PoliCT: Flexible Policy in Certificate Transparency Enabling Lightweight Self-monitor

Aozhuo Sun; Bingyu Li; Huiqing Wan; Qiongxiao Wang

doi:10.1007/978-3-030-81645-2_21

PoliCT: Flexible Policy in Certificate Transparency Enabling Lightweight Self-monitor

Aozhuo Sun
, Bingyu Li
, Huiqing Wan
, Qiongxiao Wang^*

^*此作品的通讯作者

网络空间安全学院

CAS - Institute of Information Engineering
CAS - Data Assurance and Communication Security
University of Chinese Academy of Sciences

科研成果: 书/报告/会议事项章节 › 会议稿件 › 同行评审

5 引用（Scopus）

摘要

Certificate Transparency (CT) is proposed to detect maliciously or mistakenly issued certificates by recording all certificates in publicly-visible logs. CT assumes that any individual can undertake the role of a CT monitor which fetches all the certificates in the logs and discovers suspicious ones from them. However, studies in recent years shows that ordinary individuals have to pay an unbearable price to operate a monitor by themselves, which makes the originally distributed trust be concentrated on several third-party monitors. Unfortunately, some researches indicate that problems of timeliness, security, and reliability exist in third-party monitors. In this paper, we propose the PoliCT, a flexible and customizable certificate transparency management solution where domain owners can designate how their certificates should be submitted and validated. It enables domain owners (a) to release their CT policies to monitor a few logs purposefully, thereby greatly reducing monitoring costs; (b) to demand more SCTs to increase the transparency of their certificates. After that, we discuss the design of a reliable lightweight self-monitor in detail. Expectably, the actual data collection and the theoretical analysis of the prototype system show that PoliCT enables a common individual to maintain its CT policies with negligible overhead, and significantly improves the performance of monitoring service.

源语言	英语
主期刊名	Applied Cryptography and Network Security Workshops - ACNS 2021 Satellite Workshops, AIBlock, AIHWS, AIoTS, CIMSS, Cloud S and P, SCI, SecMT, and SiMLA, 2021, Proceedings
编辑	Jianying Zhou, Chuadhry Mujeeb Ahmed, Lejla Batina, Sudipta Chattopadhyay, Olga Gadyatskaya, Chenglu Jin, Jingqiang Lin, Eleonora Losiouk, Bo Luo, Suryadipta Majumdar, Mihalis Maniatakos, Daisuke Mashima, Weizhi Meng, Stjepan Picek, Masaki Shimaoka, Chunhua Su, Cong Wang
出版商	Springer Science and Business Media Deutschland GmbH
页	358-377
页数	20
ISBN（印刷版）	9783030816445
DOI	https://doi.org/10.1007/978-3-030-81645-2_21
出版状态	已出版 - 2021
活动	satellite workshops held around the 19th International Conference on Applied Cryptography and Network Security, ACNS 2021, 3rd International Workshop on Application Intelligence and Blockchain Security, AIBlock 2021, 2nd International Workshop on Artificial Intelligence in Hardware Security, AIHWS 2021, 3rd International Workshop on Artificial Intelligence and Industrial IoT Security, AIoTS 2021, 1st International Workshop on Critical Infrastructure and Manufacturing System Security, CIMSS 2021, 3rd International Workshop on Cloud Security and Privacy, Cloud S and P 2021, 2nd International Workshop on Secure Cryptographic Implementation, SCI 2021, 2nd International Workshop on Security in Mobile Technologies, SecMT 2021, 3rd International Workshop on Security in Machine Learning and its Applications, SiMLA 2021 - Virtual, Online 期限: 21 6月 2021 → 24 6月 2021

出版系列

姓名	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
卷	12809 LNCS
ISSN（印刷版）	0302-9743
ISSN（电子版）	1611-3349

会议

会议	satellite workshops held around the 19th International Conference on Applied Cryptography and Network Security, ACNS 2021, 3rd International Workshop on Application Intelligence and Blockchain Security, AIBlock 2021, 2nd International Workshop on Artificial Intelligence in Hardware Security, AIHWS 2021, 3rd International Workshop on Artificial Intelligence and Industrial IoT Security, AIoTS 2021, 1st International Workshop on Critical Infrastructure and Manufacturing System Security, CIMSS 2021, 3rd International Workshop on Cloud Security and Privacy, Cloud S and P 2021, 2nd International Workshop on Secure Cryptographic Implementation, SCI 2021, 2nd International Workshop on Security in Mobile Technologies, SecMT 2021, 3rd International Workshop on Security in Machine Learning and its Applications, SiMLA 2021
市	Virtual, Online
时期	21/06/21 → 24/06/21

