certificate transparency with privacy
play

Certificate Transparency with Privacy Saba Eskandarian, Eran - PowerPoint PPT Presentation

Oct 06, 2023 •525 likes •1.17k views

Certificate Transparency with Privacy Saba Eskandarian, Eran Messeri, Joe Bonneau, Dan Boneh Stanford Google NYU Stanford Certificate Authorities Public Key Certificate Authorities Public Key Certificate CA Certificate apo-CA-lypse

  1. Certificate Transparency with Privacy Saba Eskandarian, Eran Messeri, Joe Bonneau, Dan Boneh Stanford Google NYU Stanford

  2. Certificate Authorities Public Key

  3. Certificate Authorities Public Key Certificate CA Certificate

  4. apo-CA-lypse

  5. apo-CA-lypse

  6. Outline ● Certificate Transparency ● Redaction of private subdomains ● Privacy-preserving proof of misbehavior

  7. Certificate Transparency (CT) Idea : public, verifiable log of all certificates Public Key Certificate CA Certificate

  8. Certificate Transparency (CT) Idea : public, verifiable log of all certificates Log Public Key Certificate CA Certificate ...

  9. Certificate Transparency (CT) Idea : public, verifiable log of all certificates Log Public Key Certificate CA Certificate ...

  10. Certificate Transparency (CT) Idea : public, verifiable log of all certificates Log Certificate Public Key Certificate, SCT CA Certificate, SCT SCT ...

  11. Certificate Transparency (CT) Idea : public, verifiable log of all certificates Log Certificate Public Key Certificate, SCT CA Certificate, SCT SCT ...

  12. Certificate Transparency (CT) Idea : public, verifiable log of all certificates Log Certificate Public Key Certificate, SCT CA Certificate, SCT SCT ... CT logging required by chrome for all sites starting October 2017!

  13. Transparency and Privacy?

  14. Outline ● Certificate Transparency ● Redaction of private subdomains ● Privacy-preserving proof of misbehavior

  15. Redaction: keeping secrets on a public log Log CA Request Certificate secret.facebook.com Precertificate secret.facebook.com SCT secret.facebook.com Certificate, SCT ... secret.facebook.com Problem: secret.facebook.com is publicly visible on the log!

  16. Redaction: keeping secrets on a public log Log CA Request Certificate secret.facebook.com Precertificate secret.facebook.com Redacted SCT Redacted secret.facebook.com Certificate, SCT ... secret.facebook.com Problem: secret.facebook.com is publicly visible on the log!

  17. Tools: Commitments Usage: val c ← Commit(m, r) Verify(c, m, r) Commit(m, r) r Security Properties: Hiding : given commitment Commit(m, r), can’t find m Binding : given commitment Commit(m, r), can’t decommit to m’ ≠ m

  18. Tools: Commitments Usage: c ← Commit(m, r) Verify(c, m, r) r Security Properties: Hiding : given commitment Commit(m, r), can’t find m Binding : given commitment Commit(m, r), can’t decommit to m’ ≠ m

  19. Tools: Commitments Usage: val r c ← Commit(m, r) Verify(c, m, r) r Verify( , val, r) Security Properties: Hiding : given commitment Commit(m, r), can’t find m Binding : given commitment Commit(m, r), can’t decommit to m’ ≠ m

  20. Subdomain Redaction via Commitments Log CA Request Certificate secret.facebook.com secret.facebook.com ...

  21. Subdomain Redaction via Commitments Log CA Request Certificate Precertificate secret.facebook.com secret.facebook.com secret.facebook.com ...

  22. Subdomain Redaction via Commitments Log CA Request Certificate Precertificate secret.facebook.com secret.facebook.com secret.facebook.com SCT ... secret.facebook.com .facebook .com

  23. Subdomain Redaction via Commitments Log CA Request Certificate Precertificate secret.facebook.com secret.facebook.com secret.facebook.com SCT Certificate secret.facebook.com ... secret.facebook.com SCT: secret.facebook.com SCT Opening: .facebook .com

  24. Subdomain Redaction via Commitments Page Request: secret.facebook.com

  25. Subdomain Redaction via Commitments Page Request: secret.facebook.com Certificate secret.facebook.com SCT: secret.facebook.com SCT Opening:

  26. Subdomain Redaction via Commitments Page Request: secret.facebook.com Certificate secret.facebook.com SCT: secret.facebook.com SCT Opening: Verify( , secret , )

