{"title":"半ct:证书对身份所有者透明,但对窥探者不透明","authors":"Aozhuo Sun, Bingyu Li, Qiongxiao Wang, Huiqing Wan, Jingqiang Lin, Wei Wang","doi":"10.1109/ISCC58397.2023.10217862","DOIUrl":null,"url":null,"abstract":"Certificate Transparency (CT) enables timely detection of problematic certification authorities (CAs) by publicly recording all CA-issued certificates. This transparency inevitably leaks the privacy of identity owners (IdOs) through the identity information bound in certificates. In response to the privacy leakage, several privacy-preserving schemes have been proposed that transform/hash/encrypt the privacy-carrying part in certificates. However, these certificates conceal identity while also making it opaque to the IdO, which defeats the purpose of CT. To address the contradiction between transparency and privacy, we propose Semi-CT, a semi-transparency mechanism that makes the certificates transparent to IdOs but opaque to snoopers. Inspired by public-key encryption with keyword search (PEKS), Semi-CT based on bilinear pairing enables trapdoor-holding IdOs to retrieve certificates associated with their identity. Semi-CT also addresses protocol deviation detection and trapdoor protection in the malicious model. Finally, through theoretical and experimental analysis, we prove the security and feasibility of Semi-CT for practical applications.","PeriodicalId":265337,"journal":{"name":"2023 IEEE Symposium on Computers and Communications (ISCC)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-07-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Semi-CT: Certificates Transparent to Identity Owners but Opaque to Snoopers\",\"authors\":\"Aozhuo Sun, Bingyu Li, Qiongxiao Wang, Huiqing Wan, Jingqiang Lin, Wei Wang\",\"doi\":\"10.1109/ISCC58397.2023.10217862\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Certificate Transparency (CT) enables timely detection of problematic certification authorities (CAs) by publicly recording all CA-issued certificates. This transparency inevitably leaks the privacy of identity owners (IdOs) through the identity information bound in certificates. In response to the privacy leakage, several privacy-preserving schemes have been proposed that transform/hash/encrypt the privacy-carrying part in certificates. However, these certificates conceal identity while also making it opaque to the IdO, which defeats the purpose of CT. To address the contradiction between transparency and privacy, we propose Semi-CT, a semi-transparency mechanism that makes the certificates transparent to IdOs but opaque to snoopers. Inspired by public-key encryption with keyword search (PEKS), Semi-CT based on bilinear pairing enables trapdoor-holding IdOs to retrieve certificates associated with their identity. Semi-CT also addresses protocol deviation detection and trapdoor protection in the malicious model. Finally, through theoretical and experimental analysis, we prove the security and feasibility of Semi-CT for practical applications.\",\"PeriodicalId\":265337,\"journal\":{\"name\":\"2023 IEEE Symposium on Computers and Communications (ISCC)\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-07-09\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2023 IEEE Symposium on Computers and Communications (ISCC)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ISCC58397.2023.10217862\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2023 IEEE Symposium on Computers and Communications (ISCC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISCC58397.2023.10217862","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Semi-CT: Certificates Transparent to Identity Owners but Opaque to Snoopers
Certificate Transparency (CT) enables timely detection of problematic certification authorities (CAs) by publicly recording all CA-issued certificates. This transparency inevitably leaks the privacy of identity owners (IdOs) through the identity information bound in certificates. In response to the privacy leakage, several privacy-preserving schemes have been proposed that transform/hash/encrypt the privacy-carrying part in certificates. However, these certificates conceal identity while also making it opaque to the IdO, which defeats the purpose of CT. To address the contradiction between transparency and privacy, we propose Semi-CT, a semi-transparency mechanism that makes the certificates transparent to IdOs but opaque to snoopers. Inspired by public-key encryption with keyword search (PEKS), Semi-CT based on bilinear pairing enables trapdoor-holding IdOs to retrieve certificates associated with their identity. Semi-CT also addresses protocol deviation detection and trapdoor protection in the malicious model. Finally, through theoretical and experimental analysis, we prove the security and feasibility of Semi-CT for practical applications.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