访问文件

10.1007/978-3-030-81645-2_21

其它文件与链接

链接到 Scopus 的出版物

引用此

Sun, A., Li, B., Wan, H., & Wang, Q. (2021). PoliCT: Flexible Policy in Certificate Transparency Enabling Lightweight Self-monitor. 在 J. Zhou, C. M. Ahmed, L. Batina, S. Chattopadhyay, O. Gadyatskaya, C. Jin, J. Lin, E. Losiouk, B. Luo, S. Majumdar, M. Maniatakos, D. Mashima, W. Meng, S. Picek, M. Shimaoka, C. Su, & C. Wang (编辑), Applied Cryptography and Network Security Workshops - ACNS 2021 Satellite Workshops, AIBlock, AIHWS, AIoTS, CIMSS, Cloud S and P, SCI, SecMT, and SiMLA, 2021, Proceedings (页码 358-377). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); 卷 12809 LNCS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-030-81645-2_21

Sun, Aozhuo ; Li, Bingyu ; Wan, Huiqing 等. / PoliCT : Flexible Policy in Certificate Transparency Enabling Lightweight Self-monitor. Applied Cryptography and Network Security Workshops - ACNS 2021 Satellite Workshops, AIBlock, AIHWS, AIoTS, CIMSS, Cloud S and P, SCI, SecMT, and SiMLA, 2021, Proceedings. 编辑 / Jianying Zhou ; Chuadhry Mujeeb Ahmed ; Lejla Batina ; Sudipta Chattopadhyay ; Olga Gadyatskaya ; Chenglu Jin ; Jingqiang Lin ; Eleonora Losiouk ; Bo Luo ; Suryadipta Majumdar ; Mihalis Maniatakos ; Daisuke Mashima ; Weizhi Meng ; Stjepan Picek ; Masaki Shimaoka ; Chunhua Su ; Cong Wang. Springer Science and Business Media Deutschland GmbH, 2021. 页码 358-377 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{e3756e87f3e94ed1bd10175d69273e38,

title = "PoliCT: Flexible Policy in Certificate Transparency Enabling Lightweight Self-monitor",

abstract = "Certificate Transparency (CT) is proposed to detect maliciously or mistakenly issued certificates by recording all certificates in publicly-visible logs. CT assumes that any individual can undertake the role of a CT monitor which fetches all the certificates in the logs and discovers suspicious ones from them. However, studies in recent years shows that ordinary individuals have to pay an unbearable price to operate a monitor by themselves, which makes the originally distributed trust be concentrated on several third-party monitors. Unfortunately, some researches indicate that problems of timeliness, security, and reliability exist in third-party monitors. In this paper, we propose the PoliCT, a flexible and customizable certificate transparency management solution where domain owners can designate how their certificates should be submitted and validated. It enables domain owners (a) to release their CT policies to monitor a few logs purposefully, thereby greatly reducing monitoring costs; (b) to demand more SCTs to increase the transparency of their certificates. After that, we discuss the design of a reliable lightweight self-monitor in detail. Expectably, the actual data collection and the theoretical analysis of the prototype system show that PoliCT enables a common individual to maintain its CT policies with negligible overhead, and significantly improves the performance of monitoring service.",

keywords = "Certificate transparency, Fraudulent certificate, Monitor, PKI",

author = "Aozhuo Sun and Bingyu Li and Huiqing Wan and Qiongxiao Wang",

note = "Publisher Copyright: {\textcopyright} 2021, Springer Nature Switzerland AG.; satellite workshops held around the 19th International Conference on Applied Cryptography and Network Security, ACNS 2021, 3rd International Workshop on Application Intelligence and Blockchain Security, AIBlock 2021, 2nd International Workshop on Artificial Intelligence in Hardware Security, AIHWS 2021, 3rd International Workshop on Artificial Intelligence and Industrial IoT Security, AIoTS 2021, 1st International Workshop on Critical Infrastructure and Manufacturing System Security, CIMSS 2021, 3rd International Workshop on Cloud Security and Privacy, Cloud S and P 2021, 2nd International Workshop on Secure Cryptographic Implementation, SCI 2021, 2nd International Workshop on Security in Mobile Technologies, SecMT 2021, 3rd International Workshop on Security in Machine Learning and its Applications, SiMLA 2021 ; Conference date: 21-06-2021 Through 24-06-2021",

year = "2021",

doi = "10.1007/978-3-030-81645-2\_21",

language = "英语",

isbn = "9783030816445",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "358--377",

