The web PKI, which is used to secure TLS-based web communication (HTTPS), is one of the most frequently used network security systems, enabling billions of users to securely connect to the world wide web and prevent the theft of user credentials, protect the privacy of personal information, impede stealthy wiretapping, and enable secure online shopping. The web PKI operates on an oligopoly trust model, with several designated trusted certificate authorities (CAs) issuing cryptographic certificates to webpage owners to secure their webpages. It has grown tremendously over the last decade, mainly due to the use of automated tools for fetching and installing certificates (ACME), and through certain CAs offering free certificates to all users. However, the web PKI is not without fault, in particular, adversaries exploit weaknesses in the automatic domain control validation process to issue fake certificates and extract millions of dollars in cryptocurrency, certificate authorities may misbehave and issue certificates to unauthorized entities or reveal critical secret keys to adversaries, and faulty validation software may give unauthorized entities the ability to request certificates.

Instead of the security of domain control validation, this talk will focus on the fundamental problem of the web PKI’s weakest-link trust model and explore ways to mitigate it. In particular, one observation is that the trust agility of web PKI users is often lacking, leaving users little to no room for tailoring trust preferences to their individual needs without completely distrusting certain entities and thus trading off availability for security. Furthermore, the classification into trusted and untrusted CAs is a centralized process performed by a select few organizations, called root programs, which is contradictory to the recent Web3-driven push toward more decentralization. We posit that trust is inherently subjective and there is typically no single global valid notion of trust in our heterogeneous society.

In our recent work on F-PKI, we propose a different trust model that empowers both webpage owners and clients to express their individual trust preference and validate certificates according to this preference. This talk will give an overview of F-PKI’s technical aspects, and then discuss the opportunities and challenges of our flexible trust model based on individual trust preferences.

Finally, we would like to have an open discussion on the suitability of the web PKI as a foundation for modern security-sensitive applications, such as decentralized protocols, and the possibility of leveraging alternative PKIs to accommodate the need of these protocols.

Bio:

Cyrill Krähenbühl’s research focuses on public key infrastructures (PKI) and path aware networking (PAN). He completed his Ph.D. under the guidance of Adrian Perrig in 2023 at ETH Zürich where he also earned his master’s degree in computer science.

We all make use of PKI when we look at web pages or use secure communication systems. Although the majority of our communication is secured through PKI-based systems, the protocols and infrastructures have grown organically and have still numerous shortcomings. Krähenbühl’s research introduces flexibility into trust foundation of PKIs, enabling end users and certificate owners to define their trust preferences. He designed systems that enable trust agility, while increasing the security yet retaining the high availability of the systems.

Path-aware networking provides more transparency and control to network participants, in particular the network endpoints. Knowledge and (partial) control of the forwarding path can significantly improve a network’s efficiency through in-network multipath and allows endpoints to optimize for the needs of individual applications. In the area of path-aware networking, Krähenbühl contributed to documenting the deployment methodologies, defined and categorized path properties, and extended path selection in the SCION architecture to enable fine-grained intra-domain paths with specific policies.

During his Ph.D., Krähenbühl actively collaborated with industry partners and other research groups, and helped analyze real-world security-critical systems and design concrete security recommendations. He published at multiple top tier venues, such as NDSS, USENIX Security, and CoNEXT, where he was given the best paper and best presentation award. In addition to his work in the research community, he actively engaged with standardization bodies such as the IETF, in particular with the path aware networking research group, where he co-authored a guidance RFC on path properties in path aware networks.

In-person attendance is open to Princeton University faculty, staff and students.

This talk will be open to the public as a webinar, at this link, via Zoom. It will be recorded and posted here, on the CITP YouTube channel, and on the Princeton University Media Central channel.

If you need an accommodation for a disability please contact Jean Butcher at at least one week before the event.

Contributions to and/or sponsorship of any event does not constitute departmental or institutional endorsement of the specific program, speakers or views presented.