TLS with trustworthy certificate authorities
Title | TLS with trustworthy certificate authorities |
Publication Type | Conference Paper |
Year of Publication | 2016 |
Authors | Walsh, K. |
Conference Name | 2016 IEEE Conference on Communications and Network Security (CNS) |
Keywords | authorisation, Browsers, certificate authorities, cloud computing, cloud platforms, cloud-based trustworthy Web services, composability, cryptographic attestations, cryptography, Hardware, pubcrawl, public key cryptography, Resiliency, Servers, TaoCA, TLS, TLS-based authentication mechanisms, trust policies, Trusted Computing, Trusted Platform Module, trusted platform modules, trustworthy certificate authorities, trustworthy certificate authority, web services |
Abstract | Cloud platforms can leverage Trusted Platform Modules to help provide assurance to clients that cloud-based Web services are trustworthy and behave as expected. We discuss a variety of approaches to providing this assurance, and we implement one approach based on the concept of a trustworthy certificate authority. TaoCA, our prototype implementation, links cryptographic attestations from a cloud platform, including a Trusted Platform Module, with existing TLS-based authentication mechanisms. TaoCA is designed to enable certificate authorities, browser vendors, system administrators, and end users to define and enforce a range of trust policies for web services. Evaluation of the prototype implementation demonstrates the feasibility of the design, illustrates performance tradeoffs, and serves as an end-to-end, proof-of-concept evaluation of underlying trustworthy computing abstractions. The proposed approach can be deployed incrementally and provides new benefits while retaining compatibility with the existing public key infrastructure used for TLS. |
URL | http://ieeexplore.ieee.org/document/7860543/ |
DOI | 10.1109/CNS.2016.7860543 |
Citation Key | walsh_tls_2016 |
- Resiliency
- web services
- trustworthy certificate authority
- trustworthy certificate authorities
- trusted platform modules
- Trusted Platform Module
- Trusted Computing
- trust policies
- TLS-based authentication mechanisms
- TLS
- TaoCA
- Servers
- authorisation
- public key cryptography
- pubcrawl
- Hardware
- Cryptography
- cryptographic attestations
- composability
- cloud-based trustworthy Web services
- cloud platforms
- Cloud Computing
- certificate authorities
- Browsers