Related papers: SoK: SCT Auditing in Certificate Transparency
Certificate transparency (CT) is an elegant mechanism designed to detect when a certificate authority (CA) has issued a certificate incorrectly. Many CAs now support CT and it is being actively deployed in browsers. However, a number of…
Despite increasing advancements in today's information exchange infrastructure, the preservation of user data and privacy still remains a problem. Both insecure baselines and secure solutions leak user data. For example, Certificate…
Internet security and privacy stand on the trustworthiness of public certificates signed by Certificate Authorities (CAs). However, software products do not trust the same CAs and therefore maintain different root stores, each typically…
In this paper, we analyze the evolution of Certificate Transparency (CT) over time and explore the implications of exposing certificate DNS names from the perspective of security and privacy. We find that certificates in CT logs have seen…
The modern Internet is highly dependent on trust communicated via certificates. However, in some cases, certificates become untrusted, and it is necessary to revoke them. In practice, the problem of secure revocation is still open.…
The level of trust accorded to certification authorities has been decreasing over the last few years as several cases of misbehavior and compromise have been observed. Log-based approaches, such as Certificate Transparency, ensure that…
Trust in publicly verifiable Certificate Transparency (CT) logs is reduced through cryptography, gossip, auditing, and monitoring. The role of a monitor is to observe each and every log entry, looking for suspicious certificates that…
This paper systematizes log based Transparency Enhancing Technologies. Based on work on transparency from multiple disciplines we outline the purpose, usefulness, and pitfalls of transparency. We describe the mechanisms that allow log based…
Browsers can detect malicious websites that are provisioned with forged or fake TLS/SSL certificates. However, they are not so good at detecting malicious websites if they are provisioned with mistakenly issued certificates or certificates…
The security of public key validation protocols for web-based applications has recently attracted attention because of weaknesses in the certificate authority model, and consequent attacks. Recent proposals using public logs have succeeded…
The Transport Layer Security (TLS) protocol and its public-key infrastructure (PKI) are widely used in the Internet to achieve secure communication. Validating domain ownership by trusted certification authorities (CAs) is a critical step…
Confidential computing in the public cloud intends to safeguard workload privacy while outsourcing infrastructure management to a cloud provider. This is achieved by executing customer workloads within so called Trusted Execution…
The security of TLS depends on trust in certificate authorities, and that trust stems from their ability to protect and control the use of a private signing key. The signing key is the key asset of a certificate authority (CA), and its…
Many of the benefits we derive from the Internet require trust in the authenticity of HTTPS connections. Unfortunately, the public key certification ecosystem that underwrites this trust has failed us on numerous occasions. Towards an…
In conventional PKI, CAs are assumed to be fully trusted. However, in practice, CAs' absolute responsibility for providing trustworthiness caused major security and privacy issues. To prevent such issues, Google introduced the concept of…
Social media platforms curate access to information and opportunities, and so play a critical role in shaping public discourse today. The opaque nature of the algorithms these platforms use to curate content raises societal questions. Prior…
Enabling supply chain transparency (SCT) is essential for regulatory compliance and meeting sustainability standards. Multi-tier SCT plays a pivotal role in identifying and mitigating an organization's operational, environmental, and social…
Phishing is a prevalent cyberattack that uses look-alike websites to deceive users into revealing sensitive information. Numerous efforts have been made by the Internet community and security organizations to detect, prevent, or train users…
The goal of this paper is to propose a blockchain-based platform to enhance transparency and traceability of cybersecurity certification information motivated by the recently adopted EU Cybersecurity Act. The proposed platform is generic…
Under Know Your Customer (KYC) regulations, financial institutions are required to verify the identity and assess the trustworthiness of any new client during on-boarding, and maintain up-to-date records for risk management. These processes…