dtki
play

DTKI A Protocol for Public-Key Validation Jiangshan Yu, Vincent - PowerPoint PPT Presentation

Jul 10, 2023 •413 likes •718 views

DTKI A Protocol for Public-Key Validation Jiangshan Yu, Vincent Cheval, and Mark Ryan School of Computer Science University of Birmingham September 2013 J.Yu, V.Cheval and M.Ryan (Birmingham) DTKI September 2013 1 / 23 Overview Background

  1. DTKI A Protocol for Public-Key Validation Jiangshan Yu, Vincent Cheval, and Mark Ryan School of Computer Science University of Birmingham September 2013 J.Yu, V.Cheval and M.Ryan (Birmingham) DTKI September 2013 1 / 23

  2. Overview Background 1 Public-key certificate issues Existing proposals Our work 2 Properties Proposed protocol J.Yu, V.Cheval and M.Ryan (Birmingham) DTKI September 2013 2 / 23

  3. Background 1 Public-key certificate issues Existing proposals Our work 2 Properties Proposed protocol J.Yu, V.Cheval and M.Ryan (Birmingham) DTKI September 2013 3 / 23

  4. Certificate A certificate is a signed statement that bind a public key to a subjects details. ( Example ) J.Yu, V.Cheval and M.Ryan (Birmingham) DTKI September 2013 4 / 23

  5. Certificate A certificate is a signed statement that bind a public key to a subjects details. ( Example ) Loosely speaking: Cert Subj = Sign SK Issuer ( ID Subj , PK Subj ) J.Yu, V.Cheval and M.Ryan (Birmingham) DTKI September 2013 4 / 23

  6. Web Certificate Verification CA/B trust model browser defines a set of CAs; browser accepts all certificates issued by any one of them. Mozilla Firefox browser initially trusts 57 root CAs. The EFF SSL Observatory : ∼ 1500 of CAs in total. J.Yu, V.Cheval and M.Ryan (Birmingham) DTKI September 2013 5 / 23

  7. Issues Problems with CA/B Any CA can certify public keys for any domain. (Thus, we have to assume that all CAs are trustworthy.) CA/B has no efficient mechanism to detect mis-issued certificate. J.Yu, V.Cheval and M.Ryan (Birmingham) DTKI September 2013 6 / 23

  8. Issues Problems with CA/B Any CA can certify public keys for any domain. (Thus, we have to assume that all CAs are trustworthy.) CA/B has no efficient mechanism to detect mis-issued certificate. Example of Attacks: Comodo was attacked and fake certificates were issued for popular domains (e.g. Google, Yahoo, Skype, etc.). (2011) DigiNotar issued 531 fake certificates for more than three hundred domains, including most of major Internet communications companies. (2011) J.Yu, V.Cheval and M.Ryan (Birmingham) DTKI September 2013 6 / 23

  9. Does it matter? J.Yu, V.Cheval and M.Ryan (Birmingham) DTKI September 2013 7 / 23

  10. Does it matter? If you encrypt with the wrong key, the attacker may get your message. J.Yu, V.Cheval and M.Ryan (Birmingham) DTKI September 2013 7 / 23

  11. Existing Proposals Table : Taxonomy of existing solutions Taxonomy Existing Proposals PGP adoption MonkeySphere; DNS extension DANE SSL Observatory; Certificate Patrol; Perspectives; Difference observation DoubleCheck; CertLock; Covergence; TACK. Sovereign Keys; Certificate Transparency; Public log adoption AKI J.Yu, V.Cheval and M.Ryan (Birmingham) DTKI September 2013 8 / 23

  12. Certificate transparency [Laurie, Kasper, Langley 2012] Basic idea: All certificates issued by a CA should be recorded in a public log. To accept a certificate, browsers must verify the proof such that this certificate is included in the log. Domain owners can detect mis-issued certificates by checking the log. IETF RFC6962 (June 2013). J.Yu, V.Cheval and M.Ryan (Birmingham) DTKI September 2013 9 / 23

  13. Public Log Desired proofs: Proof of presence proves that a certificate is included in a public log. Proof of extension proves that the current public log is an extension of previous versions. Proof of currency proves that the public key of a subject is the latest one in the public log. proof of absence proves that no certificate in the log is issued for the given subject. J.Yu, V.Cheval and M.Ryan (Birmingham) DTKI September 2013 10 / 23

