Certificate Transparency With Enhanced Privacy

Hyunsoo Kwon, Sangtae Lee, Minjae Kim, Changhee Hahn, Junbeom Hur

Research output: Contribution to journalArticlepeer-review

2 Citations (Scopus)

Abstract

Digital certificates play an important role in the authentication of communicating parties for transport layer security. Recently, however, frequent incidents such as the illegal issuance of fake certificates by a compromised certificate authority have raised concerns about the legacy certificate system. Certificate Transparency (CT) mitigates such issues by employing a log server to audit issued certificates publicly, making the certificate issuance and verification processes transparent. Unfortunately, the legacy CT ecosystem suffers from log server compromises and user browsing information leakage. Furthermore, the data structure for the certificate management in the legacy CT system incurs computation overhead linear to the number of registered certificates in the log. In this paper, we propose a secure CT scheme by leveraging a shared value tree (SVT), a novel log structure specifically designed to address the log server compromise and browsing information leakage problems. The verification time of SVT remains constant regardless of the number of registered certificates in the log. We analyze our scheme on the legacy CT system to demonstrate its incremental deployability, guaranteeing a smooth transition toward a more secure web ecosystem.

Original languageEnglish
Pages (from-to)3860-3872
Number of pages13
JournalIEEE Transactions on Dependable and Secure Computing
Volume20
Issue number5
DOIs
Publication statusPublished - 2023 Sept 1

Bibliographical note

Publisher Copyright:
© 2004-2012 IEEE.

Keywords

  • Certificate transparency
  • split-world attack
  • user's browsing privacy

ASJC Scopus subject areas

  • General Computer Science
  • Electrical and Electronic Engineering

Fingerprint

Dive into the research topics of 'Certificate Transparency With Enhanced Privacy'. Together they form a unique fingerprint.

Cite this