Abstract
Trust in Secure Sockets Layer–based communications is traditionally provided by Certificate (or Certification) Authorities (CAs) in the form of signed certificates. Checking the validity of a certificate involves three steps: (i) checking its expiration date, (ii) verifying its signature, and (iii) ensuring that it is not revoked. Currently, such certificate revocation checks (i.e., step (iii) above) are done either via Certificate Revocation Lists (CRLs), or Online Certificate Status Protocol (OCSP) servers. Unfortunately, despite the existence of these revocation checks, sophisticated cyber-attackers can still trick web browsers to trust a revoked certificate, believing that it is still valid.
Although frequently updated, nonced, and timestamped certificates can reduce the frequency and impact of such cyber-attacks, they add a huge burden to the CAs and OCSP servers. Indeed, CAs and/or OCSP servers need to timestamp and sign on a regular basis all the responses, for every certificate they have issued, resulting in a very high overhead. To mitigate this and provide a solution to the described cyber-attacks, we present CCSP : a new approach to provide timely information regarding the status of certificates, which capitalizes on a newly introduced notion called Signed Collections. In this article, we present in detail the notion of Signed Collections and the complete design, implementation, and evaluation of our approach. Performance evaluation shows that CCSP (i) reduces space requirements by more than an order of magnitude, (ii) lowers the number of signatures required by six orders of magnitude compared to OCSP-based methods, and (iii) adds only a few milliseconds of overhead in the overall user latency.
- Alfred Ng. 2018. Google Chrome says goodbye to green “Secure” lock on HTTPS sites. Retrieved from https://www.cnet.com/news/say-good-bye-to-that-green-secure-lock-on-google-chrome/.Google Scholar
- Richard F. Andrews and Quentin Liu. 2013. Accelerating ocsp responses via content delivery network collaboration. Retrieved from http://www.google.com/patents/US20150100778 US Patent App. 14/050,245.Google Scholar
- APNIC Labs. 2019. Use of DNSSEC Validation for World (XA). Retrieved from https://stats.labs.apnic.net/dnssec/XA?c=XA8x=18g=18r=18w=78g=0.Google Scholar
- Antonios A. Chariton, Eirini Degkleri, Panagiotis Papadopoulos, Panagiotis Ilia, and Evangelos P. Markatos. 2016. DCSP: Performant certificate revocation a DNS-based approach. In Proceedings of the 9th European Workshop on System Security. ACM, 1.Google Scholar
- Antonios A. Chariton, Eirini Degkleri, Panagiotis Papadopoulos, Panagiotis Ilia, and Evangelos P. Markatos. 2017. CCSP: A compressed certificate status protocol. In Proceedings of the IEEE INFOCOM Conference on Computer Communications. IEEE, 1--9.Google Scholar
- Jing Chen, Shixiong Yao, Quan Yuan, Kun He, Shouling Ji, and Ruiying Du. 2018. CertChain: Public and efficient certificate audit based on blockchain for TLS connections. In Proceedings of the IEEE INFOCOM Conference on Computer Communications. IEEE, 2060--2068.Google Scholar
Cross Ref
- Richard Chirgwin. 2016. Google publishes list of Certificate Authorities it doesn’t trust. Retrieved from https://www.theregister.co.uk/2016/03/23/google_now_publishing_a_list_of_cas_it_doesnt_trust/.Google Scholar
- Taejoong Chung, Jay Lok, Balakrishnan Chandrasekaran, David Choffnes, Dave Levin, Bruce M. Maggs, Alan Mislove, John Rula, Nick Sullivan, and Christo Wilson. 2018. Is the web ready for OCSP must-staple? In Proceedings of the Internet Measurement Conference (IMC’18). ACM, New York, NY, 105--118. DOI:https://doi.org/10.1145/3278532.3278543Google Scholar
Digital Library
- Taejoong Chung, Jay Lok, Balakrishnan Chandrasekaran, David Choffnes, Dave Levin, Bruce M. Maggs, Alan Mislove, John Rula, Nick Sullivan, and Christo Wilson. 2018. Is the web ready for OCSP must-staple? In Proceedings of the Internet Measurement Conference. ACM.Google Scholar
Digital Library
- Cooper Dave, S. Santesson, S. Farrell, S. Boeyen, R. Housley, and W. Polk. 2008. Internet X. 509 public key infrastructure certificate and certificate revocation list (CRL) profile. Retrieved from https://tools.ietf.org/html/rfc3280.Google Scholar
- Zakir Durumeric, James Kasten, David Adrian, J. Alex Halderman, Michael Bailey, Frank Li, Nicolas Weaver, Johanna Amann, Jethro Beekman, Mathias Payer, and Vern Paxson. [n.d.]. The matter of heartbleed. In Proceedings of the Conference on Internet Measurement Conference. 14. DOI:https://doi.org/10.1145/2663716.2663755Google Scholar
