Private Queries on Public Certificate Transparency Data

Vy An Phan

EECS Department
University of California, Berkeley
Technical Report No. UCB/EECS-2019-27
May 9, 2019

http://www2.eecs.berkeley.edu/Pubs/TechRpts/2019/EECS-2019-27.pdf

Despite increasing advancements in today's information exchange infrastructure, the preservation of user data and privacy still remains a problem. Both insecure baselines and secure solutions leak user data. For example, Certificate Transparency (CT) promises significant security improvements to existing Public Key Infrastructure solutions that up-to-now have solely relied on the Certificate Authority hierarchy. CT provides a robust auditing layer and transparency solution to quickly detect such compromises, but introduces the requirement that client browsers interact with third-party servers when validating a site certificate.

In the existing CT system, these requests leak information about each user's browsing habits to the hosting server. It is not a stretch to think that this valuable data could be collected and exploited, as corporations and governments have plenty of financial and political incentive to do so. In this project, we seek to address this problem by using an oblivious file sharing system with strong anonymity properties, to provide a more scalable, performant solution to privacy-preserving queries.

Advisor: Doug Tygar


BibTeX citation:

@mastersthesis{Phan:EECS-2019-27,
    Author = {Phan, Vy An},
    Title = {Private Queries on Public Certificate Transparency Data},
    School = {EECS Department, University of California, Berkeley},
    Year = {2019},
    Month = {May},
    URL = {http://www2.eecs.berkeley.edu/Pubs/TechRpts/2019/EECS-2019-27.html},
    Number = {UCB/EECS-2019-27},
    Abstract = {Despite increasing advancements in today's information exchange infrastructure, the preservation of user data and privacy still remains a problem. Both insecure baselines and secure solutions leak user data. For example, Certificate Transparency (CT) promises significant security improvements to existing Public Key Infrastructure solutions that up-to-now have solely relied on the Certificate Authority hierarchy. CT provides a robust auditing layer and transparency solution to quickly detect such compromises, but introduces the requirement that client browsers interact with third-party servers when validating a site certificate.

In the existing CT system, these requests leak information about each user's browsing habits to the hosting server. It is not a stretch to think that this valuable data could be collected and exploited, as corporations and governments have plenty of financial and political incentive to do so. In this project, we seek to address this problem by using an oblivious file sharing system with strong anonymity properties, to provide a more scalable, performant solution to privacy-preserving queries.}
}

EndNote citation:

%0 Thesis
%A Phan, Vy An
%T Private Queries on Public Certificate Transparency Data
%I EECS Department, University of California, Berkeley
%D 2019
%8 May 9
%@ UCB/EECS-2019-27
%U http://www2.eecs.berkeley.edu/Pubs/TechRpts/2019/EECS-2019-27.html
%F Phan:EECS-2019-27