certificate transparency saba eskandarian, eran messeri ... · certificate transparency (ct) idea:...
TRANSCRIPT
![Page 1: Certificate Transparency Saba Eskandarian, Eran Messeri ... · Certificate Transparency (CT) Idea: public, verifiable log of all certificates Public Key Certificate Certificate CA](https://reader035.vdocument.in/reader035/viewer/2022071020/5fd4ce10bcc202019a68e6c8/html5/thumbnails/1.jpg)
Certificate Transparency with Privacy
Saba Eskandarian, Eran Messeri, Joe Bonneau, Dan Boneh Stanford Google NYU Stanford
![Page 2: Certificate Transparency Saba Eskandarian, Eran Messeri ... · Certificate Transparency (CT) Idea: public, verifiable log of all certificates Public Key Certificate Certificate CA](https://reader035.vdocument.in/reader035/viewer/2022071020/5fd4ce10bcc202019a68e6c8/html5/thumbnails/2.jpg)
Certificate Authorities
Public Key
CertificateCertificate
CA
![Page 3: Certificate Transparency Saba Eskandarian, Eran Messeri ... · Certificate Transparency (CT) Idea: public, verifiable log of all certificates Public Key Certificate Certificate CA](https://reader035.vdocument.in/reader035/viewer/2022071020/5fd4ce10bcc202019a68e6c8/html5/thumbnails/3.jpg)
apo-CA-lypse
![Page 4: Certificate Transparency Saba Eskandarian, Eran Messeri ... · Certificate Transparency (CT) Idea: public, verifiable log of all certificates Public Key Certificate Certificate CA](https://reader035.vdocument.in/reader035/viewer/2022071020/5fd4ce10bcc202019a68e6c8/html5/thumbnails/4.jpg)
apo-CA-lypse
![Page 5: Certificate Transparency Saba Eskandarian, Eran Messeri ... · Certificate Transparency (CT) Idea: public, verifiable log of all certificates Public Key Certificate Certificate CA](https://reader035.vdocument.in/reader035/viewer/2022071020/5fd4ce10bcc202019a68e6c8/html5/thumbnails/5.jpg)
Certificate Transparency (CT)
Idea: public, verifiable log of all certificates
Public Key
CertificateCertificate
CA
![Page 6: Certificate Transparency Saba Eskandarian, Eran Messeri ... · Certificate Transparency (CT) Idea: public, verifiable log of all certificates Public Key Certificate Certificate CA](https://reader035.vdocument.in/reader035/viewer/2022071020/5fd4ce10bcc202019a68e6c8/html5/thumbnails/6.jpg)
Certificate Transparency (CT)
Idea: public, verifiable log of all certificates
Public Key
CertificateCertificate
CA
Log
...
![Page 7: Certificate Transparency Saba Eskandarian, Eran Messeri ... · Certificate Transparency (CT) Idea: public, verifiable log of all certificates Public Key Certificate Certificate CA](https://reader035.vdocument.in/reader035/viewer/2022071020/5fd4ce10bcc202019a68e6c8/html5/thumbnails/7.jpg)
Certificate Transparency (CT)
Idea: public, verifiable log of all certificates
Public Key
CertificateCertificate
CA
Log
...
![Page 8: Certificate Transparency Saba Eskandarian, Eran Messeri ... · Certificate Transparency (CT) Idea: public, verifiable log of all certificates Public Key Certificate Certificate CA](https://reader035.vdocument.in/reader035/viewer/2022071020/5fd4ce10bcc202019a68e6c8/html5/thumbnails/8.jpg)
Certificate Transparency (CT)
Idea: public, verifiable log of all certificates
Public Key
Certificate, SCTCertificate, SCT
CA
Log
...