editor = "Jianying Zhou and Ahmed, \{Chuadhry Mujeeb\} and Lejla Batina and Sudipta Chattopadhyay and Olga Gadyatskaya and Chenglu Jin and Jingqiang Lin and Eleonora Losiouk and Bo Luo and Suryadipta Majumdar and Mihalis Maniatakos and Daisuke Mashima and Weizhi Meng and Stjepan Picek and Masaki Shimaoka and Chunhua Su and Cong Wang",

booktitle = "Applied Cryptography and Network Security Workshops - ACNS 2021 Satellite Workshops, AIBlock, AIHWS, AIoTS, CIMSS, Cloud S and P, SCI, SecMT, and SiMLA, 2021, Proceedings",

address = "德国",

}

Sun, A, Li, B, Wan, H & Wang, Q 2021, PoliCT: Flexible Policy in Certificate Transparency Enabling Lightweight Self-monitor. 在 J Zhou, CM Ahmed, L Batina, S Chattopadhyay, O Gadyatskaya, C Jin, J Lin, E Losiouk, B Luo, S Majumdar, M Maniatakos, D Mashima, W Meng, S Picek, M Shimaoka, C Su & C Wang (编辑), Applied Cryptography and Network Security Workshops - ACNS 2021 Satellite Workshops, AIBlock, AIHWS, AIoTS, CIMSS, Cloud S and P, SCI, SecMT, and SiMLA, 2021, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 卷 12809 LNCS, Springer Science and Business Media Deutschland GmbH, 页码 358-377, satellite workshops held around the 19th International Conference on Applied Cryptography and Network Security, ACNS 2021, 3rd International Workshop on Application Intelligence and Blockchain Security, AIBlock 2021, 2nd International Workshop on Artificial Intelligence in Hardware Security, AIHWS 2021, 3rd International Workshop on Artificial Intelligence and Industrial IoT Security, AIoTS 2021, 1st International Workshop on Critical Infrastructure and Manufacturing System Security, CIMSS 2021, 3rd International Workshop on Cloud Security and Privacy, Cloud S and P 2021, 2nd International Workshop on Secure Cryptographic Implementation, SCI 2021, 2nd International Workshop on Security in Mobile Technologies, SecMT 2021, 3rd International Workshop on Security in Machine Learning and its Applications, SiMLA 2021, Virtual, Online, 21/06/21. https://doi.org/10.1007/978-3-030-81645-2_21

PoliCT: Flexible Policy in Certificate Transparency Enabling Lightweight Self-monitor. / Sun, Aozhuo; Li, Bingyu; Wan, Huiqing 等.
Applied Cryptography and Network Security Workshops - ACNS 2021 Satellite Workshops, AIBlock, AIHWS, AIoTS, CIMSS, Cloud S and P, SCI, SecMT, and SiMLA, 2021, Proceedings. 编辑 / Jianying Zhou; Chuadhry Mujeeb Ahmed; Lejla Batina; Sudipta Chattopadhyay; Olga Gadyatskaya; Chenglu Jin; Jingqiang Lin; Eleonora Losiouk; Bo Luo; Suryadipta Majumdar; Mihalis Maniatakos; Daisuke Mashima; Weizhi Meng; Stjepan Picek; Masaki Shimaoka; Chunhua Su; Cong Wang. Springer Science and Business Media Deutschland GmbH, 2021. 页码 358-377 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); 卷 12809 LNCS).

科研成果: 书/报告/会议事项章节 › 会议稿件 › 同行评审

TY - GEN

T1 - PoliCT

T2 - satellite workshops held around the 19th International Conference on Applied Cryptography and Network Security, ACNS 2021, 3rd International Workshop on Application Intelligence and Blockchain Security, AIBlock 2021, 2nd International Workshop on Artificial Intelligence in Hardware Security, AIHWS 2021, 3rd International Workshop on Artificial Intelligence and Industrial IoT Security, AIoTS 2021, 1st International Workshop on Critical Infrastructure and Manufacturing System Security, CIMSS 2021, 3rd International Workshop on Cloud Security and Privacy, Cloud S and P 2021, 2nd International Workshop on Secure Cryptographic Implementation, SCI 2021, 2nd International Workshop on Security in Mobile Technologies, SecMT 2021, 3rd International Workshop on Security in Machine Learning and its Applications, SiMLA 2021

