1. bookVolumen 2021 (2021): Heft 4 (October 2021)
16 Apr 2015
4 Hefte pro Jahr
access type Uneingeschränkter Zugang

LogPicker: Strengthening Certificate Transparency Against Covert Adversaries

Online veröffentlicht: 23 Jul 2021
Seitenbereich: 184 - 202
Eingereicht: 28 Feb 2021
Akzeptiert: 16 Jun 2021
16 Apr 2015
4 Hefte pro Jahr

HTTPS is a cornerstone of privacy in the modern Web. The public key infrastructure underlying HTTPS, however, is a frequent target of attacks. In several cases, forged certificates have been issued by compromised Certificate Authorities (CA) and used to spy on users at large scale. While the concept of Certificate Transparency (CT) provides a means for detecting such forgeries, it builds on a distributed system of CT logs whose correctness is still insufficiently protected. By compromising a certificate authority and the corresponding log, a covert adversary can still issue rogue certificates unnoticed.

We introduce LogPicker, a novel protocol for strengthening the public key infrastructure of HTTPS. LogPicker enables a pool of CT logs to collaborate, where a randomly selected log includes the certificate while the rest witness and testify the certificate issuance process. As a result, CT logs become capable of auditing the log in charge independently without the need for a trusted third party. This auditing forces an attacker to control each participating witness, which significantly raises the bar for issuing rogue certificates. LogPicker is efficient and designed to be deployed incrementally, allowing a smooth transition towards a more secure Web.

[1] 2016. Secure Logging Schemes and Certificate Transparency. Computer Security – ESORICS 2016. ESORICS 2016. Lecture Notes in Computer Science (2016). Search in Google Scholar

[2] 2019. How Certificate Transparency Works. https://www.certificate-transparency.org/how-ct-works Search in Google Scholar

[3] 2020. CA/Browser Forum. https://cabforum.org/ Search in Google Scholar

[4] 2020. CT2 Log Compromised via Salt Vulnerability. https://groups.google.com/a/chromium.org/forum/#!topic/ct-policy/aKNbZuJzwfM Search in Google Scholar

[5] Apple. 2019. Apple’s Certificate Transparency policy. https://support.apple.com/en-us/HT205280 Search in Google Scholar

[6] Apple. 2020. List of available trusted root certificates in iOS 12, macOS 10.14, watchOS 5, and tvOS 12. https://support.apple.com/de-de/HT209144 Search in Google Scholar

[7] D. F. Aranha, C. P. L. Gouvêa, T. Markmann, R. S. Wahby, and K. Liao. [n. d.]. RELIC is an Efficient LIbrary for Cryptography. https://github.com/relic-toolkit/relic. Search in Google Scholar

[8] Yonatan Aumann and Yehuda Lindell. 2010. Security against covert adversaries: Efficient protocols for realistic adversaries. Journal of Cryptology 23, 2 (2010), 281–343. Search in Google Scholar

[9] Andrew Ayer. 2018. How will Certificate Transparency Logs be Audited in Practice? https://www.agwa.name/blog/post/how_will_certificate_transparency_logs_be_audited_in_practice Search in Google Scholar

[10] Andrew Ayer. 2018. Timeline of Certificate Authority Failures. https://sslmate.com/certspotter/failures Search in Google Scholar

[11] David Basin, Cas Cremers, Tiffany Hyun-Jin Kim, Adrian Perrig, Ralf Sasse, and Pawel Szalachowski. 2014. ARPKI: Attack Resilient Public-Key Infrastructure. Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security - CCS ’14 (2014). Search in Google Scholar

[12] Enrico Bocchi, Luca De Cicco, and Dario Rossi. 2016. Measuring the quality of experience of web users. Computer Communication Review 46, 4 (2016), 8–13. Search in Google Scholar

[13] Dan Boneh, Craig Gentry, Ben Lynn, and Hovav Shacham. 2003. Aggregate and verifiably encrypted signatures from bilinear maps. In International Conference on the Theory and Applications of Cryptographic Techniques.10.1007/3-540-39200-9_26 Search in Google Scholar

[14] Matthieu Bussiere and Marcel Fratzscher. 2008. Low probability, high impact: Policy making and extreme events. Journal of Policy Modeling 30, 1 (2008), 111–121. Search in Google Scholar

[15] Sergej Chernov. 2015. Implement Certificate Transparency support (RFC 6962). https://bugzilla.mozilla.org/show_bug.cgi?id=1281469 Search in Google Scholar

[16] Laurent Chuat, Pawel Szalachowski, Adrian Perrig, Ben Laurie, and Eran Messeri. 2015. Efficient gossip protocols for verifying the consistency of Certificate logs. 2015 IEEE Conference on Communications and NetworkSecurity, CNS 2015 (2015).10.1109/CNS.2015.7346853 Search in Google Scholar

