The UTC Graduate School is pleased to announce that Sri Naga Sai Abhijith Medury will present Doctoral research titled, Design, Modeling, and Simulation of Secure Certificate Revocation as a Peer Service on 12/09/2022 at 3:00 PM ET in SimCenter Auditorium, MDRB. Everyone is invited to attend.
Computational Science
Chair: Anthony Skjellum
Co-Chair:
Abstract:
TLS communication over the internet has risen rapidly in the last seven years (2015 – 2022) and there are over 156M active SSL certificates currently found over the internet. The state-of-the-art Public Key Infrastructure (PKI), encompassing protocols, computational resources, and digital certificates, has evolved over the course of 24 years to become the de-facto choice for encrypted communication over the internet even on newer platforms such as mobile devices and Internet-of-Things (IoT) (despite being low powered with computational constraints). However, certificate revocation is one sub-process in TLS communication that fails to meet the rising scalability demands and remains open to exploitation. In this dissertation, the standard for X.509 revocation is systematically reviewed and critically evaluated to identify its limitations and to assess the impact of these limitations on internet security. Other approaches to enable cryptographic identity validation and revocation (such as PGP) are also studied and compared with the X.509 standard. Due to fragmented revocation information and limited scalability, even the latest version of the X.509 Revocation standard is susceptible to Man-in-the-Middle (MiTM) attacks. The advent and growing adoption of blockchain technology presents unique opportunities for the unification of X.509 certificate revocation information. Blockchain technology’s decentralized and peer-to-peer distributed ledger enables a tamper-proof platform for X.509 Certificate Authorities to collaborate in a trustless environment. Nonetheless, blockchain platforms vary in terms of scalability, degree of decentralization, and cost of operation and must be chosen through careful analysis. Moreover, the unification of the revocation lists leads to increased latency during revocation lookup and worsens the scalability of the distribution system. Cryptographic constructions such as One-Way (RSA) Accumulators and probabilistic data structures such as cuckoo filter and xor filter were studied and compared to enhance the revocation lookup speeds. While One-Way Accumulators don’t incur false positives for set-membership verification, they do incur a high cost of communication and computation for regenerating witnesses and are more suitable for smaller environments with a lesser number of participating identities and sparse updates to group memberships. The previously-proposed cascading approach was analyzed and applied to eliminate false positives in probabilistic data structures. Applying the cascading technique to newer probabilistic data structures yielded better space efficiency and lookup speeds in comparison to similar previous efforts on the Bloom filter. The key contributions of this dissertation are twofold: 1. the novel design of a secure and robust system for distributing X.509 certificate revocation information. 2. prototype, experimentation, and optimization of cascading probabilistic data structures for quick lookup with zero-false-positives (and zero-false-negatives). The Scrybe blockchain protocol presents unique benefits for distributing secure provenance information such as low latency, high scalability, and Byzantine-fault tolerance in peer-to-peer distributed networks. The Lightweight Mining (LWM) consensus algorithm in Scrybe is designed to enable higher transaction bandwidth and low latency transaction finality. And in this research, the Secure Certificate Revocation as a Peer Service (SCRaaPS) is designed using the Scrybe blockchain protocol to store and distribute certificate revocation generated by the Certificate Authorities. SCRaaPS addresses security threats to X.509 certificate revocation sub-process by providing a trustworthy platform to unify certificate revocation information over an untrusted public network. The blockchain ledger in SCRaaPS provides reliable certificate revocation status and ensures a consistent global state of revocation information through immutable, append-only logs of activity that are open for public auditing. Further, the cost of operation is formulated and different blockchain platforms are analyzed in this research to compare the resulting system’s energy efficiency, cost-effectiveness, and network decentralization, and participation openness. Prototyping and benchmarking results demonstrate that the cascading technique produces more space-efficient probabilistic data structures when applied to the Binary Fuse filter and XOR filter, rather than the cuckoo filter or other similar structures. And the system modeling and projections show that Scrybe is the cost-effective and scalable choice with maximized network decentralization. SCRaaPS is designed by integrating these findings and is a provably more space-efficient and faster alternative to distributing X.509 revocation information.
Zoom Information:
Hi there, Sai Medury is inviting you to a scheduled Zoom meeting.
Topic: UTC PhD Dissertation Defense (Sai Medury) — Design, Simulation, and Modeling of Secure X.509 Certificate Revocation as a Peer Service
Time: Dec 9, 2022 03:00 PM Eastern Time (US and Canada)
Join from PC, Mac, Linux, iOS or Android: https://tennessee.zoom.us/j/93868311344?pwd=NlJsRnlNbWl4S2lxeGFPYkwwb1lwZz09
Password: cascades
Or iPhone one-tap (US Toll): +16468769923,93868311344# or +16469313860,93868311344# Or Telephone: Dial: +1 646 876 9923 (US Toll) +1 646 931 3860 (US Toll) +1 301 715 8592 (US Toll) +1 305 224 1968 (US Toll) +1 309 205 3325 (US Toll) +1 312 626 6799 (US Toll) +1 564 217 2000 (US Toll) +1 669 444 9171 (US Toll) +1 669 900 6833 (US Toll) +1 689 278 1000 (US Toll) +1 719 359 4580 (US Toll) +1 253 205 0468 (US Toll) +1 253 215 8782 (US Toll) +1 346 248 7799 (US Toll) +1 360 209 5623 (US Toll) +1 386 347 5053 (US Toll) +1 507 473 4847 (US Toll) Meeting ID: 938 6831 1344 International numbers available: https://tennessee.zoom.us/u/ac7svdWPph Or an H.323/SIP room system: H.323: 162.255.37.11 (US West) or 162.255.36.11 (US East) Meeting ID: 938 6831 1344 Password: 71268431 SIP: 93868311344@zoomcrc.com Password: 71268431