Certificate
SCT
![Page 9: Certificate Transparency Saba Eskandarian, Eran Messeri ... · Certificate Transparency (CT) Idea: public, verifiable log of all certificates Public Key Certificate Certificate CA](https://reader035.vdocument.in/reader035/viewer/2022071020/5fd4ce10bcc202019a68e6c8/html5/thumbnails/9.jpg)
Certificate Transparency (CT)
Idea: public, verifiable log of all certificates
Public Key
Certificate, SCTCertificate, SCT
CA
Log
...
Certificate
SCT
![Page 10: Certificate Transparency Saba Eskandarian, Eran Messeri ... · Certificate Transparency (CT) Idea: public, verifiable log of all certificates Public Key Certificate Certificate CA](https://reader035.vdocument.in/reader035/viewer/2022071020/5fd4ce10bcc202019a68e6c8/html5/thumbnails/10.jpg)
Certificate Transparency (CT)
Idea: public, verifiable log of all certificates
Public Key
Certificate, SCTCertificate, SCT
CA
Log
...
Certificate
SCT
CT logging required by chrome for all sites starting April 2018!
![Page 11: Certificate Transparency Saba Eskandarian, Eran Messeri ... · Certificate Transparency (CT) Idea: public, verifiable log of all certificates Public Key Certificate Certificate CA](https://reader035.vdocument.in/reader035/viewer/2022071020/5fd4ce10bcc202019a68e6c8/html5/thumbnails/11.jpg)
Transparency and Privacy?
![Page 12: Certificate Transparency Saba Eskandarian, Eran Messeri ... · Certificate Transparency (CT) Idea: public, verifiable log of all certificates Public Key Certificate Certificate CA](https://reader035.vdocument.in/reader035/viewer/2022071020/5fd4ce10bcc202019a68e6c8/html5/thumbnails/12.jpg)
Our Contributions
● Redaction of private subdomains
● Privacy-preserving proof of misbehavior
![Page 13: Certificate Transparency Saba Eskandarian, Eran Messeri ... · Certificate Transparency (CT) Idea: public, verifiable log of all certificates Public Key Certificate Certificate CA](https://reader035.vdocument.in/reader035/viewer/2022071020/5fd4ce10bcc202019a68e6c8/html5/thumbnails/13.jpg)
CA
Redaction: keeping secrets on a public log
Request Certificatesecret.facebook.com
Precertificatesecret.facebook.com
SCTsecret.facebook.com
Certificate, SCTsecret.facebook.com
Log
...
Problem: secret.facebook.com is publicly visible on the log!
![Page 14: Certificate Transparency Saba Eskandarian, Eran Messeri ... · Certificate Transparency (CT) Idea: public, verifiable log of all certificates Public Key Certificate Certificate CA](https://reader035.vdocument.in/reader035/viewer/2022071020/5fd4ce10bcc202019a68e6c8/html5/thumbnails/14.jpg)
CA
Redaction: keeping secrets on a public log
Log
...
Request Certificatesecret.facebook.com
Precertificatesecret.facebook.com
SCTsecret.facebook.com
Certificate, SCTsecret.facebook.com
Redacted
Redacted
Problem: secret.facebook.com is publicly visible on the log!
![Page 15: Certificate Transparency Saba Eskandarian, Eran Messeri ... · Certificate Transparency (CT) Idea: public, verifiable log of all certificates Public Key Certificate Certificate CA](https://reader035.vdocument.in/reader035/viewer/2022071020/5fd4ce10bcc202019a68e6c8/html5/thumbnails/15.jpg)
Subdomain Redaction via Commitments
Request Certificate
secret.facebook.comsecret.facebook.com
Log
...
CA
![Page 16: Certificate Transparency Saba Eskandarian, Eran Messeri ... · Certificate Transparency (CT) Idea: public, verifiable log of all certificates Public Key Certificate Certificate CA](https://reader035.vdocument.in/reader035/viewer/2022071020/5fd4ce10bcc202019a68e6c8/html5/thumbnails/16.jpg)
Subdomain Redaction via Commitments
Request Certificate
secret.facebook.comsecret.facebook.com
Log
...
