Aggregation-Based Gossip for Certificate Transparency

Certificate Transparency (CT) is a project that mandates public logging of TLS certificates issued by certificate authorities. While a CT log is designed to be trustless, it relies on the assumptio ...

[1]  Daniel Zappala,et al.  TrustBase: An Architecture to Repair and Strengthen Certificate-based Authentication , 2016, USENIX Security Symposium.

[2]  Fan Yang,et al.  The QUIC Transport Protocol: Design and Internet-Scale Deployment , 2017, SIGCOMM.

[3]  Erik Derr,et al.  Keep me Updated: An Empirical Study of Third-Party Library Updatability on Android , 2017, CCS.

[4]  Robert T. Braden,et al.  Requirements for Internet Hosts - Communication Layers , 1989, RFC.

[5]  Rasmus Dahlberg,et al.  Aggregating Certificate Transparency Gossip Using Programmable Packet Processors , 2018 .

[6]  Georg Carle,et al.  In Log We Trust: Revealing Poor Security Practices with Certificate Transparency Logs and Internet Measurements , 2018, PAM.

[7]  Ian Goldberg,et al.  Sublinear Scaling for Multi-Client Private Information Retrieval , 2015, Financial Cryptography.

[8]  Adrian Perrig,et al.  Perspectives: Improving SSH-style Host Authentication with Multi-Path Probing , 2008, USENIX Annual Technical Conference.

[9]  Angelos D. Keromytis,et al.  DoubleCheck: Multi-path verification against man-in-the-middle attacks , 2009, 2009 IEEE Symposium on Computers and Communications.

[10]  David Moore,et al.  Beyond folklore: observations on fragmented traffic , 2002, TNET.

[11]  Deepak Kumar,et al.  Tracking Certificate Misissuance in the Wild , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[12]  Melissa Chase,et al.  Transparency Overlays and Applications , 2016, IACR Cryptol. ePrint Arch..

[13]  J. Alex Halderman,et al.  Analysis of the HTTPS certificate ecosystem , 2013, Internet Measurement Conference.

[14]  Benjamin Hof STH Cross Logging , 2017 .

[15]  Nick Feamster,et al.  The road to SDN: an intellectual history of programmable networks , 2014, CCRV.

[16]  Srinivas Devadas,et al.  Catena: Efficient Non-equivocation via Bitcoin , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[17]  George Varghese,et al.  Forwarding metamorphosis: fast programmable match-action processing in hardware for SDN , 2013, SIGCOMM.

[18]  Philippe Owezarski,et al.  OSNT: open source network tester , 2014, IEEE Network.

[19]  Toke Høiland-Jørgensen,et al.  The eXpress data path: fast programmable packet processing in the operating system kernel , 2018, CoNEXT.

[20]  Steven McCanne,et al.  The BSD Packet Filter: A New Architecture for User-level Packet Capture , 1993, USENIX Winter.

[21]  Michael J. Freedman,et al.  CONIKS: Bringing Key Transparency to End Users , 2015, USENIX Security Symposium.

[22]  George Varghese,et al.  P4: programming protocol-independent packet processors , 2013, CCRV.

[23]  Nick Sullivan,et al.  The Security Impact of HTTPS Interception , 2017, NDSS.

[24]  Georg Carle,et al.  Software Distribution Transparency and Auditability , 2017, ArXiv.

[25]  Stephen E. Deering,et al.  Internet Protocol, Version 6 (IPv6) Specification , 1995, RFC.

[26]  Erik Derr,et al.  Reliable Third-Party Library Detection in Android and its Security Applications , 2016, CCS.

[27]  Kevin R. B. Butler,et al.  Securing SSL Certificate Verification through Dynamic Linking , 2014, CCS.

[28]  David Wolinsky,et al.  Keeping Authorities "Honest or Bust" with Decentralized Witness Cosigning , 2015, 2016 IEEE Symposium on Security and Privacy (SP).

[29]  Dan S. Wallach,et al.  Efficient Data Structures For Tamper-Evident Logging , 2009, USENIX Security Symposium.

[30]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[31]  Douglas Stebila,et al.  Secure Logging Schemes and Certificate Transparency , 2016, ESORICS.

[32]  Mark Handley,et al.  Is it still possible to extend TCP? , 2011, IMC '11.

[33]  Adrian Perrig,et al.  Efficient gossip protocols for verifying the consistency of Certificate logs , 2015, 2015 IEEE Conference on Communications and Network Security (CNS).

[34]  Olivier Bonaventure,et al.  Multipath QUIC: Design and Evaluation , 2017, CoNEXT.

[35]  Alex Bavelas,et al.  Communication Patterns in Task‐Oriented Groups , 1950 .

[36]  Ralph C. Merkle,et al.  A Digital Signature Based on a Conventional Encryption Function , 1987, CRYPTO.

[37]  E. C. Milner,et al.  A Cure for the Telephone Disease , 1972, Canadian Mathematical Bulletin.

[38]  Nick McKeown,et al.  PISCES: A Programmable, Protocol-Independent Software Switch , 2016, SIGCOMM.