  14. Append-only public log – Merkle tree h 7 = h ( h 5 , h 6 ) h 5 = h ( h 1 , h 2 ) h 6 = h ( c 3 , c 4 ) h 1 = h ( c 1 , c 2 ) h 2 = h ( c 3 , c 4 ) h 3 = h ( c 5 , c 6 ) h 4 = h ( c 7 , c 8 ) c 1 c 2 c 3 c 4 c 5 c 6 c 7 c 8 Proof of Complexity presence O ( logn ) extension O ( logn ) currency O ( n ) absence O ( n ) J.Yu, V.Cheval and M.Ryan (Birmingham) DTKI September 2013 11 / 23

  15. Append-only public log – Merkle tree h 7 = h ( h 5 , h 6 ) h 5 = h ( h 1 , h 2 ) h 6 = h ( c 3 , c 4 ) h 1 = h ( c 1 , c 2 ) h 2 = h ( c 3 , c 4 ) h 3 = h ( c 5 , c 6 ) h 4 = h ( c 7 , c 8 ) c 1 c 2 c 3 c 4 c 5 c 6 c 7 c 8 Proof of Complexity presence O ( logn ) extension O ( logn ) currency O ( n ) absence O ( n ) J.Yu, V.Cheval and M.Ryan (Birmingham) DTKI September 2013 11 / 23

  16. An improvement Certificate Issuance and Revocation Transparency [Ryan 2013] ChronTree LexTree Dan Bob Kent Lucy Alice Chal Jeff c 1 c 2 c 3 c 4 c 5 c 6 c 7 c 8 Alex Proof of presence O ( logn ) O ( logn ) extension O ( logn ) O ( n ) currency O ( n ) O ( logn ) absence O ( n ) O ( logn ) consistency O ( n ) J.Yu, V.Cheval and M.Ryan (Birmingham) DTKI September 2013 12 / 23

  17. Consistency Proof Public auditor. Random checking by clients. J.Yu, V.Cheval and M.Ryan (Birmingham) DTKI September 2013 13 / 23

  18. Problems Difficulty with absence proof CT allows multiple public logs. Efficiency : to verify currency proof and absence proof, a client/server needs to check all existing logs. Security : hide party attacks could be launched. J.Yu, V.Cheval and M.Ryan (Birmingham) DTKI September 2013 14 / 23

  19. Background 1 Public-key certificate issues Existing proposals Our work 2 Properties Proposed protocol J.Yu, V.Cheval and M.Ryan (Birmingham) DTKI September 2013 15 / 23

  20. Basic properties In-band verification Built-in key revocation Ability to limit trust scope Domain ownership change protection Scalability Usability J.Yu, V.Cheval and M.Ryan (Birmingham) DTKI September 2013 16 / 23

  21. Novel properties Country neutrality Infrastructure providers (e.g. root CAs, timeline servers, and log providers) should not be dominated by a single country. e.g. An Irish citizen accessing an Irish bank should be able to use Irish infrastructure. Government agencies who have compelled authorities in their country should not be able to use fake certificates without being readily detected. J.Yu, V.Cheval and M.Ryan (Birmingham) DTKI September 2013 17 / 23

  22. Novel properties Canonical signer For a given domain, anyone should easily identify parties that are authorised to establish key authenticity. No-monopoly No provider should have a uniquely privileged position. (Trust agility) Any entity can freely remove his/her trust anchor without affecting the function of internet services. Resistance to hidden party attack “Hidden party” attack: A party issues certificates/logs/... for a subject that does not know that the party exists. E.g. CT log provider of a small organisation. J.Yu, V.Cheval and M.Ryan (Birmingham) DTKI September 2013 18 / 23

  23. DTKI DNS-based Transparent Key Infrastructure (DTKI) J.Yu, V.Cheval and M.Ryan (Birmingham) DTKI September 2013 19 / 23

  24. DTKI DNS-based Transparent Key Infrastructure (DTKI) J.Yu, V.Cheval and M.Ryan (Birmingham) DTKI September 2013 19 / 23

  25. DTKI DNS-based Transparent Key Infrastructure (DTKI) J.Yu, V.Cheval and M.Ryan (Birmingham) DTKI September 2013 19 / 23

