Governance, Regulation & Compliance

Education Level: Basic

5217 - Certificate Transparency for a More Resilient Certificate Ecosystem

Speaker(s)

• 

  Andrea Kunz

  Sr. Information Systems Engineer
  MITRE Corporation

Encryption certificates issued to web entities by certificate authorities were designed to protect the exchange of sensitive information against malicious attacks, but vulnerabilities exist in this client-server-CA triad. CAs that issue digital certificates and the certificates themselves are targets for compromise and misuse. A web server that installs a certificate from a compromised CA may itself become compromised. Likewise, browsers must verify the authenticity and trustworthiness of any site visited to defend against further corruption.

Certificate Transparency prescribes a publicly accessible framework where certificates can be monitored and audited. While CT cannot prevent attacks, as more participate in the CT ecosystem, it can help find and expose bad actors more quickly, thus minimizing potential data and financial losses by all parties.

Learning Objectives:

• Comprehend the nature of current attacks against the entities that rely on digital encryption certificates for secure and reliable communications containing sensitive information.
• Explain how Certificate Transparency can potentially increase the overall security of the internet when it is adopted by a majority of browsers, CAs and web entities.
• Develop an approach for organizations to participate in the Certificate Transparency ecosystem by contributing to and/or viewing CT logs or potentially operating one or more CT components.