Authenticating HTTPS Connection without Relying on Certification Authorities
Document Type
Conference Proceeding
Source of Publication
2024 15th Annual Undergraduate Research Conference on Applied Computing (URC)
Publication Date
4-25-2024
Abstract
Internet security heavily depends on Transport Layer Security (TLS) and X.509 certificates. A Certification Authority (CA) issues these certificates so users can safely connect to verified websites. However, CA-based authentication mechanisms depend on CA's behavior or on the integrity of their systems. Furthermore, traditional methods for revoking certificates, like the Online Certificate Status Protocol (OCSP) and Certificate Revocation Lists (CRL), present unsolvable challenges. While CRL updates are inefficient, OCSP poses privacy concerns and causes delays. Our goal is to move trust from potentially unreliable CAs to a secure, easy-to-use system that uses the DNS over HTTPS (DoH) servers, which are already deployed with most web browsers. With our approach, trusted DoH servers can handle simultaneously domain name resolution and public key authentication, thereby reducing the dependency on CAs. With regards to the revocation, our approach enables public key owners to tailor their key lifetimes, thus minimizing the need for conventional revocation. A proof of concept is implemented and presented to demonstrate the effectiveness and the feasibility of our approach.
DOI Link
ISBN
979-8-3315-2734-1
Publisher
IEEE
Volume
00
First Page
1
Last Page
7
Disciplines
Computer Sciences
Keywords
Transport Layer Security, X.509 certificates, Certificate Revocation Lists, DNS over HTTPS, Online Certificate Status Protocol
Recommended Citation
Dadi, Sifan Waktole; Wazan, Ahmad Samer; and Taj, Imran, "Authenticating HTTPS Connection without Relying on Certification Authorities" (2024). All Works. 6706.
https://zuscholars.zu.ac.ae/works/6706
Indexed in Scopus
no
Open Access
no