15 research outputs found
PKI Safety Net (PKISN): Addressing the Too-Big-to-Be-Revoked Problem of the TLS Ecosystem
In a public-key infrastructure (PKI), clients must have an efficient and
secure way to determine whether a certificate was revoked (by an entity
considered as legitimate to do so), while preserving user privacy. A few
certification authorities (CAs) are currently responsible for the issuance of
the large majority of TLS certificates. These certificates are considered valid
only if the certificate of the issuing CA is also valid. The certificates of
these important CAs are effectively too big to be revoked, as revoking them
would result in massive collateral damage. To solve this problem, we redesign
the current revocation system with a novel approach that we call PKI Safety Net
(PKISN), which uses publicly accessible logs to store certificates (in the
spirit of Certificate Transparency) and revocations. The proposed system
extends existing mechanisms, which enables simple deployment. Moreover, we
present a complete implementation and evaluation of our scheme.Comment: IEEE EuroS&P 201
BlockPKI: An Automated, Resilient, and Transparent Public-Key Infrastructure
This paper describes BlockPKI, a blockchain-based public-key infrastructure
that enables an automated, resilient, and transparent issuance of digital
certificates. Our goal is to address several shortcomings of the current TLS
infrastructure and its proposed extensions. In particular, we aim at reducing
the power of individual certification authorities and make their actions
publicly visible and accountable, without introducing yet another trusted third
party. To demonstrate the benefits and practicality of our system, we present
evaluation results and describe our prototype implementation.Comment: Workshop on Blockchain and Sharing Economy Application
SoK: Delegation and Revocation, the Missing Links in the Web's Chain of Trust
The ability to quickly revoke a compromised key is critical to the security
of any public-key infrastructure. Regrettably, most traditional certificate
revocation schemes suffer from latency, availability, or privacy problems.
These problems are exacerbated by the lack of a native delegation mechanism in
TLS, which increasingly leads domain owners to engage in dangerous practices
such as sharing their private keys with third parties.
We analyze solutions that address the long-standing delegation and revocation
shortcomings of the web PKI, with a focus on approaches that directly affect
the chain of trust (i.e., the X.509 certification path). For this purpose, we
propose a 19-criteria framework for characterizing revocation and delegation
schemes. We also show that combining short-lived delegated credentials or proxy
certificates with an appropriate revocation system would solve several pressing
problems.Comment: IEEE European Symposium on Security and Privacy (EuroS&P) 202
Zero-Knowledge User Authentication: An Old Idea Whose Time Has Come
User authentication can rely on various factors (e.g., a password, a cryptographic key, biometric data) but should not reveal any secret or private information. This seemingly paradoxical feat can be achieved through zero-knowledge proofs. Unfortunately, naive password-based approaches still prevail on the web. Multi-factor authentication schemes address some of the weaknesses of the traditional login process, but generally have deployability issues or degrade usability even further as they assume users do not possess adequate hardware. This assumption no longer holds: smartphones with biometric sensors, cameras, short-range communication capabilities, and unlimited data plans have become ubiquitous. In this paper, we show that, assuming the user has such a device, both security and usability can be drastically improved using an augmented password-authenticated key agreement (PAKE) protocol and message authentication codes
A Formally Verified Protocol for Log Replication with Byzantine Fault Tolerance
Byzantine fault tolerant protocols enable state replication in the presence of crashed, malfunctioning, or actively malicious processes. Designing such protocols without the assistance of verification tools, however, is remarkably error-prone. In an adversarial environment, performance and flexibility come at the cost of complexity, making the verification of existing protocols extremely difficult. We take a different approach and propose a formally verified consensus protocol designed for a specific use case: secure logging. Our protocol allows each node to propose entries in a parallel subroutine, and guarantees that correct nodes agree on the set of all proposed entries, without leader election. It is simple yet practical, as it can accommodate the workload of a logging system such as Certificate Transparency. We show that it is optimal in terms of both required rounds and tolerable faults. Using Isabelle/HOL, we provide a fully machine-checked security proof based upon the Heard-Of model, which we extend to support signatures. We also present and evaluate a prototype implementation
Deadline-Aware Multipath Communication: An Optimization Problem
Multipath communication not only allows improved throughput but can also be
used to leverage different path characteristics to best fulfill each
application's objective. In particular, certain delay-sensitive applications,
such as real time voice and video communications, can usually withstand packet
loss and aim to maximize throughput while keeping latency at a reasonable
level. In such a context, one hard problem is to determine along which path the
data should be transmitted or retransmitted. In this paper, we formulate this
problem as a linear optimization, show bounds on the performance that can be
obtained in a multipath paradigm, and show that path diversity is a strong
asset for improving network performance. We also discuss how these theoretical
limits can be approached in practice and present simulation results.Comment: IEEE/IFIP DSN 201