Private Queries on Public Certificate Transparency Data
This addresses privacy concerns for internet users by preventing data leakage in CT systems, though it appears incremental as it builds on existing oblivious file sharing techniques.
The paper tackles the privacy leakage problem in Certificate Transparency (CT) where user browsing habits are exposed during certificate validation, and proposes using an oblivious file sharing system to enable private queries on public CT data.
Despite increasing advancements in today's information exchange infrastructure, the preservation of user data and privacy still remains a problem. Both insecure baselines and secure solutions leak user data. For example, Certificate Transparency (CT) promises significant security improvements to existing Public Key Infrastructure solutions that up-to-now have solely relied on the Certificate Authority hierarchy. CT provides a robust auditing layer and transparency solution to quickly detect such compromises, but introduces the requirement that client browsers interact with third-party servers when validating a site certificate. In the existing CT system, these requests leak information about each user's browsing habits to the hosting server. It is not a stretch to think that this valuable data could be collected and exploited, as corporations and governments have plenty of financial and political incentive to do so. In this project, we seek to address this problem by using an oblivious file sharing system with strong anonymity properties, to provide a more scalable, performant solution to privacy-preserving queries.