Certificate Transparency With Enhanced Privacy

Hyunsoo Kwon, Sangtae Lee, Minjae Kim, Changhee Hahn, Junbeom Hur

Research output: Contribution to journalArticlepeer-review

Abstract

Digital certificates play an important role in the authentication of communicating parties for transport layer security. Recently, however, frequent incidents such as the illegal issuance of fake certificates by a compromised certificate authority have raised concerns about the legacy certificate system. Certificate Transparency (CT) mitigates such issues by employing a log server to audit issued certificates publicly, making the certificate issuance and verification processes transparent. Unfortunately, the legacy CT ecosystem suffers from log server compromises and user browsing information leakage. Furthermore, the data structure for the certificate management in the legacy CT system incurs computation overhead linear to the number of registered certificates in the log. In this paper, we propose a secure CT scheme by leveraging a shared value tree (SVT), a novel log structure specifically designed to address the log server compromise and browsing information leakage problems. The verification time of SVT remains constant regardless of the number of registered certificates in the log. We analyze our scheme on the legacy CT system to demonstrate its incremental deployability, guaranteeing a smooth transition toward a more secure web ecosystem.

Original languageEnglish
Pages (from-to)3860-3872
Number of pages13
JournalIEEE Transactions on Dependable and Secure Computing
Volume20
Issue number5
DOIs
Publication statusPublished - 2023 Sept 1

Bibliographical note

Funding Information:
This work was supported in part by the National Research Foundation of Korea (NRF) funded by the Korea government (MSIT) under Grant 2021R1F1A1061420, in part by the Institute of Information & communications Technology Planning & Evaluation (IITP) funded by the Korea government (MSIT) under Grants 2022-0-00411, IITP-2022-2020-0-01819 and IITP-2022-2021-0-01810, and in part by the Basic Science Research Program through the National Research Foundation of Korea (NRF) funded by the Ministry of Education under Grant NRF-2021R1A6A1A13044830.

Publisher Copyright:
© 2004-2012 IEEE.

Keywords

  • Certificate transparency
  • split-world attack
  • user's browsing privacy

ASJC Scopus subject areas

  • Electrical and Electronic Engineering
  • Computer Science(all)

Fingerprint

Dive into the research topics of 'Certificate Transparency With Enhanced Privacy'. Together they form a unique fingerprint.

Cite this