%
% Title page
%
% Hi everyone.  Welcome to our talk "privacy-preserving and incrementally 
% deployable support for Certificate Transparency in Tor".  I'm Rasmus, a PhD
% student at Karlstad University.  This is joint work together with
% 	Tobias Pulls from Karlstad University,
% 	Tom Ritter from Mozilla, and
%	Paul Syverson from the US Naval Research Laboratory.
%

\begin{frame}
	%
	% To get started I would like to remind us of the past.
	%
	% The year is 2011.  Summer just arrived, and we are located in the northern
	% parts of Netherlands.  The offices of DigiNotar appear to be operating as
	% usual.  Had we been there at the time, we probably wouldn't have thought
	% they'd be out of business in September.
	%
	\vfill
	\begin{columns}
		\begin{column}{0.45\textwidth}
			\mktitle{A flash-back into the past}
			\begin{itemize}
				\item June, 2011
				\item Netherlands, Beverwijk
				\item DigiNotar
			\end{itemize}
		\end{column}
		\begin{column}{0.55\textwidth}
			\centering
			\includegraphics[width=\columnwidth]{img/beverwijk}
			\burl{https://creativecommons.org/licenses/by-sa/3.0/}
			% https://commons.wikimedia.org/wiki/File:Nzkanaal2.jpg
		\end{column}
	\end{columns}
\end{frame}

\begin{frame}
	%
	% What happened?
	% 
	% Let me give you the backdrop.
	%
	% DigiNotar was a so-called certificate authority that issued certificates
	% for the web.  Your browser uses these certificates to verify that you are
	% really visiting the website that you intended to and not some attacker.
	%
	% Sounds great!  What's the catch?
	% Well.
	% You have to trust that no Certificate Authority is going to mess up the
	% certificate issuance process.  Any failure in this process may result in a
	% mis-issued certificate, which in turn may result in insecure connections.
	%
	% Okay.  So,
	% I think most of you know what happened.  DigiNotar was hacked.  They
	% mis-issued certificates for Google, Mozilla, Tor, and many others.
	%	
	% This was actually detected by DigiNotar.
	% In response, they decided to be silent and cover it up.
	%
	% The main reason why we, the public, detected that DigiNotar was no longer
	% operating in good faith is because of a large scale attack in Iran.  Some
	% of the mis-issued certificates were used to intercept network traffic of
	% 300k gmail users.  Perhaps we were actually lucky to detect the attack at
	% all.  If the attacker had been more stealthy, DigiNotar might still have
	% been in operation today.  That is a scary though.  Can we do better?
	%
	% Fortunately, the answer is yes.  We can do better.  The overall ecosystem
	% improved significantly since 2011.  This talk covers one such improvement:
	% - Certificate Transparency
	%
	\vfill
	\begin{columns}
		\begin{column}{0.45\textwidth}
			\mktitle{What happened?}
			\begin{itemize}
				\item DigiNotar issued web certificates
				\item Did not live up to expectations
				\item Then tried to cover it up\footnotemark
			\end{itemize}
		\end{column}
		\begin{column}{0.55\textwidth}
			\centering
			\includegraphics[width=\columnwidth]{img/diginotar}
			\burl{https://www.bbc.com/news/technology-14989334}
		\end{column}
	\end{columns}
	\vfill
	\pause
	\centering\alert{A stealthy attacker might have gotten away with it!}
	\footnotetext[1]{%
		\tiny{
			FoxIT.
			Black Tulip: Report of the investigation into the DigiNotar Certificate
				Authority breach.
			Page 3.
		}
	}
\end{frame}

\begin{frame}
	%
	% Just to make sure that we are on the same page.
	%
	% A large scale attack should not be necessary to detect if a trusted party
	% like DigiNotar misbehaves.  And it is not like we are only talking about a
	% single isolated incident.  The real problem is that we have hundreds of
	% Certificate Authorities that claim to issue certificates only to the
	% rightful domain owners.  Every now and then, someone gets it wrong.  What
	% we are left with is an incident that endangers our digital safety,
	% sometimes even our physical safety depending on the real-world context.
	%
	% What Certificate Transparency brings to the table is the ability to detect
	% mis-issued certificates.  The basic idea is that every issued certificate
	% must be disclosed in a public log that anyone can inspect.
	%
	% Usually, Certificate authorities are the ones doing the logging.  Websites
	% then serve the issued certificate together with some proofs of logging.
	% The browser verifies these proofs before accepting the certificate as
	% valid.
	%
	% This is actually great, because now a website can look for certificates
	% that match their domain name in the log.  If something shows up that they
	% did not ask for - well - now they are aware of that.  They probably
	% wouldn't have been without the log.  In response, you might question the
	% certificate authority, initiate a revocation process, and so forth.
	%
	\vfill
	\begin{columns}
		\begin{column}{0.5\textwidth}
			\mktitle{Larger problem and solution?}
			\begin{itemize}
				\item Digitar was not a one-time incident\footnotemark
				\item Many other parties can get it wrong
				\item Add visibility into issued certificates\footnotemark
			\end{itemize}
		\end{column}
		\begin{column}{0.5\textwidth}
			\input{img/ct}
		\end{column}
	\end{columns}
	\footnotetext[2]{\burl{https://sslmate.com/certspotter/failures}}
	\footnotetext[3]{\burl{https://certificate.transparency.dev/}}
\end{frame}

\begin{frame}
	%
	% Certificate Transparency, or CT for short, has been - and is still being -
	% gradually rolled-out by Google and others.  For example, every certificate
	% must be CT compliant to validate in Google Chrome and Apple's Safari.
	%
	% CT compliance basically means that at least two logs must have "promised"
	% to make that certificate available to the public.  Such a promise is
	% usually called an SCT and it is hard-coded into the issued certificate.
	% 
	% Browsers currently use SCTs as proofs of logging.  It is possible to
	% verify that these promises are in fact true.  That is an important part to
	% ensure that blind trust is not shifted from Certificate Authorities to CT
	% logs.  However, such verification is challenging because of the added
	% complexity and possible privacy concerns.
	%
	% For example, to verify that a certificate is in fact included in a log,
	% you need to interact with the log ecosystem.  Such interactions leak
	% a user's browsing patterns to the logs and that is kind of problematic.
	%
	\mktitle{Certificate Transparency (CT) compliance\footnotemark}
	\begin{columns}
		\begin{column}{0.25\textwidth}
		\end{column}
		\begin{column}{0.25\textwidth}
			\centering\includegraphics[width=.67\columnwidth]{img/chrome}
		\end{column}
		\begin{column}{0.25\textwidth}
			\centering\includegraphics[width=.7\columnwidth]{img/safari}
		\end{column}
		\begin{column}{0.25\textwidth}
		\end{column}
	\end{columns}
	\vfill
	``Two logs promised that they will make the certificate public''

	\footnotetext[4]{%
		\burl{https://github.com/chromium/ct-policy/blob/master/ct_policy.md}
		\&
		\burl{https://support.apple.com/en-us/HT205280}%
	}
\end{frame}