Logo des Repositoriums
 

Let’s Revoke! Mitigating Revocation Equivocation by re-purposing the Certificate Transparency Log

dc.contributor.authorMueller, Tobias
dc.contributor.authorStübs, Marius
dc.contributor.authorFederrath, Hannes
dc.contributor.editorRoßnagel, Heiko
dc.contributor.editorWagner, Sven
dc.contributor.editorHühnlein, Detlef
dc.date.accessioned2019-03-25T09:21:57Z
dc.date.available2019-03-25T09:21:57Z
dc.date.issued2019
dc.description.abstractDistributing cryptographic keys and asserting their validity is a challenge for any system relying on such keys, for example the World Wide Web with HTTPS or OpenPGP encrypted email. When keys get stolen or compromised, it is desirable to shorten the time during which an attacker can decrypt or sign messages. This is usually achieved by revoking the affected certificates. We investigate the security requirements for distributing key revocations in the context of asynchronous decentralised messaging and analyse the status quo with respect to these requirements. We show that equivocation, integrity protection, and non-repudiation pose a challenge in today’s revocation distribution infrastructure. We find that a publicly verifiable append-only data structure serves our purpose and notice that operating such an infrastructure is expensive. We propose a revocation distribution scheme that fulfils our requirements. Our scheme uses the already existing Certificate Transparency (CT) logs of the WebPKI as a publicly verifiable append-only data structure for storing revocations through specially crafted TLS certificates. The security of our system largely stems from the properties of these CT logs. Additionally, we analyse the computational and bandwidth requirements of our scheme and show limitations of the protocol we propose.en
dc.identifier.isbn978-3-88579-687-9
dc.identifier.pissn1617-5468
dc.identifier.urihttps://dl.gi.de/handle/20.500.12116/20983
dc.language.isoen
dc.publisherGesellschaft für Informatik, Bonn
dc.relation.ispartofOpen Identity Summit 2019
dc.relation.ispartofseriesLecture Notes in Informatics (LNI) - Proceedings, Volume P293
dc.subjectkey revocation
dc.subjectasynchronous decentralised messaging
dc.subjectemail
dc.subjectPKI
dc.subjecttrust
dc.subjectOpenPGP
dc.titleLet’s Revoke! Mitigating Revocation Equivocation by re-purposing the Certificate Transparency Logen
gi.citation.endPage154
gi.citation.startPage143
gi.conference.date28.-29. March 2019
gi.conference.locationGarmisch-Partenkirchen, Germany
gi.conference.sessiontitleRegular Research Papers

Dateien

Originalbündel
1 - 1 von 1
Lade...
Vorschaubild
Name:
proceedings-12.pdf
Größe:
1.9 MB
Format:
Adobe Portable Document Format