Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Aggregating Certificate Transparency Gossip Using Programmable Packet Processors
Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science.
2018 (English)Independent thesis Advanced level (professional degree), 20 credits / 30 HE creditsStudent thesis
Abstract [en]

Certificate Transparency (CT) logs are append-only tamper-evident data structures that can be verified by anyone. For example, it is possible to challenge a log to prove certificate inclusion (membership) and log consistency (append-only, no tampering) based on partial information. While these properties can convince an entity that a certificate is logged and not suddenly removed in the future, there is no guarantee that anyone else observes the same consistent view. To solve this issue a few gossip protocols have been proposed, each with different quirks, benefits, assumptions, and goals. We explore CT gossip below the application layer, finding that packet processors such as switches, routers, and middleboxes can aggregate gossip passively or actively to achieve herd immunity: (in)direct protection against undetectable log misbehaviour. Throughout the thesis we describe, instantiate, and discuss passive aggregation of gossip messages for a restricted data plane programming language: P4. The concept of active aggregation is also introduced. We conclude that (i) aggregation is independent of higher-level transparency applications and infrastructures, (ii) it appears most prominent to aggregate Signed Tree Heads (STHs) in terms of privacy and scalability, and (iii) passive aggregation can be a long-term solution if the CT ecosystem adapts. In other words, not all sources of gossip must be encrypted to preserve privacy.

Place, publisher, year, edition, pages
2018. , p. 69
Keywords [en]
Certificate Transparency, CT, Gossip, P4
National Category
Computer Sciences
Identifiers
URN: urn:nbn:se:kau:diva-65977OAI: oai:DiVA.org:kau-65977DiVA, id: diva2:1177741
Subject / course
Computer Science
Educational program
Engineering: Computer Engineering (300 ECTS credits)
Presentation
2018-01-19, 13:15 (English)
Supervisors
Examiners
Available from: 2018-01-26 Created: 2018-01-25 Last updated: 2018-01-26Bibliographically approved

Open Access in DiVA

fulltext(897 kB)148 downloads
File information
File name FULLTEXT01.pdfFile size 897 kBChecksum SHA-512
fd165a2d402cc3cbfbba75c4422c96f7b1e8af0e6c066bcb0c8c5d0bf394ccff62a45564884b2440d99fa19f881380035d845dec63a0d1a08b9a70ddedbba8c5
Type fulltextMimetype application/pdf

By organisation
Department of Mathematics and Computer Science
Computer Sciences

Search outside of DiVA

GoogleGoogle Scholar
Total: 148 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Altmetric score

urn-nbn
Total: 1005 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf