Secure logging schemes and Certificate Transparency

Overview over the interaction between entities in Certificate Transparency. Solid-line interactions and solid-line, orange entities are captured by the model in our work while dashed-line interactions and dashed-line, gray entities are not captured. Dotted line–connected entities (monitors and auditors or auditors and web clients) might be the same physical entity.


Since hundreds of certificate authorities (CAs) can issue browser-trusted certificates, it can be difficult for domain owners to detect certificates that have been fraudulently issued for their domain. Certificate Transparency (CT) is a recent standard by the Internet Engineering Task Force (IETF) that aims to construct public logs of all certificates issued by CAs, making it easier for domain owners to monitor for fraudulently issued certificates. To avoid relying on trusted log servers, CT includes mechanisms by which monitors and auditors can check whether logs are behaving honestly or not; these mechanisms are primarily based on Merkle tree hashing and authentication proofs. Given that CT is now being deployed, it is important to verify that it achieves its security goals.

In this work, we define four security properties of logging schemes such as CT that can be assured via cryptographic means, and show that CT does achieve these security properties. We consider two classes of security goals: those involving security against a malicious logger attempting to present different views of the log to different parties or at different points in time, and those involving security against malicious monitors who attempt to frame an honest log for failing to include a certificate in the log. We show that Certificate Transparency satisfies these security properties under various assumptions on Merkle trees all of which reduce to collision resistance of the underlying hash function (and in one case with the additional assumption of unforgeable signatures).

Keywords: Certificate Transparency, public key infrastructures (PKI), logging schemes, Merkle trees


Benjamin Dowling, Felix Günther, Udyani Herath, Douglas Stebila. Secure logging schemes and Certificate Transparency. In Ioannis Askoxylakis, Sotiris Ioannidis, Sokratis Katsikas, Catherine Meadows, editors, Proc. 21st European Symposium on Research in Computer Security (ESORICS) 2016, LNCS, vol. 9879, pp. 140-158. Springer, September 2016. © Springer.




This research was supported by:
  • Australian Research Council (ARC) Discovery Project grant DP130104304
  • Heisenberg grant Fi 940/3-2 of the German Research Foundation (DFG) as part of project S4 within the CRC~1119 CROSSING