Abstract
Traditional X.509 public key infrastructures (PKIs) depend on certification authorities (CAs) to sign certificates, used in SSL/TLS to authenticate web servers and establish secure channels. However, recent security incidents indicate that CAs may (be compromised to) sign fraudulent certificates. In this paper, we propose blockchain-based certificate transparency and revocation transparency. Our scheme is compatible with X.509 PKIs but significantly reinforces the security guarantees of a certificate. The CA-signed certificates and their revocation status information of an SSL/TLS web server are published by the subject (i.e., the web server) as a transaction, and miners of the community append it to the global certificate blockchain after verifying the transaction and mining a block. The certificate blockchain acts as append-only public logs to monitor CAs’ certificate signing and revocation operations, and an SSL/TLS web server is granted with the cooperative control on its certificates to balance the absolute authority of CAs in traditional PKIs. We implement the prototype system with Firefox and Nginx, and the experimental results show that it introduces reasonable overheads.
This work was partially supported by National Basic Research 973 Program of China (Award No. 2014CB340603), National Natural Science Foundation of China (Award No. 61772518), and Cyber Security Program (Award No. 2017YFB0802100) of National Key RD Plan of China.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
We visited the Alexa top-50 websites, and observed 29 unique certificate chains for these websites (averagely 4.05Â KB), each of which is composed of three certificates. We collected OCSP responses (averagely 1.60Â KB) for these certificates, and the distribution of the validity periods is: 17 are 7-day, 9 are 4-day, 2 are 1.5-day, and 1 is 5-day.
References
Abadi, M., Birrell, A., Mironov, I., Wobber, T., Xie, Y.: Global authentication in an untrustworthy world. In: 14th USENIX Conference on Hot Topics in Operating Systems (HotOS) (2013)
Alexa: Alexa Top 1M Websites (2017). http://s3.amazonaws.com/alexa-static/top-1m.csv.zip
Alicherry, M., Keromytis, A.: Doublecheck: multi-path verification against man-in-the-middle attacks. In: 14th IEEE Symposium on Computers and Communications (ISCC), pp. 557–563 (2009)
Arends, R., Austein, R., Larson, M., Massey, D., Rose, S.: DNS Security Introduction and Requirements. Technical report, IETF RFC 4033 (2005)
Arthur, C.: Rogue Web Certificate Could Have Been Used to Attack Iran Dissidents, August 2011. https://iranian.com/main/news/2011/08/30/rogue-web-certificate-could-have-been-used-attack-iran-dissidents.html
Ateniese, G., Mangard, S.: A new approach to DNS security (DNSSEC). In: 8th ACM Conference on Computer and Communications Security (CCS), pp. 86–95 (2001)
Basin, D., Cremers, C., Kim, H., Perrig, A., Sasse, R., Szalachowski, P.: ARPKI: attack resilient public-key infrastructure. In: 21st ACM Conference on Computer and Communications Security (CCS), pp. 382–393 (2014)
bitcoin.org: Bitcoin Developer Guide (2016). https://bitcoin.org/en/developer-guide
Braun, J., Volk, F., Classen, J., Buchmann, J., Mühlhäuser, M.: CA trust management for the web PKI. J. Comput. Secur. 22(6), 913–959 (2014)
Clark, J., van Oorschot, P.: SoK: SSL and HTTPS: revisiting past challenges and evaluating certificate trust model enhancements. In: 34th IEEE Symposium on Security and Privacy (S&P), pp. 511–525 (2013)
Comodo Group Inc.: Comodo Report of Incident, March 2011. https://www.comodo.com/Comodo-Fraud-Incident-2011-03-23.html
Cooper, D., Santesson, S., Farrell, S., Boeyen, S., Housley, R., Polk, W.: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. Technical report, IETF RFC 5280 (2008)
Dacosta, I., Ahamad, M., Traynor, P.: Trust no one else: detecting MITM attacks against SSL/TLS without third-parties. In: Foresti, S., Yung, M., Martinelli, F. (eds.) ESORICS 2012. LNCS, vol. 7459, pp. 199–216. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-33167-1_12
Dierks, T., Rescorla, E.: The Transport Layer Security (TLS) Protocol. Technical report, IETF RFC 5246 (2008)
Eckersley, P.: A Syrian Man-in-the-Middle Attack against Facebook, May 2011. https://www.eff.org/deeplinks/2011/05/syrian-man-middle-against-facebook
Eckersley, P.: Sovereign Key Cryptography for Internet Domains. Technical report, IETF Internet-draft (2012)
Eckersley, P., Burns, J.: Is the SSLiverse a Safe Place, December 2010. https://events.ccc.de/congress/2010/Fahrplan/events/4121.en.html
Engert, K.: DetecTor, September 2013. http://www.detector.io/DetecTor.pdf
