Accountable key infrastructure (AKI): A proposal for a public-key validation infrastructure

WWW 2013 - Proceedings of the 22nd International Conference on World Wide Web

Volumn , Issue , 2013, Pages 679-689

  Kim, Tiffany Hyun Jin ^a   Huang, Lin Shung ^a   Perrig, Adrian ^a   Jackson, Collin ^a   Gligor, Virgil ^a  

^a CARNEGIE MELLON UNIVERSITY   (United States)

Author keywords

Accountability; Certificate validation; Public log servers; Public key infrastructure; SSL; TLS

Indexed keywords

ACCOUNTABILITY; CERTIFICATE VALIDATIONS; LOG SERVER; PUBLIC KEY INFRASTRUCTURE; SSL; TLS;

TELECOMMUNICATION SYSTEMS;

WORLD WIDE WEB;

EID: 84888083218     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (34)

1. Convergence. http://convergence.io/.
2. Perspectives Project. http://perspectives-project.org/.
3. The Monkeysphere Project. http://web.monkeysphere.info/, 2010.
4. Certificate Patrol. https://addons.mozilla.org/en-US/firefox/addon/ certificate-patrol/, 2011.
5. Public Key Pinning. http://www.imperialviolet.org/2011/05/04/pinning. html, May 2011.
6. Public Key Pinning Extension for HTTP. http://tools.ietf.org/html/draft- ietf-websec-key-pinning-01,Dec. 2011.
7. D. Cooper, S. Santesson, S. Farrell, S. Boeyen, R. Housley, and W. Polk. Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. Technical report, RFC 5280 (Proposed Standard) Internet Engineering Task Force, 2008.
8. M. M. Correia and M. Tok. DNS-based Authentication of Named Entities (DANE). Technical report, Universidade do Porto, 2011-2012.
9. P. Eckersley. Sovereign Key Cryptography for Internet Domains. https://git.eff.org/?p=sovereign-keys.git;a=blob;f=sovereign-key-design.txt;hb= HEAD.
10. P. Eckersley. A Syrian Man-In-The-Middle Attack against Facebook. https://www.eff.org/deeplinks/2011/05/syrianman-middle-against-facebook, May 2011.
11. P. Eckersley. Iranian hackers obtain fraudulent HTTPS certificates: How close to a Web security meltdown did we get? https://www.eff.org/deeplinks/2011/ 03/iranianhackers-obtain-fraudulent-https, Mar. 2011.
12. S. Egelman, L. F. Cranor, and J. Hong. You've Been Warned: An Empirical Study of the Effectiveness of Web Browser Phishing Warnings. In Proceedings of the SIGCHI conference on Human factors in computing systems (CHI), 2008.
13. Electronic Frontier Foundation. SSL Observatory. https://www.eff.org/ observatory.
14. N. Falliere, L. O. Murchu, and E. Chien. W32.Stuxnet Dossier. Technical report, Symantec Corporation, 2011.
15. S. Haber and W. S. Stornetta. How to time-stamp a digital document. In Advances in Cryptology, CRYPTO, 1990.
16. J. Hodges, C. Jackson, and A. Barth. HTTP Strict Transport Security (HSTS). RFC 6797 (Proposed Standard), Nov. 2012.
17. T. H.-J. Kim, V. Gligor, and A. Perrig. GeoPKI: Converting Spatial Trust into Certificate Trust. In Proceedings of the 9th European PKI Workshop (EuroPKI), Sep 2012.
18. T. H.-J. Kim, L.-S. Huang, A. Perrig, C. Jackson, and V. Gligor. Transparent Key Integrity (TKI): A Proposal for a Public-Key Validation Infrastructure. Technical Report CMU-CyLab-12-016, Carnegie Mellon University, July 2012.
19. B. Laurie and E. Kasper. Revocation Transparency. http://sump2.links.org/ files/RevocationTransparency.pdf.
20. B. Laurie and A. Langley. Certificate Authority Transparency and Auditability. http://www.links.org/files/ CertificateAuthorityTransparencyandAuditability.pdf, 2011.
21. B. Laurie, A. Langley, and E. Kasper. Certificate Transparency certificate-transparency-draft. http://www.links.org/files/sunlight.html, Mar. 2012.
22. B. Laurie, A. Langley, and E. Kasper. Certificate Transparency. http://tools.ietf.org/html/draftlaurie-pki-sunlight-07, Jan. 2013.
23. M. Marlinspike. More Tricks For Defeating SSL In Practice. In Blackhat, 2009.
24. M. Marlinspike. SSL And The Future Of Authenticity. http://blog. thoughtcrime.org/ssl-and-thefuture-of-authenticity, Apr 2011.
25. M. Marlinspike and T. Perrin. Trust Assertions for Certificiate Keys. http://tack.io/draft.html, May 2012.
26. M. Myers, R. Ankney, A. Malpani, S. Galperin, and C. Adams. X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP. Technical report, RFC 2560 (Proposed Standard) Internet Engineering Task Force, 1999.
27. P. Roberts. Phony SSL Certificates issued for Google, Yahoo, Skype, Others. http://threatpost.com/en-us/blogs/phony-webcertificates-issued-google- yahoo-\skypeothers-032311, Mar. 2011.
28. C. Soghoian and S. Stamm. Certified Lies: Detecting and Defeating Government Interception Attacks against SSL. http://files.cloudprivacy.net/ssl- mitm.pdf, 2010.
29. E. Stark, L.-S. Huang, D. Israni, C. Jackson, and D. Boneh. The case for prefetching and prevalidating TLS server certificates. In Proceedings of the 19th Network and Distributed System Security Symposium, 2012.
30. T. Sterling. Second firm warns of concern after Dutch hack. http://news.yahoo.com/second-firm-warnsconcern-dutch-hack-215940770.html, 2011.
31. J. Sunshine, S. Egelman, H. Almuhimedi, N. Atri, and L. F. Cranor. Crying Wolf: An Empirical Study of SSL Warning Effectiveness. In Proceedings of the USENIX Security Symposium, 2009.
32. E. Topalovic, B. Saeta, L.-S. Huang, C. Jackson, and D. Boneh. Towards Short-Lived Certificates. In Web 2.0 Security and Privacy, May 2012.
33. D. Wendlandt, D. G. Andersen, and A. Perrig. Perspectives: Improving SSH-style Host Authentication with Multi-Path Probing. In Proceedings of USENIX Annual Technical Conference, June 2008.
34. X. Zhang, H.-C. Hsiao, G. Hasker, H. Chan, A. Perrig, and D. Andersen. SCION: Scalability, control, and isolation on next-generation networks. In Proceedings of IEEE Symposium on Security and Privacy, May 2011.