Certificate Transparency With Enhanced Privacy

Hyunsoo Kwon; Sangtae Lee; Minjae Kim; Changhee Hahn; Junbeom Hur

doi:10.1109/TDSC.2022.3214235

Certificate Transparency With Enhanced Privacy

Hyunsoo Kwon, Sangtae Lee, Minjae Kim, Changhee Hahn, Junbeom Hur

Department of Computer Science and Engineering

Research output: Contribution to journal › Article › peer-review

Abstract

Digital certificates play an important role in the authentication of communicating parties for transport layer security. Recently, however, frequent incidents such as the illegal issuance of fake certificates by a compromised certificate authority have raised concerns about the legacy certificate system. Certificate Transparency (CT) mitigates such issues by employing a log server to audit issued certificates publicly, making the certificate issuance and verification processes transparent. Unfortunately, the legacy CT ecosystem suffers from log server compromises and user browsing information leakage. Furthermore, the data structure for the certificate management in the legacy CT system incurs computation overhead linear to the number of registered certificates in the log. In this paper, we propose a secure CT scheme by leveraging a shared value tree (SVT), a novel log structure specifically designed to address the log server compromise and browsing information leakage problems. The verification time of SVT remains constant regardless of the number of registered certificates in the log. We analyze our scheme on the legacy CT system to demonstrate its incremental deployability, guaranteeing a smooth transition toward a more secure web ecosystem.

Original language	English
Pages (from-to)	3860-3872
Number of pages	13
Journal	IEEE Transactions on Dependable and Secure Computing
Volume	20
Issue number	5
DOIs	https://doi.org/10.1109/TDSC.2022.3214235
Publication status	Published - 2023 Sept 1

Bibliographical note

Funding Information:
This work was supported in part by the National Research Foundation of Korea (NRF) funded by the Korea government (MSIT) under Grant 2021R1F1A1061420, in part by the Institute of Information & communications Technology Planning & Evaluation (IITP) funded by the Korea government (MSIT) under Grants 2022-0-00411, IITP-2022-2020-0-01819 and IITP-2022-2021-0-01810, and in part by the Basic Science Research Program through the National Research Foundation of Korea (NRF) funded by the Ministry of Education under Grant NRF-2021R1A6A1A13044830.

Publisher Copyright:
© 2004-2012 IEEE.

Keywords

Certificate transparency
split-world attack
user's browsing privacy

ASJC Scopus subject areas

Electrical and Electronic Engineering
Computer Science(all)

Access to Document

10.1109/TDSC.2022.3214235

Cite this

@article{c21cd42fc97040f9acedd1658e6235c1,

title = "Certificate Transparency With Enhanced Privacy",

abstract = "Digital certificates play an important role in the authentication of communicating parties for transport layer security. Recently, however, frequent incidents such as the illegal issuance of fake certificates by a compromised certificate authority have raised concerns about the legacy certificate system. Certificate Transparency (CT) mitigates such issues by employing a log server to audit issued certificates publicly, making the certificate issuance and verification processes transparent. Unfortunately, the legacy CT ecosystem suffers from log server compromises and user browsing information leakage. Furthermore, the data structure for the certificate management in the legacy CT system incurs computation overhead linear to the number of registered certificates in the log. In this paper, we propose a secure CT scheme by leveraging a shared value tree (SVT), a novel log structure specifically designed to address the log server compromise and browsing information leakage problems. The verification time of SVT remains constant regardless of the number of registered certificates in the log. We analyze our scheme on the legacy CT system to demonstrate its incremental deployability, guaranteeing a smooth transition toward a more secure web ecosystem.",

keywords = "Certificate transparency, split-world attack, user's browsing privacy",

author = "Hyunsoo Kwon and Sangtae Lee and Minjae Kim and Changhee Hahn and Junbeom Hur",