  26. DTKI DNS-based Transparent Key Infrastructure (DTKI) Basic idea Parent domains certify public keys for their child domains; Parent domains should maintain a public log to record their child domains’ certificates. Each top level domain ( e.g. .com, .net, and .uk) must maintain a log; each second level domain ( e.g. .co.uk and example.com) may or may not maintain a log; e.g. .co.uk does need to maintain a log, but example.com does not. Each log should be distributed to many peers which could be any interested party. J.Yu, V.Cheval and M.Ryan (Birmingham) DTKI September 2013 20 / 23

  27. DTKI The format of the log: The log is organised as a ChronTree and a LexTree. Log . com = [( a . com , EK a . com , VK a . com ) , ... ] J.Yu, V.Cheval and M.Ryan (Birmingham) DTKI September 2013 21 / 23

  28. On-going work Proof transmission: users query proofs over DNS (similar as DANE); or users query proofs from mirrors in parallel with ServerHello phase, or users cache the certificate obtained from TLS handshake, and check proofs with mirrors later. Formal proof. J.Yu, V.Cheval and M.Ryan (Birmingham) DTKI September 2013 22 / 23

  29. Thank You! J.Yu, V.Cheval and M.Ryan (Birmingham) DTKI September 2013 23 / 23

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

The Theory of Web Transparency: Algorithms and Trade-offs Augustin Chaintreau 1 , Guillaume

The Theory of Web Transparency: Algorithms and Trade-offs Augustin Chaintreau 1 , Guillaume

The Theory of Bringing Privacy into Practice, 2015 1/8 The Theory of Web Transparency: Algorithms and Trade-offs Augustin Chaintreau 1 , Guillaume Ducoffe 2 , 3 , Roxana Geambasu 1 , ecuyer 1 Mathias L 1Columbia University 2Univ. Nice Sophia

339 views • 14 slides
Transparency-Enhancing Tools PETs PhD Course at Chalmers Tobias Pulls Karlstad University,

Transparency-Enhancing Tools PETs PhD Course at Chalmers Tobias Pulls Karlstad University,

Transparency TETs Transparency Logging A4Cloud Summary Transparency-Enhancing Tools PETs PhD Course at Chalmers Tobias Pulls Karlstad University, Sweden tobias.pulls@kau.se October 29, 2012 Transparency TETs Transparency Logging

1.05k views • 59 slides
Future Internet of Services Future Internet of Services 3 Perspective From a TAS 3 Perspective

Future Internet of Services Future Internet of Services 3 Perspective From a TAS 3 Perspective

Future Internet of Services Future Internet of Services 3 Perspective From a TAS 3 Perspective From a TAS Danny De Cock TAS 3 Project Coordinator Slides available from http://godot.be/slides Email: Danny.DeCock@esat.kuleuven.be Future

252 views • 12 slides
Graph Covers and Iterative Decoding of Finite-Length Codes Pascal O. Vontobel (CSL, UIUC) Ralf

Graph Covers and Iterative Decoding of Finite-Length Codes Pascal O. Vontobel (CSL, UIUC) Ralf

CSL/UIUC Graph Covers and Iterative Decoding Graph Covers and Iterative Decoding of Finite-Length Codes Pascal O. Vontobel (CSL, UIUC) Ralf Koetter (CSL, UIUC) Talk at DIMACS, Piscataway, NJ, USA Dec. 15, 2003 Vontobel/Koetter transparency

542 views • 41 slides
Disabilities during Periods of Remote or Blended Learning Technical Assistance Session 2:

Disabilities during Periods of Remote or Blended Learning Technical Assistance Session 2:

Serving Students with Disabilities during Periods of Remote or Blended Learning Technical Assistance Session 2: Ensuring Transparency and Collaboration Summer 2020 | Jennifer Carpenter and Kelley Scholl Series Overview Serving Students with

887 views • 37 slides
Semantic entropy measures and the semantic transparency of noun noun compounds Melanie J. Bell,

Semantic entropy measures and the semantic transparency of noun noun compounds Melanie J. Bell,

Semantic entropy measures and the semantic transparency of noun noun compounds Melanie J. Bell, Martin Sch afer Anglia Ruskin University, Friedrich-Schiller-Universit at Jena Saarbr ucken, 08.03.2017 Why look at semantic transparency?

202 views • 16 slides
A Computational Mo del for Represen tation of Image V elo citi es Eero Simoncelli

A Computational Mo del for Represen tation of Image V elo citi es Eero Simoncelli

A Computational Mo del for Represen tation of Image V elo citi es Eero Simoncelli Computer and Information Science Departmen t Univ ersit y of P ennsylv ania Da vid Heeger Psyc hology Departmen t Stanford Univ

320 views • 14 slides
Distributed Logging Architecture in Container Era LinuxCon Japan 2016 at Jun 13 2016 Satoshi

Distributed Logging Architecture in Container Era LinuxCon Japan 2016 at Jun 13 2016 Satoshi

Distributed Logging Architecture in Container Era LinuxCon Japan 2016 at Jun 13 2016 Satoshi "Moris" Tagomori (@tagomoris) Satoshi "Moris" Tagomori (@tagomoris) Fluentd, MessagePack-Ruby, Norikra, ... Treasure Data, Inc.

659 views • 39 slides
R Programming Basics Thomas J. Leeper May 20, 2015 1 Functions Built-in functions x <-

R Programming Basics Thomas J. Leeper May 20, 2015 1 Functions Built-in functions x <-

R Programming Basics Thomas J. Leeper May 20, 2015 1 Functions Built-in functions x <- c(1,3,4,4,5,6,2,3,4) mean(x) sum(x) exp(x) log(x) sqrt(x) length(x) seq_along(x) quantile(x, c(0.05 , 0.95)) Writing functions # no arguments

517 views • 12 slides
Emulab Anton Burtsev, Prashanth Radhakrishnan, Mike Hibler, and Jay Lepreau University of Utah,

Emulab Anton Burtsev, Prashanth Radhakrishnan, Mike Hibler, and Jay Lepreau University of Utah,

Transparent Checkpoint of Closed Distributed Systems in Emulab Anton Burtsev, Prashanth Radhakrishnan, Mike Hibler, and Jay Lepreau University of Utah, School of Computing Emulab Public testbed for network experimentation 2 Emulab

725 views • 45 slides
Swiss E-Voting Workshop September 6, 2010 TRANSPARENCY SECURITY 2 VERIFIABILITY PRIVACY 3

Swiss E-Voting Workshop September 6, 2010 TRANSPARENCY SECURITY 2 VERIFIABILITY PRIVACY 3

Michael Clarkson Cornell University with Stephen Chong (Harvard) and Andrew Myers (Cornell) Swiss E-Voting Workshop September 6, 2010 TRANSPARENCY SECURITY 2 VERIFIABILITY PRIVACY 3 VERIFIABILITY PRIVACY Remote 4 KEY PRINCIPLE:

722 views • 44 slides
REDBOOK 101 Accounting Procedures for Kentucky School Activity Funds 2 What is the

REDBOOK 101 Accounting Procedures for Kentucky School Activity Funds 2 What is the

REDBOOK 101 Accounting Procedures for Kentucky School Activity Funds 2 What is the Redbook? The Accounting Procedures for Kentucky School Activity funds, more commonly known as the Redbook, is a mandate from the Kentucky

827 views • 14 slides
Data Integration for Neo4j using Kettle Matt Casters, matt.casters@neo4j.com mattcasters Neo4j

Data Integration for Neo4j using Kettle Matt Casters, matt.casters@neo4j.com mattcasters Neo4j

Data Integration for Neo4j using Kettle Matt Casters, matt.casters@neo4j.com mattcasters Neo4j Chief Solutions Architect Topics What is Kettle? Kettle plugins for Neo4j Kettle using Neo4j Examples The Hunger Games

808 views • 44 slides
THE LOGGING LOOPHOLE How the Logging Industrys Unregulated Carbon Emissions Undermine

THE LOGGING LOOPHOLE How the Logging Industrys Unregulated Carbon Emissions Undermine

THE LOGGING LOOPHOLE How the Logging Industrys Unregulated Carbon Emissions Undermine Canadas Climate Goals environmental defence Dale Marshall Jennifer Skene Graham Saul Photo Credit: River Jordan for NRDC The Boreal Forest CARBON:

508 views • 23 slides
What is a Bro log? 1 What is a Bro log? A stream of

What is a Bro log? 1 What is a Bro log? A stream of

What is a Bro log? 1 What is a Bro log? A stream of high level entries that correspond to lower level events. An HTTP request/reply pair.