Evans, C., Palmer, C., Sleevi, R.: Public Key Pinning Extension for HTTP. Technical report, IETF RFC 7469 (2015)
Eyal, I., Sirer, E.G.: Majority Is Not Enough: Bitcoin Mining Is Vulnerable, pp. 436–454 (2013)
Freier, A., Karlton, P., Kocher, P.: The Secure Sockets Layer (SSL) Protocol Version 3.0 (2011)
Fromknecht, C., Velicanu, D., Yakoubov, S.: A Decentralized Public Key Infrastructure with Identity Retention (2014). https://eprint.iacr.org/2014/803.pdf
Fromknecht, C., Velicanu, D., Yakoubov, S.: CertCoin: A NameCoin Based Decentralized Authentication System, Massachusetts Institute of Technology, MA, USA (2014). http://courses.csail.mit.edu/6.857/2014/files/19-fromknecht-velicann-yakoubov-certcoin.pdf
GlobalSign: Security Incident Report (2011). https://www.globalsign.com/resources/globalsign-security-incident-report.pdf
Grant, A.: Search for Trust: An Analysis and Comparison of CA System Alternatives and Enhancements. Technical report, Dartmouth Computer Science, Technical Report TR2012-716 (2012)
Hallam-Baker, P., Stradling, R.: DNS Certification Authority Authorization (CAA) Resource Record. Technical report, IETF RFC 6844 (2013)
Hoffman, P., Schlyter, J.: The DNS-Based Authentication of Named Entities (DANE) Transport Layer Security (TLS) Protocol: TLSA. Technical report, IETF RFC 6698 (2012)
Holz, R., Riedmaier, T., Kammenhuber, N., Carle, G.: X.509 forensics: detecting and localising the SSL/TLS men-in-the-middle. In: Foresti, S., Yung, M., Martinelli, F. (eds.) ESORICS 2012. LNCS, vol. 7459, pp. 217–234. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-33167-1_13
ICSI: The ICSI Certificate Notary (2011). https://notary.icsi.berkeley.edu/
Kasten, J., Wustrow, E., Halderman, J.A.: CAge: taming certificate authorities by inferring restricted scopes. In: Sadeghi, A.-R. (ed.) FC 2013. LNCS, vol. 7859, pp. 329–337. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39884-1_28
Kim, T., Huang, L., Perrig, A., Jackson, C., Gligor, V.: Accountable key infrastructure (AKI): a proposal for a public-key validation infrastructure. In: 22nd International Conference on World Wide Web (WWW), pp. 679–690 (2013)
Langley, A.: Public Key Pinning, May 2011. https://www.imperialviolet.org/2011/05/04/pinning.html
Langley, A.: Further Improving Digital Certificate Security, December 2013. https://security.googleblog.com/2013/12/further-improving-digital-certificate.html
Laurie, B., Kasper, E.: Revocation Transparency (2012). http://sump2.links.org/files/RevocationTransparency.pdf
Laurie, B., Langley, A., Kasper, E., Google: Certificate Transparency. Technical report, IETF RFC 6962 (2014)
Lewison, K., Coralla, F.: Backing Rich Credentials with a Blockchain PKI (2016). http://pomcor.com/techreports/BlockchainPKI.pdf
Liu, Y., Tome, W., Zhang, L., Choffnes, D., et al.: An end-to-end measurement of certificate revocation in the web’s PKI. In: 15th Internet Measurement Conference (IMC), pp. 183–196 (2015)
Marlinspike, M.: Convergence, September 2011. https://github.com/moxie0/Convergence
Marlinspike, M.: Trust Assertions for Certificate Keys. Technical report, IETF Internet-draft (2013)
Matsumoto, S., Reischuk, R.: IKP: turning a PKI around with decentralized automated incentives. In: 38th IEEE Symposium on Security and Privacy (S&P) (2017)
Melara, M., Blankstein, A., Bonneau, J., Felten, E., Freedman, M.: CONIKS: bringing key transparency to end users. In: 24th USENIX Conference on Security Symposium, pp. 383–398 (2015)
Micheloni, A., Fuchs, K., Herrmann, D., Federrath, H.: Laribus: privacy-preserving detection of fake SSL certificates with a social P2P notary network. In: 8th International Conference on Availability, Reliability and Security (ARES), pp. 1–10 (2013)
University of Michigan. Censys, April 2016. https://censys.io/
Microsoft: MS01-017: Erroneous VeriSign-Issued Digital Certificates Pose Spoofing Hazard, March 2001. https://technet.microsoft.com/library/security/ms01-017
Morton, B.: Public Announcements Concerning the Security Advisory, January 2013. https://www.entrust.com/turktrust-unauthorized-ca-certificates
Morton, B.: More Google Fraudulent Certificates, July 2014. https://www.entrust.com/google-fraudulent-certificates/
Muneeb, A., Jude, N., Ryan, S., Michael, J.: Blockstack: a global naming and storage system secured by blockchains. In: 2016 USENIX Annual Technical Conference, pp. 181–194 (2016)
Nakamoto, S.: Bitcoin: A Peer-to-Peer Electronic Cash System (2008). https://bitcoin.org/bitcoin.pdf
Namecoin Team: Namecoin (2011). https://www.namecoin.org/
