Public Key Infrastructures
Project Description
Today's PKIs suffer from many severe problems - CA compromises can affect any site in the Internet due to their almost unrestricted global authority, most users cannot competently assess the trustworthiness of CAs without restricting access to many HTTPS sites, and revocation of certificates and misbehaving CAs is difficult and ineffective. Our research focuses on addressing these problems through a variety of approaches. We build on log-based PKI proposals such as Sovereign Keys and Certificate Transparency, using public, append-only logs to monitor CA behavior and ensure that certificates are issued according to domain-specified policies. We also leverage public logs to handle revocations and key updates in response to events such as key loss or compromise. On a larger scale, we are redesigning the global PKI infrastructure for routing, naming, and end-entity certification (such as TLS) to further restrict global CA authority without hindering access to HTTPS sites worldwide.
Publications
12 results2022
F-PKI: Enabling Innovation and Trust Flexibility in the HTTPS Public-Key Infrastructure.
In Proceedings of the Symposium on Network and Distributed System Security (NDSS) 2022.
Research Area: Public Key Infrastructures
2020
SoK: Delegation and Revocation, the Missing Links in the Web’s Chain of Trust.
In Proceedings of the IEEE European Symposium on Security and Privacy (EuroS&P) 2020.
Research Area: Public Key Infrastructures
2018
BlockPKI: An Automated, Resilient, and Transparent Public-Key Infrastructure.
In Workshop on Blockchain and Sharing Economy Applications (BlockSEA) 2018.
Research Area: Public Key Infrastructures
2016
Design, Analysis, and Implementation of ARPKI: an Attack-Resilient Public-Key Infrastructure.
In IEEE Transactions on Dependable and Secure Computing (TDSC) 2016.
Research Area: Public Key Infrastructures
RITM: Revocation in the Middle.
In Proceedings of the IEEE International Conference on Distributed Computing Systems (ICDCS) 2016. (Best Paper Award)
Research Area: Public Key Infrastructures
PKI Safety Net (PKISN): Addressing the Too-Big-to-Be-Revoked Problem of the TLS Ecosystem.
In Proceedings of the IEEE European Symposium on Security and Privacy (Euro S&P) 2016.
Research Area: Public Key Infrastructures
2015
Efficient Gossip Protocols for Verifying the Consistency of Certificate Logs.
In Proceedings of the IEEE Conference on Communications and Network Security (CNS) 2015.
Research Area: Public Key Infrastructures
Deployment Challenges in Log-Based PKI Enhancements.
In Proceedings of the Eighth European Workshop on System Security (EuroSec) 2015.
Research Area: Public Key Infrastructures
Certificates-as-an-Insurance: Incentivizing Accountability in SSL/TLS.
In Proceedings of the NDSS Workshop on Security of Emerging Network Technologies (SENT) 2015.
Research Area: Public Key Infrastructures
2014
PoliCert: Secure and Flexible TLS Certificate Management.
In Proceedings of the ACM Conference on Computer and Communications Security (CCS) 2014.
Research Area: Public Key Infrastructures
ARPKI: Attack Resilient Public-Key Infrastructure.
In Proceedings of the ACM Conference on Computer and Communications Security (CCS) 2014.
Research Area: Public Key Infrastructures
2013
Accountable Key Infrastructure (AKI): A Proposal for a Public-Key Validation Infrastructure.
In Proceedings of the International World Wide Web Conference (WWW) 2013.
Research Area: Public Key Infrastructures