…Tomescu et al [49] propose a transparency log system that minimizes proof sizes and bandwidth usage at the cost of the increased append times. Kales et al [22] study effects of CT on user privacy and implement privacy-preserving and efficient membership testing for CT logs, which can potentially enable the use of the logs for direct and secure postcertificate lookup by clients.…”

Section: B Revocation Processmentioning

confidence: 99%

Postcertificates for Revocation Transparency

Korzhitskii¹,

Nemec²,

Carlsson³

2022

Preprint

View full text Add to dashboard Cite

The modern Internet is highly dependent on trust communicated via certificates. However, in some cases, certificates become untrusted, and it is necessary to revoke them. In practice, the problem of secure revocation is still open. Furthermore, the existing procedures do not leave a transparent and immutable revocation history. We propose and evaluate a new revocation transparency protocol that introduces postcertificates and utilizes the existing Certificate Transparency (CT) logs. The protocol is practical, has a low deployment cost, provides an immutable history of revocations, enables delegation, and helps to detect revocation-related misbehavior by certificate authorities (CAs). With this protocol, a holder of a postcertificate can bypass the issuing CA and autonomously initiate the revocation process via submission of the postcertificate to a CT log. The CAs are required to monitor CT logs and proceed with the revocation upon detection of a postcertificate. Revocation status delivery is performed independently and with an arbitrary status protocol. Postcertificates can increase the accountability of the CAs and empower the certificate owners by giving them additional control over the status of the certificates. We evaluate the protocol, measure log and monitor performance, and conclude that it is possible to provide revocation transparency using existing CT logs.

show abstract

Revisiting User Privacy for Certificate Transparency

Cited by 13 publications

References 34 publications

SoK: SCT Auditing in Certificate Transparency

SoK: SCT Auditing in Certificate Transparency

Privacy-Preserving Epidemiological Modeling on Mobile Graphs

Postcertificates for Revocation Transparency

Contact Info

Product

Resources

About