note = "Funding Information: This work was supported in part by the National Research Foundation of Korea (NRF) funded by the Korea government (MSIT) under Grant 2021R1F1A1061420, in part by the Institute of Information & communications Technology Planning & Evaluation (IITP) funded by the Korea government (MSIT) under Grants 2022-0-00411, IITP-2022-2020-0-01819 and IITP-2022-2021-0-01810, and in part by the Basic Science Research Program through the National Research Foundation of Korea (NRF) funded by the Ministry of Education under Grant NRF-2021R1A6A1A13044830. Publisher Copyright: {\textcopyright} 2004-2012 IEEE.",

year = "2023",

month = sep,

day = "1",

doi = "10.1109/TDSC.2022.3214235",

language = "English",

volume = "20",

pages = "3860--3872",

journal = "IEEE Transactions on Dependable and Secure Computing",

issn = "1545-5971",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

number = "5",

}

TY - JOUR

T1 - Certificate Transparency With Enhanced Privacy

AU - Kwon, Hyunsoo

AU - Lee, Sangtae

AU - Kim, Minjae

AU - Hahn, Changhee

AU - Hur, Junbeom

N1 - Funding Information: This work was supported in part by the National Research Foundation of Korea (NRF) funded by the Korea government (MSIT) under Grant 2021R1F1A1061420, in part by the Institute of Information & communications Technology Planning & Evaluation (IITP) funded by the Korea government (MSIT) under Grants 2022-0-00411, IITP-2022-2020-0-01819 and IITP-2022-2021-0-01810, and in part by the Basic Science Research Program through the National Research Foundation of Korea (NRF) funded by the Ministry of Education under Grant NRF-2021R1A6A1A13044830. Publisher Copyright: © 2004-2012 IEEE.

PY - 2023/9/1

Y1 - 2023/9/1

N2 - Digital certificates play an important role in the authentication of communicating parties for transport layer security. Recently, however, frequent incidents such as the illegal issuance of fake certificates by a compromised certificate authority have raised concerns about the legacy certificate system. Certificate Transparency (CT) mitigates such issues by employing a log server to audit issued certificates publicly, making the certificate issuance and verification processes transparent. Unfortunately, the legacy CT ecosystem suffers from log server compromises and user browsing information leakage. Furthermore, the data structure for the certificate management in the legacy CT system incurs computation overhead linear to the number of registered certificates in the log. In this paper, we propose a secure CT scheme by leveraging a shared value tree (SVT), a novel log structure specifically designed to address the log server compromise and browsing information leakage problems. The verification time of SVT remains constant regardless of the number of registered certificates in the log. We analyze our scheme on the legacy CT system to demonstrate its incremental deployability, guaranteeing a smooth transition toward a more secure web ecosystem.

AB - Digital certificates play an important role in the authentication of communicating parties for transport layer security. Recently, however, frequent incidents such as the illegal issuance of fake certificates by a compromised certificate authority have raised concerns about the legacy certificate system. Certificate Transparency (CT) mitigates such issues by employing a log server to audit issued certificates publicly, making the certificate issuance and verification processes transparent. Unfortunately, the legacy CT ecosystem suffers from log server compromises and user browsing information leakage. Furthermore, the data structure for the certificate management in the legacy CT system incurs computation overhead linear to the number of registered certificates in the log. In this paper, we propose a secure CT scheme by leveraging a shared value tree (SVT), a novel log structure specifically designed to address the log server compromise and browsing information leakage problems. The verification time of SVT remains constant regardless of the number of registered certificates in the log. We analyze our scheme on the legacy CT system to demonstrate its incremental deployability, guaranteeing a smooth transition toward a more secure web ecosystem.

KW - Certificate transparency

KW - split-world attack

KW - user's browsing privacy

UR - http://www.scopus.com/inward/record.url?scp=85140803208&partnerID=8YFLogxK

U2 - 10.1109/TDSC.2022.3214235

DO - 10.1109/TDSC.2022.3214235

M3 - Article

AN - SCOPUS:85140803208

SN - 1545-5971

VL - 20

SP - 3860

EP - 3872

JO - IEEE Transactions on Dependable and Secure Computing

JF - IEEE Transactions on Dependable and Secure Computing

IS - 5

ER -

Certificate Transparency With Enhanced Privacy

Abstract

Bibliographical note

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this