ACE Seminar: PoliCert: A Highly Resilient Public-Key Infrastructure

Speaker: Prof. Adrian Perrig, ETH Zurich
UCL Contact: Emiliano DeCristofaro (Visitors from outside UCL please email in advance).
Date/Time: 18 Sep 14, 16:00 - 17:00
Venue: 6.12
Further Information:

If you'd like to meet the speaker, please reserve a slot by filling out the following google sheet:
http://goo.gl/PvEJmk

Abstract

The recently proposed concept of publicly verifiable logs is a promising approach for mitigating security issues and threats of the current Public-Key Infrastructure (PKI). Although much progress has been made towards a more secure infrastructure, the currently proposed approaches still suffer from security vulnerabilities, inefficiency, and incremental deployment challenges.
We propose PoliCert, a comprehensive log-based and domain-oriented architecture that enhances the security of PKI by offering: a) stronger authentication of a domain's public keys, b) comprehensive and clean mechanisms for certificate management, and c) an incentivised incremental deployment plan. Surprisingly, our approach has proved fruitful in addressing other seemingly unrelated problems such as TLS-related error handling and client/server misconfiguration.
To ensure correctness of our design, we have formally verified a subset of PoliCert using the Tamarin prover. We verify that our approach offers extremely strong security guarantees: (1) it prevents attacks by ensuring that compromising all-but-one trusted signing and verifying entities is insufficient to launch an impersonation attack; and (2) it enforces accountability and deterrence against misbehavior since all operations are publicly visible.
We have completely implemented PoliCert and we demonstrate its efficiency and resilience to attacks.

Prof. Adrian Perrig