Homework answers / question archive / In class, we have seen a recent proposal called Certificate Transparency (CT)

In class, we have seen a recent proposal called Certificate Transparency (CT)

Computer Science

Share With

In class, we have seen a recent proposal called Certificate Transparency (CT). In order for CT to be effective to counter threats related to PKI, the ecosystem is essential.

1. [10 points] To offer better incentive for monitors, a (hypothetical) insurance company InsuredCert starts a new certificate insurance business. When issuing a legitimate certificate CertcD for a domain D, a CA C purchases an insurance policy P from InsuredCert, say at the insurance premium of SSI,OOO. The policy P clearly states the incentives and penalties regarding any misissued certificates. i.e., any certificate for D issued by C that is different from CertcD. The policy P specifies that InsuredCert shall refund most of the insurance premium (e.g., S$900) paid by C, if no misissued certificates are detected for a stated period of time, say 1 year. If any misissued certificates are found in CT and reported by any monitor during this period, InsuredCert shall pay the same amount (i.e., $900 in this example) to the monitor that first reports misisued certificate.

The rationale behind this insurance product is as follows:

— CA C is incentivized to do its best to prevent the issuance of unauthorized certificates for the domain D as it wishes to get the refund.

— Domain owner of D would likely choose CA C for issuing new certificates over other CAS because C is incentivized to protect its certificate signing key (to prevent misissuance). Other CAS with no such insurance may loose their signing keys and result in mislssued certificates without any economic loss, albeit some damage to their reputation.

— Third party monitors are economically incentivized to actively monitor CT and report any misissued certificate to InsuredCert before others do so.

For the purpose of this, we assume that InsuredCert is trustworthy. This insurance policy, however, has a security concern. Describe one security concern when C itself is malicious. (Hint: show an attack that allows C to intentionally "mislssue" a certificate without significant monetary penalty.)