diff options
author | Rasmus Dahlberg <rasmus@rgdd.se> | 2024-10-15 16:08:16 +0200 |
---|---|---|
committer | Rasmus Dahlberg <rasmus@rgdd.se> | 2024-10-15 16:08:16 +0200 |
commit | 385cc92bc91e1a6c3724085c060e76bf40c13ed3 (patch) | |
tree | 26d0a8f81f2caa472830fd40a51844bb202c1355 /summary/src/abstract.tex |
Import PhD thesis
Diffstat (limited to 'summary/src/abstract.tex')
-rw-r--r-- | summary/src/abstract.tex | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/summary/src/abstract.tex b/summary/src/abstract.tex new file mode 100644 index 0000000..0a43c0f --- /dev/null +++ b/summary/src/abstract.tex @@ -0,0 +1,36 @@ +Certificate Transparency is an ecosystem of logs, monitors, and auditors that +hold certificate authorities accountable while issuing certificates. We show +how the amount of trust that TLS clients and domain owners need to place in +Certificate Transparency can be reduced, both in the context of existing gradual +deployments and the largely unexplored area of Tor. Our contributions include + improved third-party monitoring, + a gossip protocol plugging into Certificate Transparency over DNS, + an incrementally deployable gossip-audit model tailored for Tor Browser, and + using certificates with onion addresses. +The methods used range from proof sketches to Internet measurements and +prototype evaluations. An essential part of our evaluation in Tor is to assess +how the protocols used during website visits---such as requesting an inclusion +proof from a Certificate Transparency log---affect unlinkability between senders +and receivers. We find that most false positives in website fingerprinting +attacks can be eliminated for all but the most frequently visited sites. This +is because the destination anonymity set can be reduced due to how Internet +protocols work: communication is observable and often involves third-party +interactions. Some of the used protocols can further be subject to side-channel +analysis. For example, we show that remote (timeless) timing attacks against +Tor's DNS cache reliably reveal the timing of past exit traffic. The severity +and practicality of our extension to website fingerprinting pose threats to the +anonymity provided by Tor. We conclude that access to a so-called website +oracle should be an assumed attacker capability when evaluating website +fingerprinting~defenses. + +\keywords + Auditing, + Certificate Transparency, + DNS, + Gossip, + Side-Channels, + Timing Attacks, + Tor, + Tor Browser, + Website Fingerprinting, + Website Oracles |