  27. Security How can a monitor still check the log? Knowledge of number of entries per domain owner reveals extra certificates Why can’t a malicious site or CA reuse an existing redacted SCT? Binding property of commitment

  28. Outline ● Certificate Transparency ● Redaction of private subdomains ● Privacy-preserving proof of misbehavior

  29. Privacy-Compromising Proof of Exclusion Log 1 2 3 4 5 6 7 8 9 10 Excluded SCT secret.facebook.com

  30. Privacy-Compromising Proof of Exclusion Log 1 2 3 4 5 6 7 8 9 10 Excluded SCT secret.facebook.com

  31. Goals ● Auditor proves to vendor that an SCT is missing from log ● Auditor does not reveal domain name, vendor only learns that log is misbehaving

  32. Goals ● Auditor proves to vendor that an SCT is missing from log ● Auditor does not reveal domain name, vendor only learns that log is misbehaving Then: ● Vendor can investigate log ● Vendor can blindly revoke missing certificate (by pushing a revocation value to all browsers)

  33. Goals ● Auditor proves to vendor that an SCT is missing from log ● Auditor does not reveal domain name, vendor only learns that log is misbehaving Then: ● Vendor can investigate log ● Vendor can blindly revoke missing certificate (by pushing a revocation value to all browsers) Assumption: timestamps in order

  34. What Does Auditor Prove? Log 1 2 3 4 5 6 7 8 9 10 Excluded SCT

  35. What Does Auditor Prove? Log 1 2 3 4 5 6 7 8 9 10 t=4 t=18 t=21 t=27 t=30 t=38 t=41 t=42 t=50 t=59 Excluded t=25 SCT Assumption: timestamps in order

  36. What Does Auditor Prove? Log 1 2 3 4 5 6 7 8 9 10 t=4 t=18 t=21 t=27 t=30 t=38 t=41 t=42 t=50 t=59 Excluded t=25 SCT Assumption: timestamps in order

  37. What Does Auditor Prove? Log 1 2 3 4 5 6 7 8 9 10 t=4 t=18 t=21 t=27 t=30 t=38 t=41 t=42 t=50 t=59 3 4 t=25 t=21 t=27

  38. What Does Auditor Prove? Log 1 2 3 4 5 6 7 8 9 10 t=4 t=18 t=21 t=27 t=30 t=38 t=41 t=42 t=50 t=59 3 4 What about t=25 t=21 t=27 privacy?!

  39. Tools: Additively Homomorphic Commitments val 1 val 2

  40. Tools: Additively Homomorphic Commitments + val 1 val 2

  41. Tools: Additively Homomorphic Commitments + = val 1 val 2 val 1 +val 2

  42. Tools: Zero-Knowledge Proofs A

  43. Tools: Zero-Knowledge Proofs = A B

  44. Tools: Zero-Knowledge Proofs = A B 0 < < 5 A A

  45. Tools: Zero-Knowledge Proofs = A B val val sk 0 < < 5 A A

  46. Tools: Zero-Knowledge Proofs = A B val val sk 0 < < 5 A A

  47. Tools: Zero-Knowledge Proofs = A B val val sk 0 < < 5 A A

  48. Proof of Exclusion Log 1 2 3 4 5 6 7 8 9 10 t=4 t=18 t=21 t=27 t=30 t=38 t=41 t=42 t=50 t=59 3 4 What about t=25 t=21 t=27 privacy?!

  49. Proof of Exclusion Log 1 2 3 4 5 6 7 8 9 10 t=4 t=18 t=21 t=27 t=30 t=38 t=41 t=42 t=50 t=59 X Y Z Index(X) Index(Z) What about Time(Y) Time(X) Time(Z) privacy?!

  50. Proof of Exclusion X Y Z

  51. Proof of Exclusion + 1 = Index(X) Index(Z) X Y < < Time(X) Time(Y) Time(Z) Z

  52. Proof of Exclusion + 1 = Index(X) Index(Z) X Y < < Time(X) Time(Y) Time(Z) Z

  53. Proof of Exclusion + 1 = Index(X) Index(Z) X Y < < Time(X) Time(Y) Time(Z) Z

  54. Proof of Exclusion + 1 = Index(X) Index(Z) X Y Are these < < numbers really Time(X) Time(Y) Time(Z) from the log? Z

  55. Proof of Exclusion + 1 = 11 12 X Y < < 3 4 5 Z hehehe...

  56. Proof of Exclusion X Needed for proof Index(X) Time(X)

  57. Proof of Exclusion X New H(x)+Index(X) H(x) H(x)+Time(X) signatures from log sk I sk H sk T Needed for proof Index(X) Time(X)

