41 research outputs found
Short Paper: On Deployment of DNS-based Security Enhancements
Although the Domain Name System (DNS) was designed as a naming system, its
features have made it appealing to repurpose it for the deployment of novel
systems. One important class of such systems are security enhancements, and
this work sheds light on their deployment. We show the characteristics of these
solutions and measure reliability of DNS in these applications. We investigate
the compatibility of these solutions with the Tor network, signal necessary
changes, and report on surprising drawbacks in Tor's DNS resolution.Comment: Financial Cryptography and Data Security (FC) 201
PKI Safety Net (PKISN): Addressing the Too-Big-to-Be-Revoked Problem of the TLS Ecosystem
In a public-key infrastructure (PKI), clients must have an efficient and
secure way to determine whether a certificate was revoked (by an entity
considered as legitimate to do so), while preserving user privacy. A few
certification authorities (CAs) are currently responsible for the issuance of
the large majority of TLS certificates. These certificates are considered valid
only if the certificate of the issuing CA is also valid. The certificates of
these important CAs are effectively too big to be revoked, as revoking them
would result in massive collateral damage. To solve this problem, we redesign
the current revocation system with a novel approach that we call PKI Safety Net
(PKISN), which uses publicly accessible logs to store certificates (in the
spirit of Certificate Transparency) and revocations. The proposed system
extends existing mechanisms, which enables simple deployment. Moreover, we
present a complete implementation and evaluation of our scheme.Comment: IEEE EuroS&P 201
Maximal Extractable Value (MEV) Protection on a DAG
Many cryptocurrency platforms are vulnerable to Maximal Extractable Value (MEV) attacks [Daian et al., 2020], where a malicious consensus leader can inject transactions or change the order of user transactions to maximize its profit.
A promising line of research in MEV mitigation is to enhance the Byzantine fault tolerance (BFT) consensus core of blockchains by new functionalities, like hiding transaction contents, such that malicious parties cannot analyze and exploit them until they are ordered. An orthogonal line of research demonstrates excellent performance for BFT protocols designed around Directed Acyclic Graphs (DAG). They provide high throughput by keeping high network utilization, decoupling transactions\u27 dissemination from their metadata ordering, and encoding consensus logic efficiently over a DAG representing a causal ordering of disseminated messages.
This paper explains how to combine these two advances. It introduces a DAG-based protocol called Fino, that integrates MEV-resistance features into DAG-based BFT without delaying the steady spreading of transactions by the DAG transport and with zero message overhead. The scheme operates without complex secret share verifiability or recoverability, and avoids costly threshold encryption