Tiffany Hyun-Jin Kim
Adrian Perrig
ABSTRACT
Recent trends in public-key infrastructure research explore the tradeoff between decreased trust in Certificate Authorities (CAs), resilience against attacks, communication overhead (bandwidth and latency) for setting up an SSL/TLS connection, and availability with respect to verifiability of public key information. In this paper, we propose AKI as a new public-key validation infrastructure, to reduce the level of trust in CAs. AKI integrates an architecture for key revocation of all entities (e.g., CAs, domains) with an architecture for accountability of all infrastructure parties through checks-and-balances. AKI efficiently handles common certification operations, and gracefully handles catastrophic events such as domain key loss or compromise. We propose AKI to make progress towards a public-key validation infrastructure with key revocation that reduces trust in any single entity.
- Convergence. http://convergence.io/.Google Scholar
- Perspectives Project. http://perspectives-project.org/.Google Scholar
- The Monkeysphere Project. http://web.monkeysphere.info/, 2010.Google Scholar
- Certificate Patrol. https://addons.mozilla.org/en-US/firefox/addon/certificate-patrol/, 2011.Google Scholar
- Public Key Pinning. http://www.imperialviolet.org/2011/05/04/pinning.html, May 2011.Google Scholar
- Public Key Pinning Extension for HTTP. http://tools.ietf.org/html/draft-ietf-websec-key-pinning-01, Dec. 2011.Google Scholar
- D. Cooper, S. Santesson, S. Farrell, S. Boeyen, R. Housley, and W. Polk. Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. Technical report, RFC 5280 (Proposed Standard) Internet Engineering Task Force, 2008.Google Scholar
- M. M. Correia and M. Tok. DNS-based Authentication of Named Entities (DANE). Technical report, Universidade do Porto, 2011--2012.Google Scholar
- P. Eckersley. Sovereign Key Cryptography for Internet Domains. https://git.eff.org/?p=sovereign-keys.git;a=blob;f=sovereign-key-design.txt;hb=HEAD.Google Scholar
- P. Eckersley. A Syrian Man-In-The-Middle Attack against Facebook. https://www.eff.org/deeplinks/2011/05/syrian-man-middle-against-facebook, May 2011.Google Scholar
- P. Eckersley. Iranian hackers obtain fraudulent HTTPS certificates: How close to a Web security meltdown did we get? https://www.eff.org/deeplinks/2011/03/iranian-hackers-obtain-fraudulent-https, Mar. 2011.Google Scholar
- S. Egelman, L. F. Cranor, and J. Hong. You've Been Warned: An Empirical Study of the Effectiveness of Web Browser Phishing Warnings. In Proceedings of the SIGCHI conference on Human factors in computing systems (CHI), 2008. Google ScholarDigital Library
- Electronic Frontier Foundation. SSL Observatory. https://www.eff.org/observatory.Google Scholar
- N. Falliere, L. O. Murchu, and E. Chien. W32.Stuxnet Dossier. Technical report, Symantec Corporation, 2011.Google Scholar
- S. Haber and W. S. Stornetta. How to time-stamp a digital document. In Advances in Cryptology, CRYPTO, 1990. Google ScholarDigital Library
- J. Hodges, C. Jackson, and A. Barth. HTTP Strict Transport Security (HSTS). RFC 6797 (Proposed Standard), Nov. 2012.Google Scholar
- T. H.-J. Kim, V. Gligor, and A. Perrig. GeoPKI: Converting Spatial Trust into Certificate Trust. In Proceedings of the 9th European PKI Workshop (EuroPKI), Sep 2012.Google Scholar
- T. H.-J. Kim, L.-S. Huang, A. Perrig, C. Jackson, and V. Gligor. Transparent Key Integrity (TKI): A Proposal for a Public-Key Validation Infrastructure. Technical Report Carnegie Mellon University-CyLab-12-016, Carnegie Mellon University, July 2012.Google Scholar
- B. Laurie and E. Kasper. Revocation Transparency. http://sump2.links.org/files/RevocationTransparency.pdf.Google Scholar
- B. Laurie and A. Langley. Certificate Authority Transparency and Auditability. http://www.links.org/files/CertificateAuthorityTransparencyandAuditability.pdf, 2011.Google Scholar
