Accountable and Transparent TLS Certificate Management: An Alternate Public-Key Infrastructure with Verifiable Trusted Parties

Abstract EN

Current Transport Layer Security (TLS) Public-Key Infrastructure (PKI) is a vast and complex system; it consists of processes, policies, and entities that are responsible for a secure certificate management process.

Among them, Certificate Authority (CA) is the central and most trusted entity.

However, recent compromises of CA result in the desire for some other secure and transparent alternative approaches.

To distribute the trust and mitigate the threats and security issues of current PKI, publicly verifiable log-based approaches have been proposed.

However, still, these schemes have vulnerabilities and inefficiency problems due to lack of specifying proper monitoring, data structure, and extra latency.

We propose Accountable and Transparent TLS Certificate Management: an alternate Public-Key Infrastructure (PKI) with verifiable trusted parties (ATCM) that makes certificate management phases; certificate issuance, registration, revocation, and validation publicly verifiable.

It also guarantees strong security by preventing man-in-middle-attack (MitM) when at least one entity is trusted out of all entities taking part in the protocol signing and verification.

Accountable and Transparent TLS Certificate Management: an alternate Public-Key Infrastructure (PKI) with verifiable trusted parties (ATCM) can handle CA hierarchy and introduces an improved revocation system and revocation policy.

We have compared our performance results with state-of-the-art log-based protocols.

The performance results and evaluations show that it is feasible for practical use.

Moreover, we have performed formal verification of our proposed protocol to verify its core security properties using Tamarin Prover.