PSYC: Certificate Patrol (2014). http://patrol.psyced.org/
Ryan, M.: Enhanced certificate transparency and end-to-end encrypted mail. In: 21st ISOC Network and Distributed System Security Symposium (NDSS) (2014)
Soghoian, C., Stamm, S.: Certified lies: detecting and defeating government interception attacks against SSL (Short Paper). In: Danezis, G. (ed.) FC 2011. LNCS, vol. 7035, pp. 250–259. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-27576-0_20
Sotirov, A., Stevens, M.: MD5 Considered Harmful Today, December 2008. http://www.win.tue.nl/hashclash/rogue-ca/
SSL Shopper: SSL Certificate for Mozilla.com Issued Without Validation, December 2008. https://www.sslshopper.com/article-ssl-certificate-for-mozilla.com-issued-without-validation.html
Start Commercial (StartCom) Limited: Critical Event Report, December 2008. https://blog.startcom.org/wp-content/uploads/2009/01/ciritical-event-report-12-20-2008.pdf
Szalachowski, P., Matsumoto, S., Perrig, A.: PoliCert: secure and flexible TLS certificate management. In: 21st ACM Conference on Computer and Communications Security (CCS), pp. 406–417 (2014)
Vandersloot, B., Amann, J., Bernhard, M., Durumeric, Z., et al.: Towards a complete view of the certificate ecosystem. In: 16th Internet Measurement Conference (IMC), pp. 543–549 (2016)
VASCO Data Security International Inc.: DigiNotar Reports Security Incident, August 2011. https://www.vasco.com/about-vasco/press/2011/news _diginotar _reports _security _incident.html
Wendlandt, D., Andersen, D., Perrig, A.: Perspectives: improving SSH-style host authentication with multi-path probing. In: 2008 USENIX Annual Technical Conference, pp. 321–334 (2008)
Wikipedia: Flame(malware), March 2017. https://en.wikipedia.org/wiki/Flame_(malware)
Wilson, K.: Distrusting New CNNIC Certificates, April 2015. https://blog.mozilla.org/security/2015/04/02/distrusting-new-cnnic-certificates/
Zusman, M.: Criminal Charges Are Not Pursued: Hacking PKI (2009). https://defcon.org/images/defcon-17/dc-17-presentations/defcon-17-zusman-hacking_pki.pdf
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
A Parameters Selection
A Parameters Selection
The time interval between two adjacent blocks (denoted as \(T_B\)) determines how soon a certificate will be accepted by browsers after it has been included in the blockchain. It is reasonable for a web server to require its published certificates to be accepted within 24Â h, i.e., \(N \times T_B < 1,440\)Â min. On the other hand, a smaller \(T_{B}\) enforces the web server to watch for fraudulent certificates in the blockchain more frequently, and take countermeasures more quickly. Accordingly, we set \(T_B = 120\)Â min as a typical value and let \(N=6\) (the same as the requirement in Bitcoin). In order to keep the block mining stable, the community adjusts the PoW target of the blockchain periodically.
The validity period of Type-I transactions (denote as \(T_{I}\)) is chosen to provide moderate revocation transparency. First, only when a transaction has been included in a fully-confirmed block (not in the latest N ones of the blockchain), the contained certificates are considered as valid by browsers. So, \(T_{I} \gg (N+1) \times T_B\); otherwise, it is never accepted by browsers before it expires. Meanwhile, \(T_I\) shall be not significantly greater than the general revocation status update period, to enforce the web servers to update their transactions in a timely manner. So we require that \(T_{I} \le 10 \times T_{Revoke}\), where \(T_{Revoke}\) is the revocation status update period. For more than 95% of CRL files, \(T_{Revoke}\) is not larger than 1 day. OCSP provides timely revocation status services, but the validity period of OCSP responses is typically 4 or 7 days.Footnote 1 Thus, we set \(T_I = 14,400\)Â min (or 10 days) in the prototype.
\(T_{II}\) determines the frequency of shadow Type-II transactions. We set \(T_{II} = 10\times T_{I}\) (i.e., 100 days).
Rights and permissions
Copyright information
© 2019 International Financial Cryptography Association
About this paper
Cite this paper
Wang, Z., Lin, J., Cai, Q., Wang, Q., Jing, J., Zha, D. (2019). Blockchain-Based Certificate Transparency and Revocation Transparency. In: Zohar, A., et al. Financial Cryptography and Data Security. FC 2018. Lecture Notes in Computer Science(), vol 10958. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-58820-8_11
Download citation
DOI: https://doi.org/10.1007/978-3-662-58820-8_11
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-58819-2
Online ISBN: 978-3-662-58820-8
eBook Packages: Computer ScienceComputer Science (R0)