Enhanced Certificate Transparency and End-to-end Encrypted Mail

21st Annual Network and Distributed System Security Symposium, NDSS 2014

Volumn , Issue , 2014, Pages

  Ryan, Mark D ^a,b  

^a UNIVERSITY OF BIRMINGHAM   (United Kingdom)

^b CloudTomo Ltd   (United Kingdom)

Author keywords

[No Author keywords available]

Indexed keywords

CRYPTOGRAPHY; DISTRIBUTED COMPUTER SYSTEMS; PEER TO PEER NETWORKS;

ATTACKER MODELS; CERTIFICATE AUTHORITY; CERTIFICATE REVOCATION; CLOUD-COMPUTING; E-MAIL SYSTEMS; END TO END; MESSAGING SYSTEM; PEER TO PEER; PUBLIC KEYS;

TRANSPARENCY;

EID: 84910599476     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.14722/ndss/2014.23379     Document Type: Conference Paper

References (52)

1. A. K. Lenstra, J. P. Hughes, M. Augier, J. W. Bos, T. Kleinjung, and C. Wachter, “Public keys,” in CRYPTO’12, 2012, pp. 626–642.
2. N. J. AlFardan and K. G. Paterson, “Lucky thirteen: Breaking the TLS and DTLS record protocols,” IEEE Symposium on Security and Privacy, 2013.
3. N. J. AlFardan, D. J. Bernstein, K. G. Paterson, B. Poettering, and J. C. Schuldt, “On the security of RC4 in TLS and WPA,” 2013.
4. P. Eckersley, “Iranian hackers obtain fraudulent HTTPS certificates: How close to a web security meltdown did we get?” Electronic Frontier Foundation, 2011. [Online]. Available: https://www.eff.org/deeplinks/2011/03/iranian-hackers-obtain-fraudulent-https
5. J. Leyden, “Trustwave admits crafting SSL snooping certificate: Allowing bosses to spy on staff was wrong, says security biz,” The Register, 2012. [Online]. Available: www.theregister.co.uk/2012/02/09/ tustwave_disavows_mitm_digital_cert
6. “MS01-017: Erroneous verisign-issued digital certificates pose spoofing hazard,” Microsoft support. [Online]. Available: http://support.microsoft.com/kb/293818
7. P. Roberts, “Phony SSL certificates issued for Google, Yahoo, Skype, others,” Threat Post, March 2011, threatpost.com/phony-ssl-certificates-issued-googleyahoo-skype-others-032311.
8. T. Sterling, “Second firm warns of concern after dutch hack,” Yahoo! News, September 2011. [Online]. Available: http://news.yahoo.com/second-firm-warns-concern-dutch-hack-215940770.html
9. N. Falliere, L. O. Murchu, and E. Chien, “W32.stuxnet dossier. technical report, symantec corporation,” 2011.
10. J. Appelbaum, “Detecting certificate authority compromises and web browser collusion,” Tor Blog, 2011.
11. “Black tulip report of the investigation into the diginotar certificate authority breach,” Fox-IT (Tech. Report), 2012.
12. C. Arthur, “Rogue web certificate could have been used to attack iran dissidents,” The Guardian, 2011.
13. J. Clark and P. C. van Oorschot, “SSL and HTTPS:revisiting past challenges and evaluating certificate trust model enhancements,” in IEEE Symposium on Security and Privacy, 2013.
14. A. Langley, “Public-key pinning,” ImperialViolet (blog), 2011.
15. M. Marlinspike and T. Perrin, “Trust assertions for certificate keys (TACK),” Internet draft, 2012.
16. D. Wendlandt, D. G. Andersen, and A. Perrig, “Perspectives: improving SSH-style host authentication with multi-path probing,” in USENIX Annual Technical Conference, 2008, pp. 321–334.
17. P. Eckersley and J. Burns, “Is the SSLiverse a safe place?” Chaos Communication Congress, 2010.
18. M. Alicherry and A. D. Keromytis, “Doublecheck: Multipath verification against man-in-the-middle attacks,” in ISCC, 2009, pp. 557–563.
19. B. Amann, M. Vallentin, S. Hall, and R. Sommer, “Revisiting SSL: A large-scale study of the internet’s most trusted protocol,” Technical report, ICSI, 2012.
20. B. Laurie, E. Kasper, and A. Langley, “Certificate transparency,” Internet Draft 09, March 2013.
21. R. L. Rivest, “Can we eliminate certificate revocation lists?” in Financial Cryptography. Springer, 1998, pp. 178–183.
22. A. Langley, “Revocation checking and Chrome’s CRL,” ImperialViolet (blog), 2012.
23. B. Laurie and E. Kasper, “Revocation transparency,” Google Research, September 2012. [Online]. Available: www.links.org/files/RevocationTransparency.pdf
24. A. Whitten and J. D. Tygar, “Why johnny cant encrypt: A usability evaluation of pgp 5.0,” in Proceedings of the 8th USENIX Security Symposium, vol. 99. McGraw-Hill, 1999.
25. Certificate transparency. [Online]. Available: www.certificate-transparency.org
26. B. Laurie, A. Langley, and E. Kasper, “Certificate Transparency,” RFC 6962 (Experimental), Internet Engineering Task Force, 2013.
27. T. Dierks and E. Rescorla, “The transport layer security (TLS) protocol version 1.2,” RFC 5246 (Proposed Standard), Internet Engineering Task Force, Aug. 2008, updated by RFCs 5746, 5878, 6176. [Online]. Available: http://www.ietf.org/rfc/rfc5246.txt
28. S. Turner and T. Polk, “Prohibiting secure sockets layer (SSL) version 2.0,” RFC 6176 (Proposed Standard), Internet Engineering Task Force, Mar. 2011. [Online]. Available: http://www.ietf.org/rfc/rfc6176.txt
29. D. Cooper, S. Santesson, S. Farrell, S. Boeyen, R. Housley, and W. Polk, “Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile,” RFC 5280 (Proposed Standard), Internet Engineering Task Force, May 2008, updated by RFC 6818. [Online]. Available: http://www.ietf.org/rfc/rfc5280.txt
30. M. Jelasity, S. Voulgaris, R. Guerraoui, A.-M. Kermarrec, and M. Van Steen, “Gossip-based peer sampling,” ACM Transactions on Computer Systems (TOCS), vol. 25, no. 3, p. 8, 2007.
31. “The EFF SSL Observatory,” www.eff.org/observatory.
32. “Certificate patrol,” http://patrol.psyced.org.
33. D. Wendlandt, D. G. Andersen, and A. Perrig, “Perspectives: improving SSH-style host authentication with multi-path probing,” in USENIX Annual Technical Conference, 2008, pp. 321–334.
34. M. Alicherry and A. D. Keromytis, “Doublecheck: Multipath verification against man-in-the-middle attacks,” in ISCC, 2009, pp. 557–563.
35. C. Soghoian and S. Stamm, “Certified lies: Detecting and defeating government interception attacks against SSL,” in Financial Cryptography, 2011, pp. 250–259.
36. M. Marlinspike, “SSL and the future of authenticity,” in Black Hat, USA, 2011.
37. M. Marlinspike and T. Perrin, “Internet-draft: Trust assertions for certificate keys (TACK),” 2012.
38. P. Hoffman and J. Schlyter, “The DNS-Based Authentication of Named Entities (DANE) Transport Layer Security (TLS) Protocol: TLSA,” RFC 6698 (Proposed Standard), Internet Engineering Task Force, Aug. 2012. [Online]. Available: http://www.ietf.org/rfc/rfc6698.txt
39. J. Kasten, E. Wustrow, and J. A. Halderman, “CAge: Taming certificate authorities by inferring restricted scopes,” in Financial Cryptography, 2013.
40. P. Eckersley, “Internet-draft: Sovereign key cryptography for internet domains,” 2012.
41. T. H.-J. Kim, L.-S. Huang, A. Perrig, C. Jackson, and V. Gligor, “Accountable key infrastructure (AKI): A proposal for a public-key validation infrastructure,” in 22nd International World Wide Web Conference, 2013.
42. A. Shamir, “Identity-based cryptosystems and signature schemes,” in CRYPTO, 1984, pp. 47–53.
43. D. Boneh and M. K. Franklin, “Identity-based encryption from the weil pairing,” in CRYPTO, 2001, pp. 213–229.
44. S. S. Al-Riyami and K. G. Paterson, “Certificateless public key cryptography,” in ASIACRYPT, 2003, pp. 452–473.
45. S. Ruoti, N. Kim, B. Burgon, T. W. van der Horst, and K. E. Seamons, “Confused Johnny: when automatic encryption leads to confusion and mistakes,” in SOUPS, L. Bauer, K. Beznosov, and L. F. Cranor, Eds. ACM, 2013, p. 5.
46. “Wuala, an encrypted cloud-based store in which users’ encryption keys are not disclosed to the cloud provider.” [Online]. Available: http://www.wuala.com
47. M. Arapinis, S. Bursuc, and M. Ryan, “Privacy supporting cloud computing: Confichair, a case study,” in Principles of Security and Trust. Springer, 2012, pp. 89–108.
48. D. P. Jablon, “Extended password key exchange protocols immune to dictionary attack,” in Proceedings Sixth IEEE Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises, 1997, pp. 248–255.
49. Y. Aumann and Y. Lindell, “Security against covert adversaries: Efficient protocols for realistic adversaries,” in Theory of Cryptography. Springer, 2007, pp. 137–156.
50. S. Kremer, M. Ryan, and B. Smyth, “Election verifiability in electronic voting protocols,” in ESORICS, 2010, pp. 389–404.
51. S. Bursuc, G. S. Grewal, and M. D. Ryan, “Trivitas: Voters directly verifying votes,” in VOTE-ID, 2011, pp. 190–207.
52. G. S. Grewal, M. D. Ryan, S. Bursuc, and P. Y. A. Ryan, “Caveat coercitor: Coercion-evidence in electronic voting,” in IEEE Symposium on Security and Privacy, 2013, pp. 367–381.