The Center for Networked Systems (CNS) closed out its lecture series for calendar 2017 with a talk by University of Maryland computer science professor Dave Levin on Monday, Dec. 4. In his talk titled "Revocation Are Dead, Long Live Revocations", Levin explored the importance of the web's public key infrastructure (PKI).
Levin noted that the importance of the web’s PKI cannot be overstated: it is what allows users to know with whom they are communicating online. Central to its correct operation is the ability to “revoke” certificates in the wake of a compromised key. For revocations to work: (1) website administrators must request to have their certificates revoked, (2) browser manufacturers must regularly check for revocations, and (3) above all, no one should share their private keys. Using Internet-wide measurements, Levin showed that all of these are violated on a regular basis, largely due to perverse economic incentives. He also presented a promising path forward: a new system, CRLite, that compactly represents all revocations in only tens of kilobytes per day. CRLite shows that, at last, it is feasible for every client to download every revocation everyday.
Bio: Dave Levin is an assistant professor of computer science at the University of Maryland, where he is also the chair of the CS Undergraduate Honors program. In his research, he empirically measures security on the Internet to understand how security breaks down, and applies economics and cryptography to build new, provably secure systems. Dave and his colleagues' work on studying the web’s PKI recently received a USENIX Security Distinguished Paper Award and an IEEE Cybersecurity Award for Innovation.
Host: CNS research scientist Kirill Levchenko