Import PhD thesis

1 files changed, 70 insertions, 0 deletions

diff --git a/summary/src/ctga/main.tex b/summary/src/ctga/main.tex
new file mode 100644
index 0000000..bc5ff45
--- /dev/null
+++ b/summary/src/ctga/main.tex
@@ -0,0 +1,70 @@
+\begin{kaupaper}[
+    author={%
+      \textbf{Rasmus Dahlberg},
+      Tobias Pulls,
+      Jonathan Vestin,
+      Toke H{\o}iland-J{\o}rgensen, and
+      Andreas Kassler
+    },
+    title={%
+      Aggregation-Based Certificate Transparency Gossip
+    },
+    reference={%
+      SECURWARE (2019)
+    },
+    summary={%
+      Another often overlooked part of Certificate Transparency is that monitors
+      and end-users who browse websites must observe the same append-only
+      logs.  For example, if the same append-only logs are not observed, an
+      end-user may connect to a website that serves a mis-issued certificate
+      that no monitor will discover.  This would largely defeat the purpose of
+      public logging, which is why RFC~6962 specifies that multiple gossip
+      protocols should be defined separately in the future.  We define one such
+      protocol that plugs into the (at the time current) idea of having
+      end-users interact with the logs through DNS.  Our work is exploratory,
+      using recent advancements in programmable packet processors that allow
+      turning routers, switches, and network interface cards into
+      \emph{aggregators} of tree heads that the logs signed and transmitted in
+      plaintext via DNS.  The aggregated tree heads are then used as a reference
+      while challenging the logs to prove consistency, thus protecting
+      entire vantage points from undetected split views.  A different
+      network path (like Tor) can be used to break out of a local vantage point
+      to increase the likelihood of global consistency.  If the security
+      definition for \emph{aggregation indistinguishability} is satisfied,
+      vantage points without an aggregator may also receive protection due to
+      herd immunity.  Our P4 and XDP prototypes satisfy the notion of
+      aggregation indistinguishability at line-rate with regard to throughput.
+      Prevalent vantage points to roll out aggregation-based gossip include
+      autonomous systems and Internet exchange points that route the traffic of
+      many users.  Our RIPE Atlas measurements show that 32 autonomous systems
+      could protect 30-50\% of the IPv4 space from undetected split views.
+      End-users merely need to use plaintext DNS for opt-in.
+    },
+    participation={\vspace{-.25cm}
+      Andreas and Tobias had the initial idea of exploring the intersection
+      between Certificate Transparency and programmable packet processors.  I did most of the
+      design and writing with feedback from Tobias, our RIPE Atlas measurements,
+      and our performance benchmarks with Jonathan and Toke.
+    },
+    label={
+      paper:ctga
+    },
+]
+  \maketitle
+  \begin{abstract}
+    \input{src/ctga/src/abstract}
+  \end{abstract}
+  
+  \input{src/ctga/src/introduction}
+  \input{src/ctga/src/background}
+  \input{src/ctga/src/design}
+  \input{src/ctga/src/implementation}
+  \input{src/ctga/src/measurements}
+  \input{src/ctga/src/related}
+  \input{src/ctga/src/discussion}
+  \input{src/ctga/src/conclusion} 
+  \input{src/ctga/src/acknowledgments}
+  
+  \bibliographystyle{plain}
+  \bibliography{src/ctga/src/ref}
+\end{kaupaper}