Pawel Szalachowski

ARPKI: Attack Resilient Public-Key Infrastructure

We present ARPKI, a public-key infrastructure that ensures that certificate-related operations, such as certificate issuance, update, revocation, and validation, are transparent and accountable. ARPKI is the first such infrastructure that systematically takes into account requirements identified by previous research. Moreover, ARPKI is co-designed with a formal model, and we verify its core security property using the Tamarin prover. We present a proof-of-concept implementation providing all features required for deployment. ARPKI efficiently handles the certification process with low overhead and without incurring additional latency to TLS. ARPKI offers extremely strong security guarantees, where compromising n-1 trusted signing and verifying entities is insufficient to launch an impersonation attack. Moreover, it deters misbehavior as all its operations are publicly visible.

PoliCert: Secure and Flexible TLS Certificate Management

The recently proposed concept of publicly verifiable logs is a promising approach for mitigating security issues and threats of the current Public-Key Infrastructure (PKI). Although much progress has been made towards a more secure infrastructure, the currently proposed approaches still suffer from security vulnerabilities, inefficiency, or incremental deployment challenges. In this paper we propose PoliCert, a comprehensive log-based and domain-oriented architecture that enhances the security of PKI by offering: a) stronger authentication of a domains public keys, b) comprehensive and clean mechanisms for certificate management, and c) an incentivised incremental deployment plan. Surprisingly, our approach has proved fruitful in addressing other seemingly unrelated problems such as TLS-related error handling and client/server misconfiguration.

Efficient gossip protocols for verifying the consistency of Certificate logs

The level of trust accorded to certification authorities has been decreasing over the last few years as several cases of misbehavior and compromise have been observed. Log-based approaches, such as Certificate Transparency, ensure that fraudulent TLS certificates become publicly visible. However, a key element that log-based approaches still lack is a way for clients to verify that the log behaves in a consistent and honest manner. This task is challenging due to privacy, efficiency, and deployability reasons. In this paper, we propose the first (to the best of our knowledge) gossip protocols that enable the detection of log inconsistencies. We analyze these protocols and present the results of a simulation based on real Internet traffic traces. We also give a deployment plan, discuss technical issues, and present an implementation.

SIBRA: Scalable Internet Bandwidth Reservation Architecture

This paper proposes a Scalable Internet Bandwidth Reservation Architecture (SIBRA) as a new approach against DDoS attacks, which, until now, continue to be a menace on todays Internet. SIBRA provides scalable inter-domain resource allocations and botnet-size independence, an important property to realize why previous defense approaches are insufficient. Botnet-size independence enables two end hosts to set up communication regardless of the size of distributed botnets in any Autonomous System in the Internet. SIBRA thus ends the arms race between DDoS attackers and defenders. Furthermore, SIBRA is based on purely stateless operations for reservation renewal, flow monitoring, and policing, resulting in highly efficient router operation, which is demonstrated with a full implementation. Finally, SIBRA supports Dynamic Interdomain Leased Lines (DILLs), offering new business opportunities for ISPs.

PKI Safety Net (PKISN): Addressing the Too-Big-to-Be-Revoked Problem of the TLS Ecosystem

In a public-key infrastructure (PKI), clients must have an efficient and secure way to determine whether a certificate was revoked (by an entity considered as legitimate to do so), while preserving user privacy. A few certification authorities (CAs) are currently responsible for the issuance of the large majority of TLS certificates. These certificates are considered valid only if the certificate of the issuing CA is also valid. The certificates of these important CAs are effectively too big to be revoked, as revoking them would result in massive collateral damage. To solve this problem, we redesign the current revocation system with a novel approach that we call PKI Safety Net (PKISN), which uses publicly accessible logs to store certificates (in the spirit of Certificate Transparency) and revocations. The proposed system extends existing mechanisms, which enables simple deployment. Moreover, we present a complete implementation and evaluation of our scheme.

Design, Analysis, and Implementation of ARPKI: an Attack-Resilient Public-Key Infrastructure

The current Transport Layer Security (TLS) Public-Key Infrastructure (PKI) is based on a weakest-link security model that depends on over a thousand trust roots. The recent history of malicious and compromised Certification Authorities has fueled the desire for alternatives. Creating a new, secure infrastructure is, however, a surprisingly challenging task due to the large number of parties involved and the many ways that they can interact. A principled approach to its design is therefore mandatory, as humans cannot feasibly consider all the cases that can occur due to the multitude of interleavings of actions by legitimate parties and attackers, such as private key compromises (e.g., domain, Certification Authority, log server, other trusted entities), key revocations, key updates, etc. We present ARPKI, a PKI architecture that ensures that certificate-related operations, such as certificate issuance, update, revocation, and validation, are transparent and accountable. ARPKI efficiently supports these operations, and gracefully handles catastrophic events such as domain key loss or compromise. Moreover ARPKI is the first PKI architecture that is co-designed with a formal model, and we verify its core security property using the Tamarin prover. We prove that ARPKI offers extremely strong security guarantees, where compromising even

Deployment challenges in log-based PKI enhancements

n-1

Lightweight Protection of Group Content Distribution

trusted signing and verifying entities is insufficient to launch a man-in-the-middle attack. Moreover, ARPKIs use deters misbehavior as all operations are publicly visible. Finally, we present a proof-of-concept implementation that provides all the features required for deployment. Our experiments indicate that ARPKI efficiently handles the certification process with low overhead. It does not incur additional latency to TLS, since no additional round trips are required.

Authentication Challenges in a Global Environment

Log-based PKI enhancements propose to improve the current TLS PKI by creating public logs to monitor CA operations, thus providing transparency and accountability. In this paper we take the first steps in studying the deployment process of log-based PKI enhancements in two ways. First, we model the influences that parties in the PKI have to incentivize one another to deploy a PKI enhancement, and determine that potential PKI enhancements should focus their initial efforts on convincing browser vendors to deploy. Second, as a promising vendor-based solution we propose deployment status filters, which use a Bloom filter to monitor deployment status and efficiently defend against downgrade attacks from the enhanced protocol to the current TLS PKI. Our results provide promising deployment strategies for log-based PKI enhancements and raise additional questions for further fruitful research.

Secure broadcast in distributed networks with strong adversaries

Achieving security properties in distributed, hardware-limited, and unattended networks is a challenging task. This setting is challenging because an adversary can capture and physically compromise unattended nodes. In this setting, this paper presents one-way group communication protocols with strong security properties. In particular, how to send messages to a group of hardware-limited nodes with message secrecy and authenticity? We present several protocols and analyze them in terms of security, efficiency, and deployability. The resulting solutions are generic and can be useful in a variety of distributed systems.