Digital certificates play an important role in the authentication of communicating parties for transport layer security. Recently, however, frequent incidents such as the illegal issuance of fake certificates by a compromised certificate authority have raised concerns about the legacy certificate system. Certificate Transparency (CT) mitigates such issues by employing a log server to audit issued certificates publicly, making the certificate issuance and verification processes transparent. Unfortunately, the legacy CT ecosystem suffers from log server compromises and user browsing information leakage. Furthermore, the data structure for the certificate management in the legacy CT system incurs computation overhead linear to the number of registered certificates in the log. In this paper, we propose a secure CT scheme by leveraging a shared value tree (SVT), a novel log structure specifically designed to address the log server compromise and browsing information leakage problems. The verification time of SVT remains constant regardless of the number of registered certificates in the log. We analyze our scheme on the legacy CT system to demonstrate its incremental deployability, guaranteeing a smooth transition toward a more secure web ecosystem.
|Number of pages||13|
|Journal||IEEE Transactions on Dependable and Secure Computing|
|Publication status||Published - 2023 Sept 1|
Bibliographical noteFunding Information:
This work was supported in part by the National Research Foundation of Korea (NRF) funded by the Korea government (MSIT) under Grant 2021R1F1A1061420, in part by the Institute of Information & communications Technology Planning & Evaluation (IITP) funded by the Korea government (MSIT) under Grants 2022-0-00411, IITP-2022-2020-0-01819 and IITP-2022-2021-0-01810, and in part by the Basic Science Research Program through the National Research Foundation of Korea (NRF) funded by the Ministry of Education under Grant NRF-2021R1A6A1A13044830.
© 2004-2012 IEEE.
- Certificate transparency
- split-world attack
- user's browsing privacy
ASJC Scopus subject areas
- Electrical and Electronic Engineering
- Computer Science(all)