749 views • 16 slides
ALMA Common Software Basic Track Logging and Error Systems Logging system conceptual overview

ALMA Common Software Basic Track Logging and Error Systems Logging system conceptual overview

ALMA Common Software Basic Track Logging and Error Systems Logging system conceptual overview Logging system The logging system provide status and diagnostic information historical archive filtering capabilities by

305 views • 11 slides
Log-Structured File System CS 416: Operating Systems Design, Spring 2011 Department of Computer

Log-Structured File System CS 416: Operating Systems Design, Spring 2011 Department of Computer

CS416 File System Log-Structured File System CS 416: Operating Systems Design, Spring 2011 Department of Computer Science Rutgers University Rutgers Sakai: 01:198:416 Sp11 (https://sakai.rutgers.edu) Log Structured Filesystem LFS Basic

675 views • 15 slides
Disease Control System DiCon Sebastian Goll, Ned Dimitrov University of Texas at Austin November

Disease Control System DiCon Sebastian Goll, Ned Dimitrov University of Texas at Austin November

Disease Control System DiCon Sebastian Goll, Ned Dimitrov University of Texas at Austin November 24, 2009 Goll, Dimitrov (Texas) November 24, 2009 1 / 14 Introduction DiCon What is DiCon? DiCon is the Disease Control System. Procedure

348 views • 14 slides
fjlesystems 3 1 last time hard drives seek time rotational latency block remapping by disk

fjlesystems 3 1 last time hard drives seek time rotational latency block remapping by disk

fjlesystems 3 1 last time hard drives seek time rotational latency block remapping by disk controller solid state disks wear leveling move data to new block when written work around limitations of large erasure blocks (that cant be

1.67k views • 110 slides
It Can Understand the Logs, Literally Aidi Pi , Wei Chen, Will Zeller and Xiaobo Zhou IPDPSW19

It Can Understand the Logs, Literally Aidi Pi , Wei Chen, Will Zeller and Xiaobo Zhou IPDPSW19

It Can Understand the Logs, Literally Aidi Pi , Wei Chen, Will Zeller and Xiaobo Zhou IPDPSW19 @ Rio de Janeiro Outline Introduction to distributed system logs Challenges NLog: A NLP based log analysis approach Evaluation

197 views • 18 slides
Dynamic Policy Enforcement Dynamic Policy Enforcement in a Networked Environment in a Networked

Dynamic Policy Enforcement Dynamic Policy Enforcement in a Networked Environment in a Networked

Dynamic Policy Enforcement Dynamic Policy Enforcement in a Networked Environment in a Networked Environment Brandon Pollet Brandon Pollet Enterprise Security Group Enterprise Security Group Center for Information Security Center for

671 views • 28 slides
Inferring Models of Concurrent Systems from Logs of Their Behavior with CSight A?a-1 timeout s0

Inferring Models of Concurrent Systems from Logs of Their Behavior with CSight A?a-1 timeout s0

Inferring Models of Concurrent Systems from Logs of Their Behavior with CSight A?a-1 timeout s0 send(m) s1 M!m-0 s2 A?a-1 Sender Receiver A?a-0 A?a-1 2,1 M?m-0 1,0 send(m) A?a-0 s5 M!m-1 s4 send(m) s3 2,2 recv(m) 2,0 M!m-0

1.22k views • 75 slides
Detecting Large-Scale System Problems by Mining Console Logs Author : Wei Xu, Ling Huang,

Detecting Large-Scale System Problems by Mining Console Logs Author : Wei Xu, Ling Huang,

Detecting Large-Scale System Problems by Mining Console Logs Author : Wei Xu, Ling Huang, Armando Fox, David Patterson, Michael Jordan Conference: ICML 2010 SOSP2009, ICDM 2009 Reporter: Zhe Fu Outline SOSP 09 ICML 10 Offline Analysis

935 views • 48 slides
Log all the things! Honza Krl @honzakral Logs? Events! Log lines Twitter feed Invoices

Log all the things! Honza Krl @honzakral Logs? Events! Log lines Twitter feed Invoices

Log all the things! Honza Krl @honzakral Logs? Events! Log lines Twitter feed Invoices Metrics Why? What happened last Tuesday? Grep? Multiple machines Multiple logs Analysis/Discovery Time period Time? Time?! Time! apache

592 views • 33 slides

More recommend