Jie Kong (Dept. of Computer Science and Engineering, University of Connecticut, Storrs, CT), Damon James (Dept. of Computer Science and Engineering, University of Connecticut, Storrs, CT), Hemi Leibowitz (Faculty of Computer Science, The College of Management Academic Studies, Rishon LeZion, Israel), Ewa Syta (Dept. of Computer Science, Trinity College, Hartford, CT), Amir Herzberg (Dept. of Computer Science and Engineering, University of Connecticut, Storrs, CT)
We present CTng, an evolutionary and practical PKI design that efficiently addresses multiple key challenges faced by deployed PKI systems. CTng ensures strong security properties, including guaranteed transparency of certificates and guaranteed, unequivocal revocation, achieved under NTTP-security, i.e., without requiring trust in any single CA, logger, or relying party. These guarantees hold even in the presence of arbitrary corruptions of these entities, assuming only a known bound (f) of corrupt monitors (e.g., f=8), with minimal performance impact. CTng also enables efficient certificate validation and preserves relying-party privacy, while providing scalable and efficient distribution of revocation updates.
These properties significantly improve upon current PKI designs. In particular, while Certificate Transparency (CT) [35], [36], [37] aims to eliminate single points of trust, the existing specification [36] still assumes benign loggers. Addressing this through log redundancy is possible, but rather inefficient, limiting deployed configurations to f ≤ 2.
We present a security analysis and an evaluation of our opensource CTng prototype, showing that it is efficient and scalable under realistic deployment conditions.