- Donald Eastlake et al. 2011. Transport layer security (TLS) extensions: Extension definitions. Retrieved from https://tools.ietf.org/html/rfc6066.Google Scholar
- C. Ellison and B. Schneier. 2000. Ten risks of PKI: What you’re not being told about public-key infrastructure. Comput. Secur. J. 16, 1 (2000), 1--7. Retrieved from https://www.schneier.com/academic/paperfiles/paper-pki.pdf.Google Scholar
- Emily Schechter. 2018. Evolving Chrome’s security indicators. Retrieved from https://blog.chromium.org/2018/05/evolving-chromes-security-indicators.html.Google Scholar
- S. Golomb. 1966. Run-length encodings. IEEE Trans. Info. Theory 12, 3 (1966), 399--401.Google Scholar
Digital Library
- Dan Goodin. [n.d.]. Qualys endorses alternative to crappy SSL system. Retrieved from http://www.theregister.co.uk/2011/09/30/qualys_endorses_convergence/.Google Scholar
- Mark Goodwin. 2015. Revoking Intermediate Certificates: Introducing OneCRL. Retrieved from https://blog.mozilla.org/security/2015/03/03/revoking-intermediate-certificates-introducing-onecrl/.Google Scholar
- Roger A. Grimes. [n.d.]. The sorry state of certificate revocation. Retrieved from https://www.csoonline.com/article/3000574/security/the-sorry-state-of-certificate-revocation.html.Google Scholar
- Phillip Hallam-Baker. 2015. X. 509v3 Transport Layer Security (TLS) Feature Extension. Retrieved from https://tools.ietf.org/html/rfc7633.Google Scholar
- A. Herzberg and H. Shulman. 2013. Fragmentation considered poisonous, or: One-domain-to-rule-them-all.org. In Proceedings of the IEEE Conference on Communications and Network Security (CNS’13).Google Scholar
- Paul Hoffman and Jakob Schlyter. 2012. The DNS-based authentication of named entities (DANE) transport layer security (TLS) protocol: TLSA. Retrieved from https://tools.ietf.org/html/rfc6698.Google Scholar
- Adam Langley. [n.d.]. Revocation checking and Chrome’s CRL. Retrieved from https://www.imperialviolet.org/2012/02/05/crlsets.html.Google Scholar
- Adam Langley. [n.d.]. Smaller than Bloom filters. Retrieved from https://www.imperialviolet.org/2011/04/29/filters.html.Google Scholar
- James Larisch, David Choffnes, Dave Levin, Bruce M. Maggs, Alan Mislove, and Christo Wilson. 2017. CRLite: A scalable system for pushing all TLS revocations to all browsers. In Proceedings of the 2017 IEEE Symposium on Security and Privacy (SP'17). San Jose, CA, 539--556. DOI:10.1109/SP.2017.17Google Scholar
Cross Ref
- Ben Laurie and Emilia Kasper. 2016. Revocation Transparency. Retrieved from http://www.links.org/files/RevocationTransparency.pdf.Google Scholar
- B. Laurie, A. Langley, and E. Kasper. [n.d.]. Certificate Transparency. Retrieved from https://tools.ietf.org/html/rfc6962.Google Scholar
- Ben Laurie, Adam Langley, and Stephen McHenry. [n.d.]. Certificate Transparency. Retrieved from https://www.certificate-transparency.org/faq.Google Scholar
- Let’s Encrypt. 2018. Percentage of Web Pages Loaded by Firefox Using HTTPS. Retrieved from https://letsencrypt.org/stats/.Google Scholar
- Letâs Encrypt. [n.d.]. Let’s Encrypt Stats. Retrieved from https://letsencrypt.org/stats/.Google Scholar
- Yabing Liu, Will Tome, Liang Zhang, David Choffnes, Dave Levin, Bruce Maggs, Alan Mislove, Aaron Schulman, and Christo Wilson. [n.d.]. An end-to-end measurement of certificate revocation in the Web’s PKI. In Proceedings of the ACM Internet Measurement Conference. 14. DOI:https://doi.org/10.1145/2815675.2815685Google Scholar
- Moxie Marlinspike. [n.d.]. Convergence. Retrieved from http://www.convergence.io/details.html.Google Scholar
- Nikos Mavrogiannopoulos and Simon Josefsson. [n.d.]. The GnuTLS Transport Layer Security Library. Retrieved from http://www.gnutls.org/.Google Scholar
- M. Myers, R. Ankney, A. Malpani, S. Galperin, and C. Adams. 1999. X.509 Internet Public Key Infrastructure Online Certificate Status Protocol—OCSP. Retrieved from https://tools.ietf.org/html/rfc6960.Google Scholar
- David Naylor, Alessandro Finamore, Ilias Leontiadis, Yan Grunenberger, Marco Mellia, Maurizio Munafò, Konstantina Papagiannaki, and Peter Steenkiste. 2014. The cost of the S in HTTPS. In Proceedings of the 10th ACM International on Conference on emerging Networking Experiments and Technologies. ACM, 133--140.Google Scholar
Digital Library
