Private Queries on Public Certificate Transparency Data

TL;DR

This paper addresses privacy concerns in Certificate Transparency by proposing an oblivious file sharing system to enable secure, scalable, and anonymous queries without leaking user browsing data.

Contribution

It introduces a novel privacy-preserving approach for querying CT data using an oblivious file sharing system, enhancing user privacy and system scalability.

Findings

Proposes a scalable, privacy-preserving query system for CT data

Demonstrates strong anonymity properties in user queries

Improves upon existing CT validation privacy solutions

Abstract

Despite increasing advancements in today's information exchange infrastructure, the preservation of user data and privacy still remains a problem. Both insecure baselines and secure solutions leak user data. For example, Certificate Transparency (CT) promises significant security improvements to existing Public Key Infrastructure solutions that up-to-now have solely relied on the Certificate Authority hierarchy. CT provides a robust auditing layer and transparency solution to quickly detect such compromises, but introduces the requirement that client browsers interact with third-party servers when validating a site certificate. In the existing CT system, these requests leak information about each user's browsing habits to the hosting server. It is not a stretch to think that this valuable data could be collected and exploited, as corporations and governments have plenty of financial and political incentive to do so. In this project, we seek to address this problem by using an oblivious file sharing system with strong anonymity properties, to provide a more scalable, performant solution to privacy-preserving queries.