Public Key Infrastructures

Project Description

Today's PKIs suffer from many severe problems - CA compromises can affect any site in the Internet due to their almost unrestricted global authority, most users cannot competently assess the trustworthiness of CAs without restricting access to many HTTPS sites, and revocation of certificates and misbehaving CAs is difficult and ineffective. Our research focuses on addressing these problems through a variety of approaches. We build on log-based PKI proposals such as Sovereign Keys and Certificate Transparency, using public, append-only logs to monitor CA behavior and ensure that certificates are issued according to domain-specified policies. We also leverage public logs to handle revocations and key updates in response to events such as key loss or compromise. On a larger scale, we are redesigning the global PKI infrastructure for routing, naming, and end-entity certification (such as TLS) to further restrict global CA authority without hindering access to HTTPS sites worldwide.

Project Participants

Stephanos Matsumoto, Laurent Chuat, Raphael M. Reischuk, Pawel Szalachowski, Adrian Perrig

Publications

2016


Design, Analysis, and Implementation of ARPKI: an Attack-Resilient Public-Key Infrastructure 
 [bibtex] [doi]
David Basin, Cas Cremers, Tiffany Hyun-Jin Kim, Adrian Perrig, Ralf Sasse, Pawel Szalachowski.
In IEEE Transactions on Dependable and Secure Computing (TDSC) 2016.
Research Area: Public Key Infrastructures

RITM: Revocation in the Middle 
 [bibtex] [doi]
Pawel Szalachowski, Laurent Chuat, Taeho Lee, Adrian Perrig.
In Proceedings of the IEEE International Conference on Distributed Computing Systems (ICDCS) 2016. (Best Paper Award)
Research Area: Public Key Infrastructures

PKI Safety Net (PKISN): Addressing the Too-Big-to-Be-Revoked Problem of the TLS Ecosystem 
 [bibtex] [doi]
Pawel Szalachowski, Laurent Chuat, Adrian Perrig.
In Proceedings of the IEEE European Symposium on Security and Privacy (Euro S&P) 2016.
Research Area: Public Key Infrastructures


2015


Efficient Gossip Protocols for Verifying the Consistency of Certificate Logs 
 [bibtex] [doi]
Laurent Chuat, Pawel Szalachowski, Adrian Perrig, Ben Laurie, Eran Messeri.
In Proceedings of the IEEE Conference on Communications and Network Security (CNS) 2015.
Research Area: Public Key Infrastructures

Deployment Challenges in Log-Based PKI Enhancements 
 [bibtex]
Stephanos Matsumoto, Pawel Szalachowski, Adrian Perrig.
In Proceedings of the Eighth European Workshop on System Security (EuroSec) 2015.
Research Area: Public Key Infrastructures

Certificates-as-an-Insurance: Incentivizing Accountability in SSL/TLS 
 [bibtex]
Stephanos Matsumoto, Raphael M. Reischuk.
In Proceedings of the NDSS Workshop on Security of Emerging Network Technologies (SENT) 2015.
Research Area: Public Key Infrastructures


2014


PoliCert: Secure and Flexible TLS Certificate Management 
 [bibtex] [doi]
Pawel Szalachowski, Stephanos Matsumoto, Adrian Perrig.
In Proceedings of the ACM Conference on Computer and Communications Security (CCS) 2014.
Research Area: Public Key Infrastructures

ARPKI: Attack Resilient Public-Key Infrastructure 
 [bibtex] [doi]
David Basin, Cas Cremers, Tiffany Hyun-Jin Kim, Adrian Perrig, Ralf Sasse, Pawel Szalachowski.
In Proceedings of the ACM Conference on Computer and Communications Security (CCS) 2014.
Research Area: Public Key Infrastructures