Master Thesis Defense
Title: CTng: Secure Certificate and Revocation Transparency
M.S. Candidate: Jie Kong
Major Advisor: Dr. Amir Herzberg
Associate Advisor: Dr. Bing Wang, Dr. Walter Krawec
Date/time: Monday August 7th, 2023, 1:00pm
Location: HBL Instruction 1102
Meeting number: 2624 578 9287
In this work, we study Certificate Transparency (CT), an important standardized extension of classical Web-PKI, deployed and integrated into major browsers. We evaluate the properties of the published design of CT-v1 (RFC 6962), and identify several major concerns, which persist in drafts for CT-v2. Most significantly, CT-v1 fails to achieve the main goal of the original CT publications, namely security with No Trusted Third Party (NTTP) and it does not ensure transparency for revocation status. Several recent works , , , , , ,  address some of these issues but at the cost of significant, non-evolutionary deviation from the existing standards and ecosystem.
In response, we present CTng, a redesign of CT. CTng achieves security, including transparency of certificate and of revocation status, with No Trusted Third Party, while preserving client’s privacy, allowing offline client validation of certificates, and facilitating resiliency to DoS. CTng is efficient and practical, and provides a possible next step in the evolution of PKI standards. We present a security analysis and an evaluation of our experimental open source prototype shows that CTng imposes acceptable communication and storage overhead.