revocaton protocols of webpki and revocaton transparency
play

Revocaton protocols of WebPKI and Revocaton Transparency Nikita - PowerPoint PPT Presentation

Revocaton protocols of WebPKI and Revocaton Transparency Nikita Korzhitskii Niklas Carlsson Lifecycle of a typical WebPKI certfcate www.liu.se Certificate Certificate Authority Server 1. Issuance www.liu.se Hello 2. Use Certificate


  1. Revocaton protocols of WebPKI and Revocaton Transparency Nikita Korzhitskii Niklas Carlsson

  2. Lifecycle of a typical WebPKI certfcate www.liu.se Certificate Certificate Authority Server 1. Issuance www.liu.se Hello 2. Use Certificate Client Server Key exchange, communication ... 3. Expiration Certificate Certificate Name : www.liu.se From : January 1 To : February 30 www.liu.se Hello Certificate ⏰ April, 1 st Client Server You shall not pass!

  3. Revoking a certfcate 1. Revocation – is a process of invalidating a certificate prior its expiration. Certificate Certificate Name : www.liu.se From : January 1 To : February 30 Revocation status found at : R Let the private key of the certificate be compromised, and the certificate owner asks the CA to revoke the certificate. Then: Revocation + Revocation reason Certificate Certificate Authority status endpoint, R* *OCSP and/or CRL 2. Status delivery ⏰ February, 1 st Hello Certificate Is Certificate OK? Server Client Revocation Revoked status endpoint, R* You shall not pass!

  4. Certfcate Revocaton List (RFC 5280)* http://ca.liu.se/revoked.crl serial# [issuer] [date] [reasonCode] 52 liu.se Feb, 4 1 liu.se Feb, 9 5 412 ... CRL date, next update, signature *CRLs are being phased out.

  5. Online Certfcate Status Protocol (RFC 6960) http://ocsp.liu.se/ Serial#, H(issuerDN), H(issuerKey) OCSP responder Client Status, [Revocation Date], [Next update], [Signature] OCSP ”stapling” (RFC 6066, 6961) Hello Is Certificate OK? Good, OCSP responder Server Client Signed status , Signed status Certificate ...

  6. CA CA Web server Web server CRL OCSP 1 2 1 2 Client Client (a) CRL (b) OCSP CA Web server CA Web server 1 1 OCSP OCSP OCSP 2 3 2 OCSP OCSP Client Client (c) OCSP Stapling (d) OCSP Must-Staple Steps in the process of checking revocation status with different protocols: (a) with CRLs, the client fetches the (potentially large) CRL after obtaining the certificate in the TLS handshake; (b) with OCSP, the client asks for the revocation status of only the particular certificate; (c) with OCSP Stapling, the server is supposed to prefetch the OCSP response and provide it in the handshake, and if it does not, the client can fetch the OCSP response as in (b); and (d) with OCSP Must-Staple, the server must provide an OCSP response in the handshake or the client will reject the certificate. Chung et al., Is the Web Ready for OCSP Must-Staple? IMC '18

  7. Revocaton does not work ● Liu et al., An End-to-End Measurement of Certfiate Revoiaton in the Web’s PKI , IMC 2015 – obtaining certfcate status is expensive – most browsers don’t check certfcate status – custom revocaton set (CRLSet by Google) only covers 0.35% of all revocatons ● Chung et al., Is the Web Ready for OCSP Must-Staple? IMC 2018 – not yet ● Mass revocatons happen, and their exact scale is unclear – Zhang et al., Analysis of SSL Certfiate Reissues and Revoiatons in the Wake of Heartbleed , IMC 2014 – htps://arstechnica.com/informaton-technology/2019/03/godaddy-apple-and-google-goof-results-in-1-million-misissued- certfcates/ Other issues with current revocaton status protocols: ● Performance (OCSP, CRL) ● Availability (OCSP, CRL) ● Replay atacks (OCSP, CRL) ● Privacy (OCSP) ● Sof-fails (Browsers ignore failed status requests) ● Transparency

  8. Revocaton does not work – Fixes Possible fxes: ● Must-staple ● Custom revocaton sets (CRLSet, OneCRL, ...) ● Short validity periods ● A totally new WebPKI … – Yu et al., DTKI: a new Formalized PKI with Verifable Trusted Partes , 2016 – Kubilay et al., CertLedger: A new PKI model with Certfcate Transparency based on blockchain , 2019 ● Revocaton Transparency

  9. Revocaton Transparency • Broadly, a mechanism for logging (and optonally, delivery) of revocatons. • Could be used to create up-to-date revocaton sets, detect revocaton- related misbehavior by CAs, immutably preserve revocaton history. • Several schemes, standalone or as a part of a new PKI: – Laurie & Kasper, Revocaton Transparency , Google, 2012 – CertLedger (Kubilay et al., 2019), AKI (Hyun-Jin Kim et al., 2013), DTKI (Yu et al., 2016), CertChain (Chen et al., 2018) ● Our research goal: ● Motvate the need for Revocaton Transparency through (an ongoing) measurement ● Develop a feasible and low-deployment-cost Revocaton Transparency scheme on top of existng Certfcate Transparency ● Compare with other proposals

  10. Thank you! www.liu.se

Recommend


More recommend