Precertificate
secret.facebook.com
CA
![Page 17: Certificate Transparency Saba Eskandarian, Eran Messeri ... · Certificate Transparency (CT) Idea: public, verifiable log of all certificates Public Key Certificate Certificate CA](https://reader035.vdocument.in/reader035/viewer/2022071020/5fd4ce10bcc202019a68e6c8/html5/thumbnails/17.jpg)
Subdomain Redaction via Commitments
Request Certificate
secret.facebook.comsecret.facebook.com
Log
...
Precertificate
secret.facebook.com
SCT
secret.facebook.com
.com
CA
![Page 18: Certificate Transparency Saba Eskandarian, Eran Messeri ... · Certificate Transparency (CT) Idea: public, verifiable log of all certificates Public Key Certificate Certificate CA](https://reader035.vdocument.in/reader035/viewer/2022071020/5fd4ce10bcc202019a68e6c8/html5/thumbnails/18.jpg)
Subdomain Redaction via Commitments
Request Certificate
secret.facebook.comsecret.facebook.com
Log
...
Precertificate
secret.facebook.com
SCT
secret.facebook.com
Certificatesecret.facebook.com
SCT: secret.facebook.comSCT Opening: .facebook
.com
CA
![Page 19: Certificate Transparency Saba Eskandarian, Eran Messeri ... · Certificate Transparency (CT) Idea: public, verifiable log of all certificates Public Key Certificate Certificate CA](https://reader035.vdocument.in/reader035/viewer/2022071020/5fd4ce10bcc202019a68e6c8/html5/thumbnails/19.jpg)
Subdomain Redaction via Commitments
Page Request: secret.facebook.com
![Page 20: Certificate Transparency Saba Eskandarian, Eran Messeri ... · Certificate Transparency (CT) Idea: public, verifiable log of all certificates Public Key Certificate Certificate CA](https://reader035.vdocument.in/reader035/viewer/2022071020/5fd4ce10bcc202019a68e6c8/html5/thumbnails/20.jpg)
Subdomain Redaction via Commitments
Page Request: secret.facebook.com
Certificatesecret.facebook.com
SCT: secret.facebook.comSCT Opening:
![Page 21: Certificate Transparency Saba Eskandarian, Eran Messeri ... · Certificate Transparency (CT) Idea: public, verifiable log of all certificates Public Key Certificate Certificate CA](https://reader035.vdocument.in/reader035/viewer/2022071020/5fd4ce10bcc202019a68e6c8/html5/thumbnails/21.jpg)
Subdomain Redaction via Commitments
Page Request: secret.facebook.com
Verify( , secret, )
Certificatesecret.facebook.com
SCT: secret.facebook.comSCT Opening:
![Page 22: Certificate Transparency Saba Eskandarian, Eran Messeri ... · Certificate Transparency (CT) Idea: public, verifiable log of all certificates Public Key Certificate Certificate CA](https://reader035.vdocument.in/reader035/viewer/2022071020/5fd4ce10bcc202019a68e6c8/html5/thumbnails/22.jpg)
SecurityWhy can’t a malicious site or CA reuse an existing redacted SCT?
Binding property of commitment
How can a monitor still check the log?
