Privacy-Preserving & Incrementally-Deployable Support for Certificate Transparency in Tor

Abstract The security of the web improved greatly throughout the last couple of years. A large majority of the web is now served encrypted as part of HTTPS, and web browsers accordingly moved from positive to negative security indicators that warn the user if a connection is insecure. A secure connection requires that the server presents a valid certificate that binds the domain name in question to a public key. A certificate used to be valid if signed by a trusted Certificate Authority (CA), but web browsers like Google Chrome and Apple’s Safari have additionally started to mandate Certificate Transparency (CT) logging to overcome the weakest-link security of the CA ecosystem. Tor and the Firefox-based Tor Browser have yet to enforce CT. In this paper, we present privacy-preserving and incrementally-deployable designs that add support for CT in Tor. Our designs go beyond the currently deployed CT enforcements that are based on blind trust: if a user that uses Tor Browser is man-in-the-middled over HTTPS, we probabilistically detect and disclose cryptographic evidence of CA and/or CT log misbehavior. The first design increment allows Tor to play a vital role in the overall goal of CT: detect mis-issued certificates and hold CAs accountable. We achieve this by randomly cross-logging a subset of certificates into other CT logs. The final increments hold misbehaving CT logs accountable, initially assuming that some logs are benign and then without any such assumption. Given that the current CT deployment lacks strong mechanisms to verify if log operators play by the rules, exposing misbehavior is important for the web in general and not just Tor. The full design turns Tor into a system for maintaining a probabilistically-verified view of the CT log ecosystem available from Tor’s consensus. Each increment leading up to it preserves privacy due to and how we use Tor.

[1]  Dogan Kesdogan,et al.  Stop-and-Go-MIXes Providing Probabilistic Anonymity in an Open System , 1998, Information Hiding.

[2]  Arno Fiedler,et al.  Certificate transparency , 2014, Commun. ACM.

[3]  Adrian Perrig,et al.  Efficient gossip protocols for verifying the consistency of Certificate logs , 2015, 2015 IEEE Conference on Communications and Network Security (CNS).

[4]  J. Alex Halderman,et al.  Analysis of the HTTPS certificate ecosystem , 2013, Internet Measurement Conference.

[5]  Per Larsen,et al.  Selfrando: Securing the Tor Browser against De-anonymization Exploits , 2016, Proc. Priv. Enhancing Technol..

[6]  Mariana Raykova,et al.  Think Global, Act Local: Gossip and Client Audits in Verifiable Data Structures , 2020, ArXiv.

[7]  Fengjun Li,et al.  Certificate Transparency in the Wild: Exploring the Reliability of Monitors , 2019, CCS.

[8]  Tobias Pulls,et al.  Verifiable Light-Weight Monitoring for Certificate Transparency Logs , 2018, NordSec.

[9]  Daniel Kales,et al.  Revisiting User Privacy for Certificate Transparency , 2019, 2019 IEEE European Symposium on Security and Privacy (EuroS&P).

[10]  Jeremy Clark,et al.  2013 IEEE Symposium on Security and Privacy SoK: SSL and HTTPS: Revisiting past challenges and evaluating certificate trust model enhancements , 2022 .

[11]  Roger Dingledine,et al.  A Practical Congestion Attack on Tor Using Long Paths , 2009, USENIX Security Symposium.

[12]  Dan Boneh,et al.  Certificate Transparency with Privacy , 2017, Proc. Priv. Enhancing Technol..

[13]  Douglas Stebila,et al.  Secure Logging Schemes and Certificate Transparency , 2016, ESORICS.

[14]  J. Alex Halderman,et al.  Let's Encrypt: An Automated Certificate Authority to Encrypt the Entire Web , 2019, CCS.

[15]  Tom Ritter,et al.  Gossiping in CT , 2018 .

[16]  Adrienne Porter Felt,et al.  Does Certificate Transparency Break the Web? Measuring Adoption and Error Rate , 2019, 2019 IEEE Symposium on Security and Privacy (SP).

[17]  Melissa Chase,et al.  Transparency Overlays and Applications , 2016, IACR Cryptol. ePrint Arch..

[18]  Stefan Lindskog,et al.  Spoiled Onions: Exposing Malicious Tor Exit Relays , 2014, Privacy Enhancing Technologies.

[19]  Angelos D. Keromytis,et al.  DoubleCheck: Multi-path verification against man-in-the-middle attacks , 2009, 2009 IEEE Symposium on Computers and Communications.

[20]  Micah Sherr,et al.  Understanding Tor Usage with Privacy-Preserving Measurement , 2018, Internet Measurement Conference.

[21]  梁 啓超,et al.  庸言 = The justice , 2022 .

[22]  Eyal Kushilevitz,et al.  Private information retrieval , 1998, JACM.

[23]  Nick Feamster,et al.  The Effect of DNS on Tor's Anonymity , 2016, NDSS.

[24]  Toke Høiland-Jørgensen,et al.  Aggregation-Based Certificate Transparency Gossip , 2018 .

[25]  E. W. Morris No , 1923, The Hospital and health review.

[26]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[27]  Danna Zhou,et al.  d. , 1840, Microbial pathogenesis.

[28]  Niklas Carlsson,et al.  Characterizing the Root Landscape of Certificate Transparency Logs , 2020, 2020 IFIP Networking Conference (Networking).

[29]  George Danezis,et al.  Bridging and Fingerprinting: Epistemic Attacks on Route Selection , 2008, Privacy Enhancing Technologies.

[30]  Ian Goldberg,et al.  Sublinear Scaling for Multi-Client Private Information Retrieval , 2015, Financial Cryptography.

[31]  David Wolinsky,et al.  Keeping Authorities "Honest or Bust" with Decentralized Witness Cosigning , 2015, 2016 IEEE Symposium on Security and Privacy (SP).

[32]  THINK GLOBAL,et al.  Think global , 2006, Nature.