  58. Proof of Exclusion X New H(x)+Index(X) H(x) H(x)+Time(X) signatures from log sk I sk H sk T H(X) Needed for proof Index(X) Time(X)

  59. Proof of Exclusion X New H(x)+Index(X) H(x) H(x)+Time(X) signatures from log sk I sk H sk T + + H(X) Needed for proof Index(X) Time(X)

  60. Proof of Exclusion X New H(x)+Index(X) H(x) H(x)+Time(X) signatures from log sk I sk H sk T + + H(x)+Index(X) H(X) H(x)+Time(X) Needed for proof Index(X) Time(X)

  61. Proof of Exclusion X New H(x)+Index(X) H(x) H(x)+Time(X) signatures from log sk I sk H sk T + + H(x)+Index(X) H(X) H(x)+Time(X) Needed for proof Index(X) Time(X)

  62. Performance Numbers Online Costs Offline Costs (storage) Proof Size: 333 kB Growth of log entry: 480 bytes Time to generate: 5.0 seconds Growth of SCT: 160 bytes Time to verify: 2.3 seconds Revocation notice size: 32 bytes

  63. Summary ● CT is an exciting new feature of our web infrastructure ● Transparency raises new privacy concerns ● Work on privacy-preserving solutions to two issues: ○ Compatibility between CT and need for private domain names ○ Reporting CT log misbehavior without revealing private information See paper for details and security proofs: https://arxiv.org/pdf/1703.02209.pdf

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Certificate Transparency with Privacy Saba Eskandarian, Eran Messeri, Joe Bonneau, Dan Boneh

Certificate Transparency with Privacy Saba Eskandarian, Eran Messeri, Joe Bonneau, Dan Boneh

Certificate Transparency with Privacy Saba Eskandarian, Eran Messeri, Joe Bonneau, Dan Boneh Stanford Google NYU Stanford Certificate Authorities Public Key Certificate CA Certificate apo-CA-lypse apo-CA-lypse Certificate Transparency

722 views • 30 slides
Performant Certificate Transparency Monitoring Intermediate talk for the IDP by Otto Breitwieser

Performant Certificate Transparency Monitoring Intermediate talk for the IDP by Otto Breitwieser

Chair of Network Architectures and Services Department of Informatics Technical University of Munich Performant Certificate Transparency Monitoring Intermediate talk for the IDP by Otto Breitwieser advised by Max Helm, Patrick Sattler Monday 8

602 views • 11 slides
Revocaton protocols of WebPKI and Revocaton Transparency Nikita Korzhitskii Niklas Carlsson

Revocaton protocols of WebPKI and Revocaton Transparency Nikita Korzhitskii Niklas Carlsson

Revocaton protocols of WebPKI and Revocaton Transparency Nikita Korzhitskii Niklas Carlsson Lifecycle of a typical WebPKI certfcate www.liu.se Certificate Certificate Authority Server 1. Issuance www.liu.se Hello 2. Use Certificate

377 views • 10 slides
In Log We Trust: Revealing Poor Security Practices with Certificate Transparency Logs and Internet

In Log We Trust: Revealing Poor Security Practices with Certificate Transparency Logs and Internet

Chair of Network Architectures and Services Department of Informatics Technical University of Munich In Log We Trust: Revealing Poor Security Practices with Certificate Transparency Logs and Internet Measurements Oliver Gasser, Benjamin Hof, Max

531 views • 39 slides
Cloud Computing - Starting Points for Privacy and Transparency Ina Schiering Ostfalia

Cloud Computing - Starting Points for Privacy and Transparency Ina Schiering Ostfalia

Cloud Computing - Starting Points for Privacy and Transparency Ina Schiering Ostfalia University of Applied Science Wolfenbttel, Germany IFIP Summerschool: Privacy and Identity Management for Life, Helsingborg, August 2nd, 2010 Cloud

775 views • 43 slides
Tips and Tricks to enhancing transparency in personal information management Victorian Privacy

Tips and Tricks to enhancing transparency in personal information management Victorian Privacy

Tips and Tricks to enhancing transparency in personal information management Victorian Privacy Network Meeting 10 April 2019 Presentation by Melanie Casley www.salingerprivacy.com.au The cause of so much confusion Back to Basics Privacy