Knowledge of number of entries per domain owner reveals extra certificates
![Page 23: Certificate Transparency Saba Eskandarian, Eran Messeri ... · Certificate Transparency (CT) Idea: public, verifiable log of all certificates Public Key Certificate Certificate CA](https://reader035.vdocument.in/reader035/viewer/2022071020/5fd4ce10bcc202019a68e6c8/html5/thumbnails/23.jpg)
Privacy-Compromising Proof of Exclusion
1 2 3 4 5 6 7 8 9 10Log
Excluded SCT
secret.facebook.com
![Page 24: Certificate Transparency Saba Eskandarian, Eran Messeri ... · Certificate Transparency (CT) Idea: public, verifiable log of all certificates Public Key Certificate Certificate CA](https://reader035.vdocument.in/reader035/viewer/2022071020/5fd4ce10bcc202019a68e6c8/html5/thumbnails/24.jpg)
Privacy-Compromising Proof of Exclusion
1 2 3 4 5 6 7 8 9 10Log
Excluded SCT
secret.facebook.com
![Page 25: Certificate Transparency Saba Eskandarian, Eran Messeri ... · Certificate Transparency (CT) Idea: public, verifiable log of all certificates Public Key Certificate Certificate CA](https://reader035.vdocument.in/reader035/viewer/2022071020/5fd4ce10bcc202019a68e6c8/html5/thumbnails/25.jpg)
Our Privacy-Preserving Approach● Auditor proves to vendor that an SCT is missing from log● Auditor does not reveal domain name, vendor only learns that log is
misbehaving
![Page 26: Certificate Transparency Saba Eskandarian, Eran Messeri ... · Certificate Transparency (CT) Idea: public, verifiable log of all certificates Public Key Certificate Certificate CA](https://reader035.vdocument.in/reader035/viewer/2022071020/5fd4ce10bcc202019a68e6c8/html5/thumbnails/26.jpg)
Our Privacy-Preserving Approach● Auditor proves to vendor that an SCT is missing from log● Auditor does not reveal domain name, vendor only learns that log is
misbehaving
Then:
● Vendor can investigate log● Vendor can blindly revoke missing certificate (by pushing a revocation value
to all browsers)
![Page 27: Certificate Transparency Saba Eskandarian, Eran Messeri ... · Certificate Transparency (CT) Idea: public, verifiable log of all certificates Public Key Certificate Certificate CA](https://reader035.vdocument.in/reader035/viewer/2022071020/5fd4ce10bcc202019a68e6c8/html5/thumbnails/27.jpg)
Our Privacy-Preserving Approach● Auditor proves to vendor that an SCT is missing from log● Auditor does not reveal domain name, vendor only learns that log is
misbehaving
Then:
● Vendor can investigate log● Vendor can blindly revoke missing certificate (by pushing a revocation value
to all browsers)
Main tool: zero knowledge
![Page 28: Certificate Transparency Saba Eskandarian, Eran Messeri ... · Certificate Transparency (CT) Idea: public, verifiable log of all certificates Public Key Certificate Certificate CA](https://reader035.vdocument.in/reader035/viewer/2022071020/5fd4ce10bcc202019a68e6c8/html5/thumbnails/28.jpg)
Our Privacy-Preserving Approach● Auditor proves to vendor that an SCT is missing from log● Auditor does not reveal domain name, vendor only learns that log is
misbehaving
Then:
● Vendor can investigate log● Vendor can blindly revoke missing certificate (by pushing a revocation value
to all browsers)
Main tool: zero knowledge
Assumption: timestamps in order
![Page 29: Certificate Transparency Saba Eskandarian, Eran Messeri ... · Certificate Transparency (CT) Idea: public, verifiable log of all certificates Public Key Certificate Certificate CA](https://reader035.vdocument.in/reader035/viewer/2022071020/5fd4ce10bcc202019a68e6c8/html5/thumbnails/29.jpg)
Performance Numbers
Online Costs
Proof Size: 333 kB
Time to generate: 5.0 seconds
Time to verify: 2.3 seconds
Offline Costs (storage)
Growth of log entry: 480 bytes
Growth of SCT: 160 bytes
Revocation notice size: 32 bytes
![Page 30: Certificate Transparency Saba Eskandarian, Eran Messeri ... · Certificate Transparency (CT) Idea: public, verifiable log of all certificates Public Key Certificate Certificate CA](https://reader035.vdocument.in/reader035/viewer/2022071020/5fd4ce10bcc202019a68e6c8/html5/thumbnails/30.jpg)
Summary● CT is an exciting new feature of our web infrastructure
● Transparency raises new privacy concerns
● Work on privacy-preserving solutions to two issues:
○ Compatibility between CT and need for private domain names
○ Reporting CT log misbehavior without revealing private information