CNS Lecture: Revocations Are Dead, Long Live Revocations
Guest Speaker: Dave Levin, University of Maryland
Host: CNS research scientist Kirill Levchenko
As the Center for Networked Systems (CNS) Lecture Series continues, University of Maryland computer science professor Dave Levi explores the importance of the web's public key infrastructure (PKI).
The importance of the web’s PKI cannot be overstated: it is what allows users to know with whom they are communicating online. Central to its correct operation is the ability to “revoke” certificates in the wake of a compromised key. For revocations to work: (1) website administrators must request to have their certificates revoked, (2) browser manufacturers must regularly check for revocations, and (3) above all, no one should share their private keys. Using Internet-wide measurements, Levin will show that all of these are violated on a regular basis, largely due to perverse economic incentives. He will also present a promising path forward: a new system, CRLite, that compactly represents all revocations in only tens of kilobytes per day. CRLite shows that, at last, it is feasible for every client to download every revocation everyday.
Dave Levin is an assistant professor of computer science at the University of Maryland, where he is also the chair of the CS Undergraduate Honors program. In his research, he empirically measures security on the Internet to understand how security breaks down, and applies economics and cryptography to build new, provably secure systems. Dave and his colleagues' work on studying the web’s PKI recently received a USENIX Security Distinguished Paper Award and an IEEE Cybersecurity Award for Innovation.