Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Aggregation-Based Gossip for Certificate Transparency
Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013). (Prisec, DATASÄKERHET & PERSONLIG INTEGRITET)ORCID iD: 0000-0001-6459-8409
Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013). (DISCO, DATAKOMMUNIKATION)ORCID iD: 0000-0001-7358-8675
Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013). (DISCO, DATAKOMMUNIKATION)ORCID iD: 0000-0001-5241-6815
Show others and affiliations
(English)Other (Other academic)
Abstract [en]

Certificate Transparency (CT) is a project that mandates public logging of TLS certificates issued by certificate authorities. While a CT log is designed to be trustless, it relies on the assumption that every client sees and cryptographically verifies the same log. The solution to this problem is a gossip mechanism that ensures that clients share the same view of the logs. Despite CT being added to Google Chrome, no gossip mechanism is pending wide deployment. We suggest an aggregation-based gossip mechanism that passively observes cryptographic material that CT logs emit in plaintext, aggregating at packet processors and periodically verifying log consistency off-path. Based on 20 days of RIPE Atlas measurements that represents clients from 3500 autonomous systems and 40% of the IPv4 space, our proposal can be deployed incrementally for a realistic threat model with significant protection against undetected log misbehavior. We also discuss how to instantiate aggregation-based gossip on a variety of packet processors, and show that our P4 and XDP proof-of-concepts implementations run at line-speed.

National Category
Computer Sciences
Research subject
Computer Science
Identifiers
URN: urn:nbn:se:kau:diva-71423OAI: oai:DiVA.org:kau-71423DiVA, id: diva2:1293314
Note

Subjects:Cryptography and Security (cs.CR)Cite as:arXiv:1806.08817 [cs.CR]

Öppet arkiv, papper skickat till konferans i betydligt förändrad form

Available from: 2019-03-04 Created: 2019-03-04 Last updated: 2019-03-22Bibliographically approved

Open Access in DiVA

No full text in DiVA

Authority records BETA

Dahlberg, RasmusPulls, TobiasVestin, JonathanHøiland-Jørgensen, TokeKassler, Andreas

Search in DiVA

By author/editor
Dahlberg, RasmusPulls, TobiasVestin, JonathanHøiland-Jørgensen, TokeKassler, Andreas
By organisation
Department of Mathematics and Computer Science (from 2013)Centre for HumanIT
Computer Sciences

Search outside of DiVA

GoogleGoogle Scholar

urn-nbn

Altmetric score

urn-nbn
Total: 31 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf