certificate transparency with privacy
play

Certificate Transparency with Privacy Saba Eskandarian, Eran - PowerPoint PPT Presentation

Apr 19, 2023 •403 likes •722 views

Certificate Transparency with Privacy Saba Eskandarian, Eran Messeri, Joe Bonneau, Dan Boneh Stanford Google NYU Stanford Certificate Authorities Public Key Certificate CA Certificate apo-CA-lypse apo-CA-lypse Certificate Transparency

  1. Certificate Transparency with Privacy Saba Eskandarian, Eran Messeri, Joe Bonneau, Dan Boneh Stanford Google NYU Stanford

  2. Certificate Authorities Public Key Certificate CA Certificate

  3. apo-CA-lypse

  4. apo-CA-lypse

  5. Certificate Transparency (CT) Idea : public, verifiable log of all certificates Public Key Certificate CA Certificate

  6. Certificate Transparency (CT) Idea : public, verifiable log of all certificates Log Public Key Certificate CA Certificate ...

  7. Certificate Transparency (CT) Idea : public, verifiable log of all certificates Log Public Key Certificate CA Certificate ...

  8. Certificate Transparency (CT) Idea : public, verifiable log of all certificates Log Certificate Public Key Certificate, SCT CA Certificate, SCT SCT ...

  9. Certificate Transparency (CT) Idea : public, verifiable log of all certificates Log Certificate Public Key Certificate, SCT CA Certificate, SCT SCT ...

  10. Certificate Transparency (CT) Idea : public, verifiable log of all certificates Log Certificate Public Key Certificate, SCT CA Certificate, SCT SCT ... CT logging required by chrome for all sites starting April 2018!

  11. Transparency and Privacy?

  12. Our Contributions ● Redaction of private subdomains ● Privacy-preserving proof of misbehavior

  13. Redaction: keeping secrets on a public log Log CA Request Certificate secret.facebook.com Precertificate secret.facebook.com SCT secret.facebook.com Certificate, SCT ... secret.facebook.com Problem: secret.facebook.com is publicly visible on the log!

  14. Redaction: keeping secrets on a public log Log CA Request Certificate secret.facebook.com Precertificate secret.facebook.com Redacted SCT Redacted secret.facebook.com Certificate, SCT ... secret.facebook.com Problem: secret.facebook.com is publicly visible on the log!

  15. Subdomain Redaction via Commitments Log CA Request Certificate secret.facebook.com secret.facebook.com ...

  16. Subdomain Redaction via Commitments Log CA Request Certificate Precertificate secret.facebook.com secret.facebook.com secret.facebook.com ...

  17. Subdomain Redaction via Commitments Log CA Request Certificate Precertificate secret.facebook.com secret.facebook.com secret.facebook.com SCT ... secret.facebook.com .facebook .com

  18. Subdomain Redaction via Commitments Log CA Request Certificate Precertificate secret.facebook.com secret.facebook.com secret.facebook.com SCT Certificate secret.facebook.com ... secret.facebook.com SCT: secret.facebook.com SCT Opening: .facebook .com

  19. Subdomain Redaction via Commitments Page Request: secret.facebook.com

  20. Subdomain Redaction via Commitments Page Request: secret.facebook.com Certificate secret.facebook.com SCT: secret.facebook.com SCT Opening:

  21. Subdomain Redaction via Commitments Page Request: secret.facebook.com Certificate secret.facebook.com SCT: secret.facebook.com SCT Opening: Verify( , secret , )

  22. Security Why can’t a malicious site or CA reuse an existing redacted SCT? Binding property of commitment How can a monitor still check the log? Knowledge of number of entries per domain owner reveals extra certificates

  23. Privacy-Compromising Proof of Exclusion Log 1 2 3 4 5 6 7 8 9 10 Excluded SCT secret.facebook.com

  24. Privacy-Compromising Proof of Exclusion Log 1 2 3 4 5 6 7 8 9 10 Excluded SCT secret.facebook.com

  25. Our Privacy-Preserving Approach ● Auditor proves to vendor that an SCT is missing from log ● Auditor does not reveal domain name, vendor only learns that log is misbehaving

