Quantitative Verification of Certificate Transparency Gossip Protocols

Michael Oxford, David Parker, Mark Ryan

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Certificate transparency is a promising log-based system designed to audit internet certificates publicly and is currently supported by Google Chrome. However, it is potentially vulnerable to split-world attacks, where certain users are directed to a fake version of the log. So, to ensure that users are seeing the same version of a log, gossip protocols have been designed in which users share data sourced from the log. In this paper, we propose a new way of evaluating these protocols using probabilistic model checking, a technique for formally verifying quantitative properties of computer systems. We describe our approach to modelling and verifying the protocols, including a novel approach to determine worst-case model parameters. We analyse several aspects of the protocols, including the success rate of detecting inconsistencies in gossiped data and the efficiency in terms of bandwidth, comparing different protocol variants and also our own proposals to improve protocol performance.
Original languageEnglish
Title of host publicationProceedings of 6th International Workshop on Security and Privacy in the Cloud (SPC'20)
PublisherIEEE Computer Society Press
Number of pages9
Publication statusAccepted/In press - 3 May 2020
Event6th International Workshop on Security and Privacy in the Cloud (SPC'20) - Virtual event
Duration: 29 Jun 20201 Jul 2020

Conference

Conference6th International Workshop on Security and Privacy in the Cloud (SPC'20)
CityVirtual event
Period29/06/201/07/20

Fingerprint

Dive into the research topics of 'Quantitative Verification of Certificate Transparency Gossip Protocols'. Together they form a unique fingerprint.

Cite this