[17] D. Cooper, S. Santesson, S. Farrell, S. Boeyen, R. Housley, and W. Polk. 2008. Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. RFC 5280 (Proposed Standard).10.17487/rfc5280 Search in Google Scholar

[18] Peter Eckersley. 2012. Sovereign Key Cryptography for Internet Domains. Technical Report. Search in Google Scholar

[19] C. Evans and C. Palmer. 2011. Public Key Pinning Extension for HTTP. https://datatracker.ietf.org/doc/rfc7469/ Search in Google Scholar

[20] C. Evans, C. Palmer, and R. Sleevi. 1993. RFC1464: Using the Domain Name System To Store Arbitrary String Attributes. IETF RFC (1993). https://doi.org/10.17487/RFC746910.17487/RFC7469 Search in Google Scholar

[21] CA/Browser Forum. 2019. Guidelines For The Issuance And Management Of Extended Validation Certificates. cabforum.org. https://cabforum.org/wp-content/uploads/CABrowser-Forum-EV-Guidelines-v1.7.1.pdf. Search in Google Scholar

[22] CA/Browser Forum. 2020. Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates. cabforum.org. https://cabforum.org/wp-content/uploads/CA-Browser-Forum-BR-1.6.8.pdf. Search in Google Scholar

[23] Eva Galperin, Seth Schoen, and Peter Eckersley. 2013. A Post Mortem on the Iranian DigiNotar Attack. https://www.eff.org/de/deeplinks/2011/09/post-mortem-iranian-diginotar-attack Search in Google Scholar

[24] Artyom Gavrichenkov. 2015. Breaking HTTPS with BGP hijacking. Black Hat. Briefings (2015). Search in Google Scholar

[25] Oded Goldreich. 2006. Foundations of Cryptography: Volume 1. Cambridge University Press, USA. Search in Google Scholar

[26] Google. 2020. Certificate Transparency - Known Logs. https://www.certificate-transparency.org/known-logs Search in Google Scholar

[27] Google. 2020. Google Root Store: 2020-10-21 - Proposed. https://docs.google.com/spreadsheets/d/e/2PACX-1vQ7Jtb4NxCSaEtCaisz2u3NQZcHejDUjI3Q-utBnLC5E7w4crv6QZ9GRDb2bFGbLgUQsgQyF0Y8eoN/pubhtml Search in Google Scholar

[28] Google. 2020. Transparency report: HTTPS encryption on the web (2020-01-23). https://transparencyreport.google.com/https/overview?hl=en Search in Google Scholar

[29] Charles Miller Grinstead and James Laurie Snell. 2012. Introduction to probability. American Mathematical Soc.10.1090/stml/057 Search in Google Scholar

[30] P. Hallam-Baker and R. Stradling. 2013. RFC6844: NS Certification Authority Authorization (CAA) Resource Record. IETF RFC (2013).10.17487/rfc6844 Search in Google Scholar

[31] B. Hof. 2017. STH Cross Logging. IETF RFC draft (2017). https://tools.ietf.org/id/draft-hof-trans-cross-00.html Search in Google Scholar

[32] P. Hoffman and J. Schlyter. 2012. RFC6698: The DNS-Based Authentication of Named Entities (DANE) Transport Layer Security (TLS) Protocol: TLSA. IETF RFC (2012).10.17487/rfc6698 Search in Google Scholar

[33] R. Housley and K. O’Donoghue. 2017. Problems with the Public Key Infrastructure (PKI) for the World Wide Web. IETF Draft (2017). https://tools.ietf.org/html/draft-iabweb-pki-problems-01 Search in Google Scholar

[34] David Huang and Brad Hill. 2016. Early Impacts of Certificate Transparency. https://www.facebook.com/notes/protect-the-graph/early-impacts-of-certificate-transparency/1709731569266987/ Search in Google Scholar

[35] Kazakhtelecom JSC. 2015. Kazakhtelecom JSC notifies on introduction of National security certificate from 1 January 2016. https://web.archive.org/web/20151202203337/ http://telecom.kz/en/news/view/18729/ Search in Google Scholar

[36] J. Katz and Y. Lindell. 2014. Introduction to Modern Cryptography, Second Edition. Taylor & Francis.10.1201/b17668 Search in Google Scholar

[37] S Kent. 2018. Attack and Threat Model for Certificate Transparency. Internet Engineering Task Force (2018). Search in Google Scholar

[38] Leslie Lamport, Robert Shostak, and Marshall Pease. 1982. The Byzantine Generals Problem. ACM Transactions on Programming Languages and Systems (1982), 382–401. Search in Google Scholar

[39] Adam Langley. 2013. Fraudulent Digital Certificates Could Allow Spoofing. https://security.googleblog.com/2013/01/enhancing-digital-certificate-security.html Search in Google Scholar

[40] Adam Langley. 2013. Further improving digital certificate security. https://security.googleblog.com/2013/12/further-improving-digital-certificate.html Search in Google Scholar

[41] Ben Laurie. 2014. Certificate Transparency. ACM Queue 8 (2014).10.1145/2668152.2668154 Search in Google Scholar

[42] Ben Laurie and Emilia Kasper. 2012. Revocation transparency. Google Research, September (2012).10.17487/rfc6962 Search in Google Scholar

[43] B. Laurie, A. Langley, and E. Kasper. 2013. RFC6962: Certificate Transparency. IETF RFC (2013).10.17487/rfc6962 Search in Google Scholar

[44] Bingyu Li, Jingqiang Lin, Fengjun Li, Qiongxiao Wang, Qi Li, Jiwu Jing, and Congli Wang. 2019. Certificate transparency in the wild: Exploring the reliability of monitors. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. Search in Google Scholar

[45] Wouter Lueks and Ian Goldberg. 2015. Sublinear Scaling for Multi-Client Private Information Retrieval. In Financial Cryptography and Data Security, Rainer Böhme and Tatsuaki Okamoto (Eds.). 168–186. Search in Google Scholar

[46] Gervase Markham. 2016. Incidents involving the CA WoSign. https://groups.google.com/forum/#!topic/mozilla.dev.security.policy/k9PBmyLCi8I%5B1-25%5D Search in Google Scholar

[47] M. Marlinspike and T. Perrin. 2013. Trust Assertions for Certificate Keys. IETF Draft (2013). Search in Google Scholar

[48] Mozilla. 2019. Mozilla takes action to protect users in Kazakhstan. https://blog.mozilla.org/blog/2019/08/21/mozilla-takes-action-to-protect-users-in-kazakhstan/ Search in Google Scholar

[49] Johnathan Nightingale. 2011. Revoking Trust in DigiCert Sdn. Bhd Intermediate Certificate Authority. https://blog.mozilla.org/security/2011/11/03/revoking-trust-in-digicertsdn-bhd-intermediate-certificate-authority/ Search in Google Scholar

[50] L. Nordberg, D. Gillmor, and T. Ritter. 2018. Gossiping in CT. IETF Draft (2018). https://tools.ietf.org/html/draft-ietf-trans-gossip-05 Search in Google Scholar

[51] Devon O’Brien. 2018. Certificate Transparency Enforcement in Chrome and CT Day in London. https://groups.google.com/a/chromium.org/d/msg/ct-policy/Qqr59r6yn1A/2t0bWblZBgAJ Search in Google Scholar

[52] Devon O’Brien. 2020. Chrome CT 2020 Plans. https://groups.google.com/a/chromium.org/g/ct-policy/c/dqFtoFBy8YU/m/Xa67FWVCEgAJ Search in Google Scholar

[53] Lukasz Olejnik, Claude Castelluccia, and Artur Janc. 2012. Why Johnny Can’t Browse in Peace: On the Uniqueness of Web Browsing History Patterns. In 5th Workshop on Hot Topics in Privacy Enhancing Technologies (HotPETs 2012). Vigo, Spain. https://hal.inria.fr/hal-00747841 Search in Google Scholar

[54] Rolf Oppliger. 2014. Certification authorities under attack: A plea for certificate legitimation. IEEE Internet Computing (2014).10.1109/MIC.2013.5 Search in Google Scholar

[55] Serguei Popov. 2017. On a decentralized trustless pseudo-random number generation algorithm. Journal of Mathematical Cryptology (2017).10.1515/jmc-2016-0019 Search in Google Scholar

[56] J.R. Prins. 2011. DigiNotar Certificate Authority breach “Operation Black Tulip”. Technical Report. Fox-IT, Delft. Search in Google Scholar

[57] Ram Sundara Raman, Leonid Evdokimov, Eric Wurstrow, J Alex Halderman, and Roya Ensafi. 2020. Investigating Large Scale HTTPS Interception in Kazakhstan. In Proceedings of the ACM Internet Measurement Conference. 125–132. Search in Google Scholar

[58] Tom Ritter. 2016. a bit on certificate transparency gossip. https://ritter.vg/blog-a_bit_on_certificate_transparency_gossip.html Search in Google Scholar

[59] Mark D. Ryan. 2014. Enhanced Certificate Transparency and End-to-End Encrypted Mail. In Proceedings 2014 Network and Distributed System Security Symposium. Internet Society. https://doi.org/10.14722/ndss.2014.2337910.14722/ndss.2014.23379 Search in Google Scholar