  26. Our Privacy-Preserving Approach ● Auditor proves to vendor that an SCT is missing from log ● Auditor does not reveal domain name, vendor only learns that log is misbehaving Then: ● Vendor can investigate log ● Vendor can blindly revoke missing certificate (by pushing a revocation value to all browsers)

  27. Our Privacy-Preserving Approach ● Auditor proves to vendor that an SCT is missing from log ● Auditor does not reveal domain name, vendor only learns that log is misbehaving Then: ● Vendor can investigate log ● Vendor can blindly revoke missing certificate (by pushing a revocation value to all browsers) Main tool: zero knowledge

  28. Our Privacy-Preserving Approach ● Auditor proves to vendor that an SCT is missing from log ● Auditor does not reveal domain name, vendor only learns that log is misbehaving Then: ● Vendor can investigate log ● Vendor can blindly revoke missing certificate (by pushing a revocation value to all browsers) Main tool: zero knowledge Assumption: timestamps in order

  29. Performance Numbers Online Costs Offline Costs (storage) Proof Size: 333 kB Growth of log entry: 480 bytes Time to generate: 5.0 seconds Growth of SCT: 160 bytes Time to verify: 2.3 seconds Revocation notice size: 32 bytes

  30. Summary ● CT is an exciting new feature of our web infrastructure ● Transparency raises new privacy concerns ● Work on privacy-preserving solutions to two issues: ○ Compatibility between CT and need for private domain names ○ Reporting CT log misbehavior without revealing private information

Recommend

Certificate Transparency with Privacy Saba Eskandarian, Eran Messeri, Joe Bonneau, Dan Boneh

Certificate Transparency with Privacy Saba Eskandarian, Eran Messeri, Joe Bonneau, Dan Boneh

Certificate Transparency with Privacy Saba Eskandarian, Eran Messeri, Joe Bonneau, Dan Boneh Stanford Google NYU Stanford Certificate Authorities Public Key Certificate Authorities Public Key Certificate CA Certificate apo-CA-lypse

1.17k views • 63 slides
Performant Certificate Transparency Monitoring Intermediate talk for the IDP by Otto Breitwieser

Performant Certificate Transparency Monitoring Intermediate talk for the IDP by Otto Breitwieser

Chair of Network Architectures and Services Department of Informatics Technical University of Munich Performant Certificate Transparency Monitoring Intermediate talk for the IDP by Otto Breitwieser advised by Max Helm, Patrick Sattler Monday 8

602 views • 11 slides
Revocaton protocols of WebPKI and Revocaton Transparency Nikita Korzhitskii Niklas Carlsson

Revocaton protocols of WebPKI and Revocaton Transparency Nikita Korzhitskii Niklas Carlsson

Revocaton protocols of WebPKI and Revocaton Transparency Nikita Korzhitskii Niklas Carlsson Lifecycle of a typical WebPKI certfcate www.liu.se Certificate Certificate Authority Server 1. Issuance www.liu.se Hello 2. Use Certificate

377 views • 10 slides
In Log We Trust: Revealing Poor Security Practices with Certificate Transparency Logs and Internet

In Log We Trust: Revealing Poor Security Practices with Certificate Transparency Logs and Internet

Chair of Network Architectures and Services Department of Informatics Technical University of Munich In Log We Trust: Revealing Poor Security Practices with Certificate Transparency Logs and Internet Measurements Oliver Gasser, Benjamin Hof, Max

531 views • 39 slides
Cloud Computing - Starting Points for Privacy and Transparency Ina Schiering Ostfalia

Cloud Computing - Starting Points for Privacy and Transparency Ina Schiering Ostfalia

Cloud Computing - Starting Points for Privacy and Transparency Ina Schiering Ostfalia University of Applied Science Wolfenbttel, Germany IFIP Summerschool: Privacy and Identity Management for Life, Helsingborg, August 2nd, 2010 Cloud

775 views • 43 slides
Tips and Tricks to enhancing transparency in personal information management Victorian Privacy

Tips and Tricks to enhancing transparency in personal information management Victorian Privacy

Tips and Tricks to enhancing transparency in personal information management Victorian Privacy Network Meeting 10 April 2019 Presentation by Melanie Casley www.salingerprivacy.com.au The cause of so much confusion Back to Basics Privacy