388 views • 19 slides
Does Certificate Transparency Break the Web? Measuring Adoption and Error Rate Emily Stark , Ryan

Does Certificate Transparency Break the Web? Measuring Adoption and Error Rate Emily Stark , Ryan

Does Certificate Transparency Break the Web? Measuring Adoption and Error Rate Emily Stark , Ryan Sleevi, Rijad Muminovic, Devon OBrien, Eran Messeri, Adrienne Porter Felt, Brendan McMillion, Parisa Tabriz estark@chromium.org How

484 views • 31 slides
Who we are: Tom Walker // @thomwithoutanh Privacy The right to privacy : individuals should be

Who we are: Tom Walker // @thomwithoutanh Privacy The right to privacy : individuals should be

Beneficial ownership transparency, Title Page privacy and data protection 23 October Presented by Tom Walker tom@theengineroom.org @thomwithoutanh Who we are: Tom Walker // @thomwithoutanh Privacy The right to privacy : individuals should be

702 views • 13 slides
Swiss E-Voting Workshop September 6, 2010 TRANSPARENCY SECURITY 2 VERIFIABILITY PRIVACY 3

Swiss E-Voting Workshop September 6, 2010 TRANSPARENCY SECURITY 2 VERIFIABILITY PRIVACY 3

Michael Clarkson Cornell University with Stephen Chong (Harvard) and Andrew Myers (Cornell) Swiss E-Voting Workshop September 6, 2010 TRANSPARENCY SECURITY 2 VERIFIABILITY PRIVACY 3 VERIFIABILITY PRIVACY Remote 4 KEY PRINCIPLE:

722 views • 44 slides
Push Away Your Privacy: Precise User Tracking Based on TLS Client Certificate Authentication

Push Away Your Privacy: Precise User Tracking Based on TLS Client Certificate Authentication

Chair of Network Architectures and Services TUM Department of Informatics Technical University of Munich (TUM) Push Away Your Privacy: Precise User Tracking Based on TLS Client Certificate Authentication Matthias Wachs, Quirin Scheitle, and

462 views • 14 slides
Transparency and disclosure risk in data privacy c Torra 1 Vicen March, 2015 1 School of

Transparency and disclosure risk in data privacy c Torra 1 Vicen March, 2015 1 School of

PAIS 2015 Transparency and disclosure risk in data privacy c Torra 1 Vicen March, 2015 1 School of Informatics, University of Sk ovde, Sweden Outline Outline Outline Quantitative measures of risk: record linkage Transparency principle:

1.35k views • 91 slides
Certificate Transparency Logs in Practice Josef Gustafsson, Linkping University Gustaf Overier,

Certificate Transparency Logs in Practice Josef Gustafsson, Linkping University Gustaf Overier,

A First Look at the CT Landscape: Certificate Transparency Logs in Practice Josef Gustafsson, Linkping University Gustaf Overier, Linkping University Martin Arlitt, University of Calgary, Canada Niklas Carlsson, Linkping University Proc. PAM

1.13k views • 82 slides
Server-side Adoption of Certificate Transparency Carl Nykvist, Linkping University Linus

Server-side Adoption of Certificate Transparency Carl Nykvist, Linkping University Linus

Server-side Adoption of Certificate Transparency Carl Nykvist, Linkping University Linus Sjstrm, Linkping University Josef Gustafsson, Linkping University Niklas Carlsson, Linkping University Proc. PAM , Berlin, Germany, Mar. 2018

1.11k views • 72 slides
Crime and Punishment in the Cloud Accountability, Transparency, and Privacy Stefan Berthold ,

Crime and Punishment in the Cloud Accountability, Transparency, and Privacy Stefan Berthold ,

Crime and Punishment in the Cloud Accountability, Transparency, and Privacy Stefan Berthold , Simone Fischer-Hbner, Leonardo A. Martucci, and T obias Pulls Karlstad University Department of Mathematics and Computer Science 651 88 Karlstad,

250 views • 20 slides
New Adventures in PKI May 30, 2014 Jeremy Rowley DigiCert, Inc. Overview Deprecation of

New Adventures in PKI May 30, 2014 Jeremy Rowley DigiCert, Inc. Overview Deprecation of

Direct Exchange 101 New Adventures in PKI May 30, 2014 Jeremy Rowley DigiCert, Inc. Overview Deprecation of SHA-1 Certificate Transparency (CT) Certificate Lifecycles Internal Name Deprecation Certificate Authority

