Visible to the public TLS with trustworthy certificate authorities

TitleTLS with trustworthy certificate authorities
Publication TypeConference Paper
Year of Publication2016
AuthorsWalsh, K.
Conference Name2016 IEEE Conference on Communications and Network Security (CNS)
Keywordsauthorisation, Browsers, certificate authorities, cloud computing, cloud platforms, cloud-based trustworthy Web services, composability, cryptographic attestations, cryptography, Hardware, pubcrawl, public key cryptography, Resiliency, Servers, TaoCA, TLS, TLS-based authentication mechanisms, trust policies, Trusted Computing, Trusted Platform Module, trusted platform modules, trustworthy certificate authorities, trustworthy certificate authority, web services
Abstract

Cloud platforms can leverage Trusted Platform Modules to help provide assurance to clients that cloud-based Web services are trustworthy and behave as expected. We discuss a variety of approaches to providing this assurance, and we implement one approach based on the concept of a trustworthy certificate authority. TaoCA, our prototype implementation, links cryptographic attestations from a cloud platform, including a Trusted Platform Module, with existing TLS-based authentication mechanisms. TaoCA is designed to enable certificate authorities, browser vendors, system administrators, and end users to define and enforce a range of trust policies for web services. Evaluation of the prototype implementation demonstrates the feasibility of the design, illustrates performance tradeoffs, and serves as an end-to-end, proof-of-concept evaluation of underlying trustworthy computing abstractions. The proposed approach can be deployed incrementally and provides new benefits while retaining compatibility with the existing public key infrastructure used for TLS.

URLhttp://ieeexplore.ieee.org/document/7860543/
DOI10.1109/CNS.2016.7860543
Citation Keywalsh_tls_2016