Secure Logging Schemes and Certificate Transparency

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9879)


Since hundreds of certificate authorities (CAs) can issue browser-trusted certificates, it can be difficult for domain owners to detect certificates that have been fraudulently issued for their domain. Certificate Transparency (CT) is a recent standard by the Internet Engineering Task Force (IETF) that aims to construct public logs of all certificates issued by CAs, making it easier for domain owners to monitor for fraudulently issued certificates. To avoid relying on trusted log servers, CT includes mechanisms by which monitors and auditors can check whether logs are behaving honestly or not; these mechanisms are primarily based on Merkle tree hashing and authentication proofs. Given that CT is now being deployed, it is important to verify that it achieves its security goals. In this work, we define four security properties of logging schemes such as CT that can be assured via cryptographic means, and show that CT does achieve these security properties. We consider two classes of security goals: those involving security against a malicious logger attempting to present different views of the log to different parties or at different points in time, and those involving security against malicious monitors who attempt to frame an honest log for failing to include a certificate in the log. We show that Certificate Transparency satisfies these security properties under various assumptions on Merkle trees all of which reduce to collision resistance of the underlying hash function (and in one case with the additional assumption of unforgeable signatures).


Hash Function Security Property Certificate Authority Internet Engineer Task Force Security Goal 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.



Benjamin Dowling and Douglas Stebila are supported by Australian Research Council (ARC) Discovery Project grant DP130104304. Felix Günther is supported by the DFG as part of project S4 within the CRC 1119 CROSSING.


  1. 1.
    Basin, D.A., Cremers, C.J.F., Kim, T.H.J., Perrig, A., Sasse, R., Szalachowski, P.: ARPKI: attack resilient public-key infrastructure. In: Ahn, G.J., Yung, M., Li, N. (eds.) ACM CCS 2014, pp. 382–393. ACM Press, November 2014Google Scholar
  2. 2.
    Bellare, M., Goldreich, O., Goldwasser, S.: Incremental cryptography: the case of hashing and signing. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 216–233. Springer, Heidelberg (1994)Google Scholar
  3. 3.
    Bellare, M., Micciancio, D.: A new paradigm for collision-free hashing: incrementality at reduced cost. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 163–192. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  4. 4.
    Braun, J., Kiefer, F., Hülsing, A.: Revocation and non-repudiation: when the first destroys the latter. In: Katsikas, S., Agudo, I. (eds.) EuroPKI 2013. LNCS, vol. 8341, pp. 31–46. Springer, Heidelberg (2014)CrossRefGoogle Scholar
  5. 5.
    Comodo Group: Comodo fraud incident, 31 Mar 2011.
  6. 6.
    Crosby, S.A.: Efficient Tamper-Evident Data Structures for Untrusted Servers. Ph.D. thesis, Rice University, Houston, Texas, USA (2009)Google Scholar
  7. 7.
    Crosby, S.A., Wallach, D.S.: Efficient data structures for tamper-evident logging. In: 18th USENIX Security Symposium 2009, pp. 317–334. USENIX Association (2009).
  8. 8.
    Dowling, B., Günther, F., Herath, U., Stebila, D.: Secure logging schemes and Certificate Transparency (full version). Cryptology ePrint Archive, Report 2016/452 (2016). Google Scholar
  9. 9.
    Electronic Frontier Foundation: Sovereign Keys.
  10. 10.
    Evans, C., Palmer, C., Sleevi, R.: Public Key Pinning Extension for HTTP. RFC 7469 (Proposed Standard), April 2015.
  11. 11.
    Fox, I.T.: Black Tulip: Report of the investigation into the DigiNotar certificate authority breach, August 2012.
  12. 12.
    Goldwasser, S., Micali, S., Rivest, R.L.: A digital signature scheme secure against adaptive chosen-message attacks. SIAM J. Comput. 17(2), 281–308 (1988)MathSciNetCrossRefzbMATHGoogle Scholar
  13. 13.
    Hoffman, P., Schlyter, J.: The DNS-Based Authentication of Named Entities (DANE) Transport Layer Security (TLS) Protocol: TLSA. RFC 6698 (Proposed Standard), August 2012.
  14. 14.
  15. 15.
    Kent, S.: Attack model and threat for Certificate Transparency, October 2015.
  16. 16.
    Kim, T.H., Huang, L., Perrig, A., Jackson, C., Gligor, V.D.: Accountable key infrastructure (AKI): a proposal for a public-key validation infrastructure. In: 22nd International World Wide Web Conference (WWW) 2013, pp. 679–690. ACM (2013)Google Scholar
  17. 17.
    Laurie, B., Langley, A., Kasper, E.: Certificate Transparency. RFC 6962 (Experimental), June 2013.
  18. 18.
    Laurie, B.: Certificate transparency. ACM Queue Secur. 12(8), 10 (2014)CrossRefGoogle Scholar
  19. 19.
    Laurie, B., Kasper, E.: Revocation Transparency (2012).
  20. 20.
    Li, F., Hadjieleftheriou, M., Kollios, G., Reyzin, L.: Dynamic authenticated index structures for outsourced databases. In: ACM SIGMOD International Conference on Management of Data 2006, pp. 121–132. ACM (2006)Google Scholar
  21. 21.
    Marchesini, J.C., Smith, S.: Modeling public key infrastructures in the real world. In: Chadwick, D., Zhao, G. (eds.) EuroPKI 2005. LNCS, vol. 3545, pp. 118–134. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  22. 22.
    Maurer, U.M.: Modelling a public-key infrastructure. In: Bertino, E., Kurth, H., Martella, G., Montolivo, E. (eds.) Computer Security – ESORICS ’96. LNCS, vol. 1146, pp. 325–350. Springer, Heidelberg (1996)CrossRefGoogle Scholar
  23. 23.
    Melara, M.S., Blankstein, A., Bonneau, J., Felten, E.W., Freedman, M.J.: CONIKS: bringing key transparency to end users. In: USENIX Security 2015, pp. 383–398. USENIX Association (2015)Google Scholar
  24. 24.
    Merkle, R.C.: Secrecy, authentication, and public key systems. Technical report 1979–1, Information Systems Laboratory, Stanford University, June 1979Google Scholar
  25. 25.
    Merkle, R.C.: A certified digital signature. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 218–238. Springer, Heidelberg (1990)Google Scholar
  26. 26.
    Nissim, K., Naor, M.: Certificate revocation and certificate update. In: USENIX Security 1998. USENIX Association (1998)Google Scholar
  27. 27.
    Nordberg, L., Gillmor, D., Ritter, T.: Gossiping in CT, August 2015.
  28. 28.
    Ogawa, M., Horita, E., Ono, S.: Proving properties of incremental merkle trees. In: Nieuwenhuis, R. (ed.) CADE 2005. LNCS (LNAI), vol. 3632, pp. 424–440. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  29. 29.
    Ryan, M.D.: Enhanced certificate transparency and end-to-end encrypted mail. In: NDSS 2014, The Internet Society, February 2014Google Scholar
  30. 30.
    Somogyi, S., Eijdenberg, A.: Improved digital certificate security, September 2015.
  31. 31.
    Villemson, J.: Size-efficient interval time stamps. Ph.D. thesis, Tartu (2002)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  1. 1.Queensland University of TechnologyBrisbaneAustralia
  2. 2.Technische Universität DarmstadtDarmstadtGermany
  3. 3.McMaster UniversityHamiltonCanada

Personalised recommendations