- B. Laurie, A. Langley, and E. Kasper. Certificate Transparency certificate-transparency-draft. http://www.links.org/files/sunlight.html, Mar. 2012.Google Scholar
- B. Laurie, A. Langley, and E. Kasper. Certificate Transparency. http://tools.ietf.org/html/draft-laurie-pki-sunlight-07, Jan. 2013.Google Scholar
- M. Marlinspike. More Tricks For Defeating SSL In Practice. In Blackhat, 2009.Google Scholar
- M. Marlinspike. SSL And The Future Of Authenticity. http://blog.thoughtcrime.org/ssl-and-the-future-of-authenticity, Apr 2011.Google Scholar
- M. Marlinspike and T. Perrin. Trust Assertions for Certificiate Keys. http://tack.io/draft.html, May 2012.Google Scholar
- M. Myers, R. Ankney, A. Malpani, S. Galperin, and C. Adams. X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP. Technical report, RFC 2560 (Proposed Standard) Internet Engineering Task Force, 1999. Google ScholarDigital Library
- P. Roberts. Phony SSL Certificates issued for Google, Yahoo, Skype, Others. http://threatpost.com/en_us/blogs/phony-web-certificates-issued-google-yahoo-\ skype-others-032311, Mar. 2011.Google Scholar
- C. Soghoian and S. Stamm. Certified Lies: Detecting and Defeating Government Interception Attacks against SSL. http://files.cloudprivacy.net/ssl-mitm.pdf, 2010.Google Scholar
- E. Stark, L.-S. Huang, D. Israni, C. Jackson, and D. Boneh. The case for prefetching and prevalidating TLS server certificates. In Proceedings of the 19th Network and Distributed System Security Symposium, 2012.Google Scholar
- T. Sterling. Second firm warns of concern after Dutch hack. http://news.yahoo.com/second-firm-warns-concern-dutch-hack-215940770.html, 2011.Google Scholar
- J. Sunshine, S. Egelman, H. Almuhimedi, N. Atri, and L. F. Cranor. Crying Wolf: An Empirical Study of SSL Warning Effectiveness. In Proceedings of the USENIX Security Symposium, 2009. Google ScholarDigital Library
- E. Topalovic, B. Saeta, L.-S. Huang, C. Jackson, and D. Boneh. Towards Short-Lived Certificates. In Web 2.0 Security and Privacy, May 2012.Google Scholar
- D. Wendlandt, D. G. Andersen, and A. Perrig. Perspectives: Improving SSH-style Host Authentication with Multi-Path Probing. In Proceedings of USENIX Annual Technical Conference, June 2008. Google ScholarDigital Library
- X. Zhang, H.-C. Hsiao, G. Hasker, H. Chan, A. Perrig, and D. Andersen. SCION: Scalability, control, and isolation on next-generation networks. In Proceedings of IEEE Symposium on Security and Privacy, May 2011. Google ScholarDigital Library
Index Terms
- Accountable key infrastructure (AKI): a proposal for a public-key validation infrastructure
Recommendations
ARPKI: Attack Resilient Public-Key Infrastructure
CCS '14: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications SecurityWe present ARPKI, a public-key infrastructure that ensures that certificate-related operations, such as certificate issuance, update, revocation, and validation, are transparent and accountable. ARPKI is the first such infrastructure that systematically ...
PoliCert: Secure and Flexible TLS Certificate Management
CCS '14: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications SecurityThe recently proposed concept of publicly verifiable logs is a promising approach for mitigating security issues and threats of the current Public-Key Infrastructure (PKI). Although much progress has been made towards a more secure infrastructure, the ...
An End-to-End Measurement of Certificate Revocation in the Web's PKI
IMC '15: Proceedings of the 2015 Internet Measurement ConferenceCritical to the security of any public key infrastructure (PKI) is the ability to revoke previously issued certificates. While the overall SSL ecosystem is well-studied, the frequency with which certificates are revoked and the circumstances under which ...
Comments