280 views • 13 slides
Increasing Transparency in Asia Page 1 Increasing Transparency in Asia Common Reporting

Increasing Transparency in Asia Page 1 Increasing Transparency in Asia Common Reporting

Increasing Transparency in Asia Page 1 Increasing Transparency in Asia Common Reporting Standard (CRS) Experience of each Asian Countries Taxpayer rights and privacy Page 2 Page 2 Panelists Hong Kong Simon Wang (Partner, EY Hong

684 views • 35 slides
Disclaimer This presentation was prepared by Green &amp; Sklarz LLC and does not represent

Disclaimer This presentation was prepared by Green &amp; Sklarz LLC and does not represent

4/30/2020 DISCUSSION WITH DISCUSSION WITH CT DRS:HO CT DRS:HOW IS CT IS CT DRS AND IRS DRS AND IRS RESPONDING TO RESPONDING TO COVID COVID-19? 19? Apri April 30, 2020 30, 2020 Presented by: Eric L. Green, Esq., Green &amp; Sklarz

468 views • 17 slides
Financial Econometrics Econ 40357 Local Projections N.C. Mark University of Notre Dame and NBER

Financial Econometrics Econ 40357 Local Projections N.C. Mark University of Notre Dame and NBER

Financial Econometrics Econ 40357 Local Projections N.C. Mark University of Notre Dame and NBER September 10, 2020 1 / 5 Pitfalls of VARs VAR is optimally designed for one-period ahead forecasting. An impulse response, is a function of

507 views • 5 slides
Introducing Computational Thinking in Education Courses Aman Yadav Chris Mayfield Ninger Zhou

Introducing Computational Thinking in Education Courses Aman Yadav Chris Mayfield Ninger Zhou

Introducing Computational Thinking in Education Courses Aman Yadav Chris Mayfield Ninger Zhou Susanne Hambrusch Department of Educational Studies John T. Korb Department of Computer Science This work is supported by the NSF CPATH program

477 views • 22 slides
Functional Encryption: Deterministic to Randomized Functions from Simple Assumptions Shashank

Functional Encryption: Deterministic to Randomized Functions from Simple Assumptions Shashank

Functional Encryption: Deterministic to Randomized Functions from Simple Assumptions Shashank Agrawal David J. Wu Public-Key Functional Encryption [BSW11, ON10] () Keys are associated with deterministic functions sk

1.47k views • 99 slides
CPSC 100 Dr. Rachel Pottinger Course website: http://ct.cs.ubc.ca : Preliminary copies of

CPSC 100 Dr. Rachel Pottinger Course website: http://ct.cs.ubc.ca : Preliminary copies of

Computational Thinking CPSC 100 Dr. Rachel Pottinger Course website: http://ct.cs.ubc.ca : Preliminary copies of slides: http://ct.cs.ubc.ca/slides.html Computational Thinking ct.cs.ubc.ca Administrative Notes Introductions No lab

1.34k views • 37 slides
Transit and Treatment: Effectiveness of Transit Systems to Improve Substance Use and Mental

Transit and Treatment: Effectiveness of Transit Systems to Improve Substance Use and Mental

Transit and Treatment: Effectiveness of Transit Systems to Improve Substance Use and Mental Health in Connecticut Strategies to Achieve Alignment, Collaboration, and Synergy Across Delivery and Financing Systems Research-In-Progress Webinar

484 views • 30 slides
Lecture 6: Recursive Preferences Simon Gilchrist Boston Univerity and NBER EC 745 Fall, 2013

Lecture 6: Recursive Preferences Simon Gilchrist Boston Univerity and NBER EC 745 Fall, 2013

Lecture 6: Recursive Preferences Simon Gilchrist Boston Univerity and NBER EC 745 Fall, 2013 Basics Epstein and Zin (1989 JPE, 1991 Ecta) following work by Kreps and Porteus introduced a class of preferences which allow to break the link

605 views • 45 slides
Optimal Simple And Implementable Monetary and Fiscal Rules Stephanie Schmitt-Groh e Mart

Optimal Simple And Implementable Monetary and Fiscal Rules Stephanie Schmitt-Groh e Mart

Optimal Simple And Implementable Monetary and Fiscal Rules Stephanie Schmitt-Groh e Mart n Uribe Duke University September 2007 1 Welfare-Based Policy Evaluation: Related Literature (ex: Rotemberg and Woodford, 1999)

615 views • 40 slides

More recommend