388 views • 19 slides
Does Certificate Transparency Break the Web? Measuring Adoption and Error Rate Emily Stark , Ryan

Does Certificate Transparency Break the Web? Measuring Adoption and Error Rate Emily Stark , Ryan

Does Certificate Transparency Break the Web? Measuring Adoption and Error Rate Emily Stark , Ryan Sleevi, Rijad Muminovic, Devon OBrien, Eran Messeri, Adrienne Porter Felt, Brendan McMillion, Parisa Tabriz estark@chromium.org How

484 views • 31 slides
Who we are: Tom Walker // @thomwithoutanh Privacy The right to privacy : individuals should be

Who we are: Tom Walker // @thomwithoutanh Privacy The right to privacy : individuals should be

Beneficial ownership transparency, Title Page privacy and data protection 23 October Presented by Tom Walker tom@theengineroom.org @thomwithoutanh Who we are: Tom Walker // @thomwithoutanh Privacy The right to privacy : individuals should be

702 views • 13 slides
Swiss E-Voting Workshop September 6, 2010 TRANSPARENCY SECURITY 2 VERIFIABILITY PRIVACY 3

Swiss E-Voting Workshop September 6, 2010 TRANSPARENCY SECURITY 2 VERIFIABILITY PRIVACY 3

Michael Clarkson Cornell University with Stephen Chong (Harvard) and Andrew Myers (Cornell) Swiss E-Voting Workshop September 6, 2010 TRANSPARENCY SECURITY 2 VERIFIABILITY PRIVACY 3 VERIFIABILITY PRIVACY Remote 4 KEY PRINCIPLE:

722 views • 44 slides
Push Away Your Privacy: Precise User Tracking Based on TLS Client Certificate Authentication

Push Away Your Privacy: Precise User Tracking Based on TLS Client Certificate Authentication

Chair of Network Architectures and Services TUM Department of Informatics Technical University of Munich (TUM) Push Away Your Privacy: Precise User Tracking Based on TLS Client Certificate Authentication Matthias Wachs, Quirin Scheitle, and

462 views • 14 slides
Transparency and disclosure risk in data privacy c Torra 1 Vicen March, 2015 1 School of

Transparency and disclosure risk in data privacy c Torra 1 Vicen March, 2015 1 School of

PAIS 2015 Transparency and disclosure risk in data privacy c Torra 1 Vicen March, 2015 1 School of Informatics, University of Sk ovde, Sweden Outline Outline Outline Quantitative measures of risk: record linkage Transparency principle:

1.35k views • 91 slides
Certificate Transparency Logs in Practice Josef Gustafsson, Linkping University Gustaf Overier,

Certificate Transparency Logs in Practice Josef Gustafsson, Linkping University Gustaf Overier,

A First Look at the CT Landscape: Certificate Transparency Logs in Practice Josef Gustafsson, Linkping University Gustaf Overier, Linkping University Martin Arlitt, University of Calgary, Canada Niklas Carlsson, Linkping University Proc. PAM

1.13k views • 82 slides
Server-side Adoption of Certificate Transparency Carl Nykvist, Linkping University Linus

Server-side Adoption of Certificate Transparency Carl Nykvist, Linkping University Linus

Server-side Adoption of Certificate Transparency Carl Nykvist, Linkping University Linus Sjstrm, Linkping University Josef Gustafsson, Linkping University Niklas Carlsson, Linkping University Proc. PAM , Berlin, Germany, Mar. 2018

1.11k views • 72 slides
Crime and Punishment in the Cloud Accountability, Transparency, and Privacy Stefan Berthold ,

Crime and Punishment in the Cloud Accountability, Transparency, and Privacy Stefan Berthold ,

Crime and Punishment in the Cloud Accountability, Transparency, and Privacy Stefan Berthold , Simone Fischer-Hbner, Leonardo A. Martucci, and T obias Pulls Karlstad University Department of Mathematics and Computer Science 651 88 Karlstad,

250 views • 20 slides
New Adventures in PKI May 30, 2014 Jeremy Rowley DigiCert, Inc. Overview Deprecation of

New Adventures in PKI May 30, 2014 Jeremy Rowley DigiCert, Inc. Overview Deprecation of