- Netcraft. [n.d.]. CRL sites ordered by average body size. Retrieved from http://uptime.netcraft.com/perf/reports/performance/CRL.Google Scholar
- Netcraft. [n.d.]. Total http time of OCSP sites. Retrieved from http://uptime.netcraft.com/perf/reports/performance/OCSP.Google Scholar
- Erik Nygren, Ramesh K. Sitaraman, and Jennifer Sun. 2010. The akamai network: A platform for high-performance internet applications. ACM SIGOPS Operat. Syst. Rev. 44, 3 (2010), 2--19.Google Scholar
Digital Library
- Mark Dermot Ryan. 2014. Enhanced certificate transparency and end-to-end encrypted mail. In Proceedings of the 21st Annual Network and Distributed System Security Symposium (NDSS’14). Retrieved from http://www.internetsociety.org/doc/enhanced-certificate-transparency-and-end-end-encrypted-mail.Google Scholar
Cross Ref
- Alexey Samoshkin. [n.d.]. SSL certificate revocation and how it is broken in practice. Retrieved from https://medium.com/@alexeysamoshkin/how-ssl-certificate-revocation-is-broken-in-practice-af3b63b9cb3.Google Scholar
- Aaron Schulman, Dave Levin, and Neil Spring. 2014. RevCast: Fast, private certificate revocation over FM radio. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS’14).Google Scholar
Digital Library
- Giuseppe Scrivano and Hrvoje Niksic. [n.d.]. GNU Wget 1.18 Manual. Retrieved from https://www.gnu.org/software/wget/.Google Scholar
- Nick Sullivan. [n.d.]. High-reliability OCSP stapling and why it matters. Retrieved from https://blog.cloudflare.com/high-reliability-ocsp-stapling/.Google Scholar
- Ahmad Samer Wazan, Romain Laborde, David W. Chadwick, François Barrère, and Abdelmalek Benzekri. 2017. TLS connection validation by web browsers: Why do web browsers still not agree? In Proceedings of the IEEE 41st Annual Computer Software and Applications Conference (COMPSAC’17). IEEE.Google Scholar
Cross Ref
- Dan Wendlandt, David G. Andersen, and Adrian Perrig. 2008. Perspectives: Improving SSH-style host authentication with multi-path probing. In Proceedings of the USENIX Annual Technical Conference (ATC’08). USENIX Association, Berkeley, CA, 321--334. Retrieved from http://dl.acm.org/citation.cfm?id=1404014.1404041.Google Scholar
- Liang Zhang, David Choffnes, Dave Levin, Tudor Dumitras, Alan Mislove, Aaron Schulman, and Christo Wilson. 2014. Analysis of SSL certificate reissues and revocations in the wake of heartbleed. In Proceedings of the Conference on Internet Measurement Conference. ACM, 489--502.Google Scholar
Digital Library
- Liang Zhu, Johanna Amann, and John Heidemann. 2016. Measuring the latency and pervasiveness of TLS certificate revocation. In Proceedings of the International Conference on Passive and Active Network Measurement. Springer, 16--29.Google Scholar
Cross Ref
- Liang Zhu, Duane Wessels, Allison Mankin, and John Heidemann. 2015. Measuring dane TLSA deployment. In Proceedings of the International Workshop on Traffic Monitoring and Analysis. Springer, 219--232.Google Scholar
Cross Ref
- J. Ziv and A. Lempel. 2006. A universal algorithm for sequential data compression. IEEE Trans. Info. Theor. 23, 3 (Sept. 2006), 337--343. DOI:https://doi.org/10.1109/TIT.1977.1055714Google Scholar
Index Terms
Design and Implementation of a Compressed Certificate Status Protocol
Recommendations
Is the Web Ready for OCSP Must-Staple?
IMC '18: Proceedings of the Internet Measurement Conference 2018TLS, the de facto standard protocol for securing communications over the Internet, relies on a hierarchy of certificates that bind names to public keys. Naturally, ensuring that the communicating parties are using only valid certificates is a necessary ...
On the Complexity of Public-Key Certificate Validation
ISC '01: Proceedings of the 4th International Conference on Information SecurityPublic-key infrastructures are increasingly being used as foundation for several security solutions, such as electronic documents, secure e-mail (S/MIME), secure web transactions (SSL), and many others.However, there are still many aspects that need ...
Implementation of an Efficient Authenticated Dictionary for Certificate Revocation
ISCC '03: Proceedings of the Eighth IEEE International Symposium on Computers and CommunicationsPublic key cryptography is widely used to provide the securityservices necessary to develop WEB applications. ThePKI is the infrastructure that supports the public key cryptographyand the revocation of certificates implies one ofits major costs. The ...






Comments