M.S. Defense: Jie Kong

Please attend:

Master Thesis Defense

Title: CTng: Secure Certificate and Revocation Transparency

M.S. Candidate: Jie Kong

Major Advisor: Dr. Amir Herzberg

Associate Advisor: Dr. Bing Wang, Dr. Walter Krawec

Date/time: Monday August 7th, 2023, 1:00pm

Location: HBL Instruction 1102

Meeting link: https://uconn-cmr.webex.com/uconn-cmr/j.php?MTID=m80130b85ee8b96d07988b00b29718217

Meeting number: 2624 578 9287

Password: QYfn8K6kPb8

Abstract:

In this work, we study Certificate Transparency (CT), an important standardized extension of classical Web-PKI, deployed and integrated into major browsers. We evaluate the properties of the published design of CT-v1 (RFC 6962), and identify several major concerns, which persist in drafts for CT-v2. Most significantly, CT-v1 fails to achieve the main goal of the original CT publications, namely security with No Trusted Third Party (NTTP) and it does not ensure transparency for revocation status. Several recent works [24], [1], [20], [5], [3], [18], [9] address some of these issues but at the cost of significant, non-evolutionary deviation from the existing standards and ecosystem.
In response, we present CTng, a redesign of CT. CTng achieves security, including transparency of certificate and of revocation status, with No Trusted Third Party, while preserving client’s privacy, allowing offline client validation of certificates, and facilitating resiliency to DoS. CTng is efficient and practical, and provides a possible next step in the evolution of PKI standards. We present a security analysis and an evaluation of our experimental open source prototype shows that CTng imposes acceptable communication and storage overhead.