Direct Exchange 101 New Adventures in PKI May 30, 2014 Jeremy Rowley DigiCert, Inc. Overview Deprecation of SHA-1 Certificate Transparency (CT) Certificate Lifecycles Internal Name Deprecation Certificate Authority

280 views • 13 slides
Increasing Transparency in Asia Page 1 Increasing Transparency in Asia Common Reporting

Increasing Transparency in Asia Page 1 Increasing Transparency in Asia Common Reporting

Increasing Transparency in Asia Page 1 Increasing Transparency in Asia Common Reporting Standard (CRS) Experience of each Asian Countries Taxpayer rights and privacy Page 2 Page 2 Panelists Hong Kong Simon Wang (Partner, EY Hong

684 views • 35 slides
Fintech Certificate Fintech Certificate Fintech Certificate 2 Investment Case The AtonR

Fintech Certificate Fintech Certificate Fintech Certificate 2 Investment Case The AtonR

Fintech Certificate Fintech Certificate Fintech Certificate 2 Investment Case The AtonR Fintech Index is a long-only, USD-based, actively managed total return index. The pace of innovation in financial technology (Fintech) has been

616 views • 26 slides
Obstacles to Transparency in Privacy Engineering Kiel Brennan-Marquez Daniel Susser NYU Law

Obstacles to Transparency in Privacy Engineering Kiel Brennan-Marquez Daniel Susser NYU Law

Obstacles to Transparency in Privacy Engineering Kiel Brennan-Marquez Daniel Susser NYU Law School NYU Law School Yale Law School San Jose State University krb411@nyu.edu daniel.susser@nyu.edu Obstacles technical and design legal,

108 views • 8 slides
1. Why transparency? Results 1 - 100 of about 2,430,000 for transparency democracy No

1. Why transparency? Results 1 - 100 of about 2,430,000 for transparency democracy No

Politics and Information: Discussion Notes 1. Why transparency? Results 1 - 100 of about 2,430,000 for transparency democracy No democratic society worthy of the name can govern itself without transparency and information. Onthecommons.org

461 views • 5 slides
California Consumer Protection Act (CCPA) Jacki Monson, JD Subcommittee on Privacy,

California Consumer Protection Act (CCPA) Jacki Monson, JD Subcommittee on Privacy,

California Consumer Protection Act (CCPA) Jacki Monson, JD Subcommittee on Privacy, Confidentiality and Security September 14, 2018 Background Dubbed the GDPR of CA Desire to give consumers more privacy rights and transparency

160 views • 5 slides
Transparency initiatives and the TGA Dr Peter Papathanasiou Transparency & Advisory

Transparency initiatives and the TGA Dr Peter Papathanasiou Transparency & Advisory

Transparency initiatives and the TGA Dr Peter Papathanasiou Transparency & Advisory Management Section Prescription Medicines Authorisation Branch Market Authorisation Division, TGA ARCS Scientific Congress Canberra 2016 Two transparency

652 views • 36 slides
NEO PA/VA system EN 54 -16 Certificate No. 2426-CPR-105 PA/VA System EN 54 -16 Certificate No.

NEO PA/VA system EN 54 -16 Certificate No. 2426-CPR-105 PA/VA System EN 54 -16 Certificate No.

NEO PA/VA system EN 54 -16 Certificate No. 2426-CPR-105 PA/VA System EN 54 -16 Certificate No. 2426-CPR-105 NEO is an innovative Public Address and Voice Alarm system that allows an easy audio installation with just one piece of equipment.

326 views • 7 slides
$ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that

$ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that

Presentation Slides $ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that involves the rights of individuals in relation to information about them that is circulating in society. why privacy is an

318 views • 13 slides
Certificate Authorities and SSL/TLS/HTTPS Fall 2016 Ada (Adam) Lerner lerner@cs.washington.edu

Certificate Authorities and SSL/TLS/HTTPS Fall 2016 Ada (Adam) Lerner lerner@cs.washington.edu

CSE 484 / CSE M 584: Computer Security and Privacy Certificate Authorities and SSL/TLS/HTTPS Fall 2016 Ada (Adam) Lerner lerner@cs.washington.edu Thanks to Franzi Roesner, Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, John

622 views • 44 slides

More recommend