Blockchain-based TLS Notary Service

The Transport Layer Security (TLS) protocol is a de facto standard of secure client-server communication on the Internet. Its security can be diminished by a variety of attacks that leverage on weaknesses in its design and implementations. An example of a major weakness is the public-key infrastructure (PKI) that TLS deploys, which is a weakest-link system and introduces hundreds of links (i.e., trusted entities). Consequently, an adversary compromising a single trusted entity can impersonate any website. Notary systems, based on multi-path probing, were early and promising proposals to detect and prevent such attacks. Unfortunately, despite their benefits, they are not widely deployed, mainly due to their long-standing unresolved problems. In this paper, we present Persistent and Accountable Domain Validation (PADVA), which is a next-generation TLS notary service. PADVA combines the advantages of previous proposals, enhancing them, introducing novel mechanisms, and leveraging a blockchain platform which provides new features. PADVA keeps notaries auditable and accountable, introduces service-level agreements and mechanisms to enforce them, relaxes availability requirements for notaries, and works with the legacy TLS ecosystem. We implemented and evaluated PADVA, and our experiments indicate its efficiency and deployability.

[1]  David Wolinsky,et al.  Keeping Authorities "Honest or Bust" with Decentralized Witness Cosigning , 2015, 2016 IEEE Symposium on Security and Privacy (SP).

[2]  Georg Carle,et al.  X.509 Forensics: Detecting and Localising the SSL/TLS Men-in-the-Middle , 2012, ESORICS.

[3]  Adrian Perrig,et al.  PKI Safety Net (PKISN): Addressing the Too-Big-to-Be-Revoked Problem of the TLS Ecosystem , 2016, 2016 IEEE European Symposium on Security and Privacy (EuroS&P).

[4]  Peter Gutmann Key Management through Key Continuity (KCM) , 2008 .

[5]  Collin Jackson,et al.  Accountable key infrastructure (AKI): a proposal for a public-key validation infrastructure , 2013, WWW.

[6]  Edgar R. Weippl,et al.  Whom You Gonna Trust? A Longitudinal Study on TLS Notary Services , 2016, DBSec.

[7]  Karthikeyan Bhargavan,et al.  Formal Modeling and Verification for Domain Validation and ACME , 2017, Financial Cryptography.

[8]  Adrian Perrig,et al.  Deployment challenges in log-based PKI enhancements , 2015, EuroSec '15.

[9]  Matthew Green,et al.  Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice , 2015, CCS.

[10]  Bruce M. Maggs,et al.  An End-to-End Measurement of Certificate Revocation in the Web's PKI , 2015, Internet Measurement Conference.

[11]  Tom Ritter,et al.  Gossiping in CT , 2018 .

[12]  Kevin R. B. Butler,et al.  Forced Perspectives: Evaluating an SSL Trust Enhancement at Scale , 2014, Internet Measurement Conference.

[13]  Michael J. Freedman,et al.  CONIKS: Bringing Key Transparency to End Users , 2015, USENIX Security Symposium.

[14]  Pawel Szalachowski,et al.  (Short Paper) Towards More Reliable Bitcoin Timestamps , 2018, 2018 Crypto Valley Conference on Blockchain Technology (CVCBT).

[15]  Mark Ryan,et al.  Enhanced Certificate Transparency and End-to-End Encrypted Mail , 2014, NDSS.

[16]  Raphael M. Reischuk,et al.  IKP: Turning a PKI Around with Decentralized Automated Incentives , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[17]  Eric Rescorla,et al.  The Transport Layer Security (TLS) Protocol Version 1.3 , 2018, RFC.

[18]  Niklas Carlsson,et al.  Server-Side Adoption of Certificate Transparency , 2018, PAM.

[19]  Joseph Bonneau,et al.  EthIKS: Using Ethereum to Audit a CONIKS Key Transparency Log , 2016, Financial Cryptography Workshops.

[20]  Adrian Perrig,et al.  Perspectives: Improving SSH-style Host Authentication with Multi-Path Probing , 2008, USENIX Annual Technical Conference.

[21]  Ralf Sasse,et al.  ARPKI: Attack Resilient Public-Key Infrastructure , 2014, CCS.

[22]  Pawel Szalachowski Towards More Reliable Bitcoin Timestamps , 2018, ArXiv.

[23]  Adrian Perrig,et al.  Efficient gossip protocols for verifying the consistency of Certificate logs , 2015, 2015 IEEE Conference on Communications and Network Security (CNS).

[24]  Matthew Smith,et al.  You Won't Be Needing These Any More: On Removing Unused Certificates from Trust Stores , 2014, Financial Cryptography.

[25]  Bruce M. Maggs,et al.  CRLite: A Scalable System for Pushing All TLS Revocations to All Browsers , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[26]  Adam Langley,et al.  Certificate Transparency , 2014, RFC.

[27]  Jeremy Clark,et al.  2013 IEEE Symposium on Security and Privacy SoK: SSL and HTTPS: Revisiting past challenges and evaluating certificate trust model enhancements , 2022 .

[28]  Ronald L. Rivest,et al.  Can We Eliminate Certificate Revocations Lists? , 1998, Financial Cryptography.

[29]  Alfred Menezes,et al.  Authenticated Diffie-Hellman Key Agreement Protocols , 1998, Selected Areas in Cryptography.

[30]  Eric Rescorla,et al.  The Transport Layer Security (TLS) Protocol Version 1.2 , 2008, RFC.