[60] S. Santesson, M. Myers, R. Ankney, A. Malpani, S. Galperin, and C. Adams. 2013. RFC6960: X.509 Internet Public Key Infrastructure Online Certificate Status Protocol- OCSP. IETF RFC (2013). https://tools.ietf.org/html/rfc6960 Search in Google Scholar

[61] Seht Schoen. 2015. Please support wildcard certificates [Online discussion group]. https://community.letsencrypt.org/t/please-support-wildcard-certificates/258/19 Search in Google Scholar

[62] Ryan Sleevi. 2016. Announcement: Requiring Certificate Transparency in 2017. https://groups.google.com/a/chromium.org/forum/#!msg/ct-policy/78N3SMcqUGw/ykIwHXuqAQAJ Search in Google Scholar

[63] Ryan Sleevi. 2016. Certificate Transparency in Chrome. Technical Report. https://groups.google.com/g/mozilla.dev.security.policy/c/VJYX1Wnnhiw/m/ecenP98wBgAJ Search in Google Scholar

[64] Ryan Sleevi and Eran Messeri. 2017. Certificate Transparency in Chrome: Monitoring CT logs consistency. Technical Report. Google. https://docs.google.com/document/d/1FP5J5Sfsg0OR9P4YT0q1dM02iavhi8ix1mZlZe_z-ls/edit Search in Google Scholar

[65] Christopher Soghoian and Sid Stamm. 2010. Certified Lies: Detecting and defeating government interception attacks against SSL. In Proceedings of ACM Symposium on Operating Systems Principles. 1–18.10.2139/ssrn.1591033 Search in Google Scholar

[66] Stephan Somogyi. 2015. Improved Digital Certificate Security. https://security.googleblog.com/2015/09/improved-digital-certificate-security.html Search in Google Scholar

[67] Sooel Son and Vitaly Shmatikov. 2010. The hitchhiker’s guide to DNS cache poisoning. Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering (2010).10.1007/978-3-642-16161-2_27 Search in Google Scholar

[68] Nick Sullivan. 2018. Introducing Certificate Transparency and Nimbus. https://blog.cloudflare.com/introducing-certificate-transparency-and-nimbus/ Search in Google Scholar

[69] Ewa Syta, Philipp Jovanovic, Eleftherios Kokoris Kogias, and Nicolas Gailly. 2017. Scalable Bias-Resistant Distributed Randomness. In 2017 IEEE Symposium on Security and Privacy.10.1109/SP.2017.45 Search in Google Scholar

[70] Ewa Syta, Iulia Tamas, Dylan Visher, David Isaac Wolinsky, Philipp Jovanovic, Linus Gasser, Nicolas Gailly, Ismail Khoffi, and Bryan Ford. 2016. Keeping Authorities ‘Honest or Bust’ with Decentralized Witness Cosigning. In 2016 IEEE Symposium on Security and Privacy. 526–545.10.1109/SP.2016.38 Search in Google Scholar

[71] Tom Van Goethem, Ping Chen, Nick Nikiforakis, Lieven Desmet, and Wouter Joosen. 2017. Large-scale security analysis of the web: Challenges and findings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) 8564 LNCS (2017), 110–126. Search in Google Scholar

[72] Jeremy Wagner. 2020. Why Performance Matters. https://developers.google.com/web/fundamentals/performance/why-performance-matters Search in Google Scholar

[73] Dan Wendlandt, David G. Andersen, and Adrian Perrig. 2008. Perspectives: Improving SSH-style Host Authentication with Multi-Path Probing. USENIX Annual Technical Conference (2008). Search in Google Scholar

[74] Jiangshan Yu, Vincent Cheval, and Mark Ryan. 2016. DTKI: A new formalized PKI with verifiable trusted parties. (2016), 1695–1713. Search in Google Scholar

[75] Jiangshan Yu and Mark Ryan. 2017. Evaluating Web PKIs. Software Architecture for Big Data and the Cloud (2017). Search in Google Scholar

[76] Bryant Zadegan and Ryan Lester. 2016. Abusing Bleeding Edge Web Standards for AppSec Glory. In DEF CON 24. Search in Google Scholar

[77] Torsten Zimmermann, Jan Ruth, Benedikt Wolters, and Oliver Hohlfeld. 2017. How HTTP/2 pushes the web: An empirical study of HTTP/2 server push. In 2017 IFIP Networking Conference, IFIP Networking 2017 and Workshops.10.23919/IFIPNetworking.2017.8264830 Search in Google Scholar

Empfohlene Artikel von Trend MD

Planen Sie Ihre Fernkonferenz mit Scienceendo