Domain Transparency: greater auditability for Certificate Transparency services
Abstract
Web authentication relies critically on the Certificate Authorities (CAs), so it is essential to verify that they are operating correctly. In this context, the Certificate Transparency (CT) initiative was created with the objective of facilitating the verification of CAs. In particular, using CT, it is possible to identify possible fraudulent certificates issued by CAs. However, the services currently available to perform this identification have been shown to be unreliable, returning sometimes incomplete results. This article presents a tool implementing the concept of Domain Transparency (DT), which uses verifiable data structures to offer a reliable and trustworthy alternative to these services.
Keywords:
Certificate Authorities, Digital Certificates, Certificate Transparency, Auditability, Internet Security, Verifiable Data Structures
References
Boeyen, S., Santesson, S., Polk, T., Housley, R., Farrell, S., and Cooper, D. (2008). Internet X.509 Public Key Infrastructure Certicate and Certicate Revocation List (CRL) Prole. RFC 5280.
Eijdenberg, A., Laurie, B., and Cutter, A. (2015). Veriable data structures. White paper, Google LLC.
Google LLC (2021). Chrome certicate transparency policy.
Hoogstraaten, H., Prins, R., Niggebrugge, D., Heppener, D., Groenewegen, F., Wettinck, J., Strooy, K., Arends, P., Pols, P., Kouprie, R., Moorrees, S., van Pelt, X., and Hu, Y. Z. (2012). Black tulip: Report of the investigation into the diginotar certicate authority breach. Technical report, Fox-IT.
Laurie, B. and Cutter, A. (2012). Revocation transparency. White paper, Google LLC.
Laurie, B., Langley, A., and Kasper, E. (2013). Certicate Transparency. RFC 6962.
Li, B., Lin, J., Li, F., Wang, Q., Li, Q., Jing, J., and Wang, C. (2019). Certicate transparency in the wild: Exploring the reliability of monitors. In Proc. of the ACM SIGSAC Conference on Computer and Communications Security, pages 2505–2520.
Lynch, V. (2018). Scaling CT logs: Temporal sharding. [link].
Nakamoto, S. (2008). Bitcoin: A peer-to-peer electronic cash system. Decentralized Business Review, page 21260.
Rescorla, E. (2018). The Transport Layer Security (TLS) Protocol Version 1.3. RFC 8446.
Swan, M. (2015). Blockchain: Blueprint for a new economy. O’Reilly Media, Inc.
Eijdenberg, A., Laurie, B., and Cutter, A. (2015). Veriable data structures. White paper, Google LLC.
Google LLC (2021). Chrome certicate transparency policy.
Hoogstraaten, H., Prins, R., Niggebrugge, D., Heppener, D., Groenewegen, F., Wettinck, J., Strooy, K., Arends, P., Pols, P., Kouprie, R., Moorrees, S., van Pelt, X., and Hu, Y. Z. (2012). Black tulip: Report of the investigation into the diginotar certicate authority breach. Technical report, Fox-IT.
Laurie, B. and Cutter, A. (2012). Revocation transparency. White paper, Google LLC.
Laurie, B., Langley, A., and Kasper, E. (2013). Certicate Transparency. RFC 6962.
Li, B., Lin, J., Li, F., Wang, Q., Li, Q., Jing, J., and Wang, C. (2019). Certicate transparency in the wild: Exploring the reliability of monitors. In Proc. of the ACM SIGSAC Conference on Computer and Communications Security, pages 2505–2520.
Lynch, V. (2018). Scaling CT logs: Temporal sharding. [link].
Nakamoto, S. (2008). Bitcoin: A peer-to-peer electronic cash system. Decentralized Business Review, page 21260.
Rescorla, E. (2018). The Transport Layer Security (TLS) Protocol Version 1.3. RFC 8446.
Swan, M. (2015). Blockchain: Blueprint for a new economy. O’Reilly Media, Inc.
Published
2021-10-04
How to Cite
MATSUMOTO, Fernando K.; DA SILVA, Jonatas F. Viana; SIMPLICIO JUNIOR, Marcos A..
Domain Transparency: greater auditability for Certificate Transparency services. In: TOOLS - BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 21. , 2021, Evento Online.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2021
.
p. 42-49.
DOI: https://doi.org/10.5753/sbseg_estendido.2021.17338.
