Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Bücher
Zeitschriften
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
MTZ-Fachkongress

Antriebe und Energiesysteme von morgen


Austausch von Automobil- und Energiewirtschaft

Am 14./15. Mai geht es in Chemnitz um die Mobilitätswende durch Elektro- und Wasserstofffahrzeuge.
Erweiterte Suche
Anmelden
nach oben
Erschienen in:
Privacy-Preserving Distributed Economic Dispatch Protocol for Smart Grid Kapitel lesen Erstes Kapitel lesen

2018 | OriginalPaper | Buchkapitel

Verifiable Light-Weight Monitoring for Certificate Transparency Logs

verfasst von : Rasmus Dahlberg, Tobias Pulls

Erschienen in: Secure IT Systems

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

Trust in publicly verifiable Certificate Transparency (CT) logs is reduced through cryptography, gossip, auditing, and monitoring. The role of a monitor is to observe each and every log entry, looking for suspicious certificates that interest the entity running the monitor. While anyone can run a monitor, it requires continuous operation and copies of the logs to be inspected. This has lead to the emergence of monitoring as-a-service: a trusted third-party runs the monitor and provides registered subjects with selective certificate notifications. We present a CT/bis extension for verifiable light-weight monitoring that enables subjects to verify the correctness of such certificate notifications, making it easier to distribute and reduce the trust which is otherwise placed in these monitors. Our extension supports verifiable monitoring of wild-card domains and piggybacks on CT’s existing gossip-audit security model.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Jetzt informieren
Vorheriges Kapitel The Fiat-Shamir Zoo: Relating the Security of Different Signature Variants
Nächstes Kapitel CLort: High Throughput and Low Energy Network Intrusion Detection on IoT Devices with Embedded GPUs
Fußnoten
4
Efficient iff less than a linear number of log entries are received per log update.
 
5
Two audit paths may contain redundancy, but we ignored this favouring simplicity.
 
6
It would be better if logs supported verifiable and historical get-STH queries.
 
7
Instead of an index to detect missing notifications (STHs), a log could announce STHs as part of a verifiable get-STH endpoint. See the sketch of Nordberg: https://​web.​archive.​org/​web/​20170806160119/​https://​mailarchive.​ietf.​org/​arch/​msg/​trans/​JbFiwO90PjcYzXrE​gh-Y7bFG5Fw, accessed 2018-09-16.
 
8
Suppose that witness cosigning is used [19]. Then we rely on at least one witness to verify our extension. Or, suppose that STH pollination is used [16]. Then we rely on the most recent window of STHs to reach a monitor that verifies our extension.
 
9
Open source implementation available at https://​github.​com/​rgdd/​lwm.
 
Literatur
1.
Chuat, L., Szalachowski, P., Perrig, A., Laurie, B., Messeri, E.: Efficient gossip protocols for verifying the consistency of certificate logs. In: IEEE Conference on Communications and Network Security (CNS), pp. 415–423, September 2015
2.
Crosby, S.A., Wallach, D.S.: Efficient data structures for tamper-evident logging. In: 18th USENIX Security Symposium, pp. 317–334, August 2009
3.
Crosby, S.A., Wallach, D.S.: Authenticated dictionaries: Real-world costs and trade-offs. ACM Trans. Inf. Syst. Secur. (TISSEC) 14(2), 17:1–17:30 (2011)CrossRef
4.
Dahlberg, R., Pulls, T., Vestin, J., Høiland-Jørgensen, T., Kassler, A.: Aggregation-based gossip for certificate transparency. CoRR abs/1806.08817, August 2018
5.
Derler, D., Hanser, C., Slamanig, D.: Revisiting cryptographic accumulators, additional properties and relations to other primitives. In: Topics in Cryptology-Proceedings of the Cryptographer’s Track at the RSA Conference (CT-RSA), pp. 127–144, April 2015
6.
Durumeric, Z., Kasten, J., Bailey, M., Halderman, J.A.: Analysis of the HTTPS certificate ecosystem. In: Proceedings of the 2013 Internet Measurement Conference, pp. 291–304, October 2013
7.
8.
9.
Katz, J.: Analysis of a proposed hash-based signature standard. In: Third International Conference on Security Standardisation Research (SSR), pp. 261–273, December 2016CrossRef
10.
Kim, T.H., Huang, L., Perrig, A., Jackson, C., Gligor, V.D.: Accountable key infrastructure (AKI): a proposal for a public-key validation infrastructure. In: 22nd International World Wide Web Conference (WWW), pp. 679–690, May 2013
11.
Kocher, P.C.: On certificate revocation and validation. In: Proceedings of the Second International Conference on Financial Cryptography (FC), pp. 172–177, February 1998
12.
13.
14.
Melara, M.S., Blankstein, A., Bonneau, J., Felten, E.W., Freedman, M.J.: CONIKS: Bringing key transparency to end users. In: 24th USENIX Security Symposium, pp. 383–398, August 2015
15.
Merkle, R.C.: A digital signature based on a conventional encryption function. In: Advances in Cryptology (CRYPTO), pp. 369–378, August 1987CrossRef
16.
17.
Nuckolls, G.: Verified query results from hybrid authentication trees. In: Proceedings of the 19th Annual IFIP WG 11.3 Working Conference on Data and Applications Security, pp. 84–98, August 2005CrossRef
18.
19.
Syta, E., et al.: Keeping authorities “honest or bust” with decentralized witness cosigning. In: IEEE Symposium on Security and Privacy (SP), pp. 526–545, May 2016
20.
Tamassia, R.: Authenticated data structures. In: 11th Annual European Symposium (ESA) on Algorithms, pp. 2–5, September 2003CrossRef
Metadaten
Titel
Verifiable Light-Weight Monitoring for Certificate Transparency Logs
verfasst von
Rasmus Dahlberg
Tobias Pulls
Copyright-Jahr
2018
Buch
Secure IT Systems

Print ISBN: 978-3-030-03637-9

Electronic ISBN: 978-3-030-03638-6

Copyright-Jahr: 2018

DOI
https://doi.org/10.1007/978-3-030-03638-6_11

Premium Partner

    Bildnachweise