AU - Sun, Aozhuo

AU - Li, Bingyu

AU - Wan, Huiqing

AU - Wang, Qiongxiao

PY - 2021

Y1 - 2021

N2 - Certificate Transparency (CT) is proposed to detect maliciously or mistakenly issued certificates by recording all certificates in publicly-visible logs. CT assumes that any individual can undertake the role of a CT monitor which fetches all the certificates in the logs and discovers suspicious ones from them. However, studies in recent years shows that ordinary individuals have to pay an unbearable price to operate a monitor by themselves, which makes the originally distributed trust be concentrated on several third-party monitors. Unfortunately, some researches indicate that problems of timeliness, security, and reliability exist in third-party monitors. In this paper, we propose the PoliCT, a flexible and customizable certificate transparency management solution where domain owners can designate how their certificates should be submitted and validated. It enables domain owners (a) to release their CT policies to monitor a few logs purposefully, thereby greatly reducing monitoring costs; (b) to demand more SCTs to increase the transparency of their certificates. After that, we discuss the design of a reliable lightweight self-monitor in detail. Expectably, the actual data collection and the theoretical analysis of the prototype system show that PoliCT enables a common individual to maintain its CT policies with negligible overhead, and significantly improves the performance of monitoring service.

AB - Certificate Transparency (CT) is proposed to detect maliciously or mistakenly issued certificates by recording all certificates in publicly-visible logs. CT assumes that any individual can undertake the role of a CT monitor which fetches all the certificates in the logs and discovers suspicious ones from them. However, studies in recent years shows that ordinary individuals have to pay an unbearable price to operate a monitor by themselves, which makes the originally distributed trust be concentrated on several third-party monitors. Unfortunately, some researches indicate that problems of timeliness, security, and reliability exist in third-party monitors. In this paper, we propose the PoliCT, a flexible and customizable certificate transparency management solution where domain owners can designate how their certificates should be submitted and validated. It enables domain owners (a) to release their CT policies to monitor a few logs purposefully, thereby greatly reducing monitoring costs; (b) to demand more SCTs to increase the transparency of their certificates. After that, we discuss the design of a reliable lightweight self-monitor in detail. Expectably, the actual data collection and the theoretical analysis of the prototype system show that PoliCT enables a common individual to maintain its CT policies with negligible overhead, and significantly improves the performance of monitoring service.

KW - Certificate transparency

KW - Fraudulent certificate

KW - Monitor

KW - PKI

UR - https://www.scopus.com/pages/publications/85113488170

U2 - 10.1007/978-3-030-81645-2_21

DO - 10.1007/978-3-030-81645-2_21

M3 - 会议稿件

AN - SCOPUS:85113488170

SN - 9783030816445

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 358

EP - 377

BT - Applied Cryptography and Network Security Workshops - ACNS 2021 Satellite Workshops, AIBlock, AIHWS, AIoTS, CIMSS, Cloud S and P, SCI, SecMT, and SiMLA, 2021, Proceedings

A2 - Zhou, Jianying

A2 - Ahmed, Chuadhry Mujeeb

A2 - Batina, Lejla

A2 - Chattopadhyay, Sudipta

A2 - Gadyatskaya, Olga

A2 - Jin, Chenglu

A2 - Lin, Jingqiang

A2 - Losiouk, Eleonora

A2 - Luo, Bo

A2 - Majumdar, Suryadipta

A2 - Maniatakos, Mihalis

A2 - Mashima, Daisuke

A2 - Meng, Weizhi

A2 - Picek, Stjepan

A2 - Shimaoka, Masaki

A2 - Su, Chunhua

A2 - Wang, Cong

PB - Springer Science and Business Media Deutschland GmbH

Y2 - 21 June 2021 through 24 June 2021

ER -

Sun A, Li B, Wan H, Wang Q. PoliCT: Flexible Policy in Certificate Transparency Enabling Lightweight Self-monitor. 在 Zhou J, Ahmed CM, Batina L, Chattopadhyay S, Gadyatskaya O, Jin C, Lin J, Losiouk E, Luo B, Majumdar S, Maniatakos M, Mashima D, Meng W, Picek S, Shimaoka M, Su C, Wang C, 编辑, Applied Cryptography and Network Security Workshops - ACNS 2021 Satellite Workshops, AIBlock, AIHWS, AIoTS, CIMSS, Cloud S and P, SCI, SecMT, and SiMLA, 2021, Proceedings. Springer Science and Business Media Deutschland GmbH. 2021. 页码 358-377. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-030-81645-2_21

PoliCT: Flexible Policy in Certificate Transparency Enabling Lightweight Self-monitor

摘要

出版系列

会议

访问文件

其它文件与链接

指纹

引用此