How CT Standard and Log Monitoring work
Certificate Transparency Log Monitoring provides the key to greater security
When digital certificates are issued by a certificate authority (CA), everything is based on the trust that the CA issues certificates correctly. However, the past has shown that this has not always been the case. For example, certificates have been issued with incorrect information, errors have occurred in the basic issuance process, or a CA has been unknowingly used by attackers to issue fraudulent certificates. To maintain confidential communication on the internet and eliminate the sources of error mentioned above, the Certificate Transparency standard was introduced.
Certificate Transparency Standard provides transparency
Certificate Transparency (CT) is intended to enable real-time monitoring of certificates issued by CAs and make this information publicly accessible. In this way, wrongly issued certificates or misbehaving CAs can be detected more quickly, allowing countermeasures to be initiated sooner.
Certificate Transparency provides for three components.
Component 1 – CT Logs
The CT standard stipulates that whenever certificates are issued (submit certificates) by a CA, an entry must always be made in a CT log. CT logs are network services that provide cryptographically secured and publicly accessible directories (public logs) of issued certificates. All entries can only be added, not deleted or modified (append-only). Each transparency log has an interface through which entries can be added, queried, and cryptographic proofs carried out. CT logs are typically operated by CAs, internet service providers (ISPs), or other interested parties. Currently, there are 40 CT log servers.
This is the first step toward greater security through increased transparency in the issuance of certificates (submit certificates) by CAs. However, certificate forgery can only be detected if the CT logs are actually checked (certificate transparency monitoring).
Component 2 – Monitor
The check for whether a false certificate has been issued is handled by a monitor (CT monitoring). This monitor retrieves new entries from the existing CT logs at defined intervals (log monitoring) and examines the information they contain. Typically, the monitor is offered as a subscription service in which domain owners enter their domain name and contact address and are notified by the monitor whenever a certificate is issued for their domain.
Component 3 – Auditor
For CT logs to provide added value for security, their correct behavior must be verified. This task is handled by the auditor. In principle, the auditor has two types of cryptographic proof at its disposal:
Consistency proof is used to verify the consistency of a CT log. It checks that no entry in the underlying tree structure (hash tree) has been deleted, modified, or inserted unnoticed, thereby ensuring the append-only property. It proves that the new hash tree, after adding new entries, was created by combining the old hash tree with the new entries.
The process: With the help of the consistency proof, it is checked whether all nodes of a previous version of a hash tree are present in the same order in the new tree before the new entries are added. To carry this out, nodes of the old tree are needed to calculate its root hash value, as well as the hash values of the new nodes created by adding new entries. From the node hash values obtained from the CT log, the root hash value of the new tree version is then calculated. If the calculated value matches the root hash value presented by the log, it proves that the new hash tree was created from a previous version combined with the tree of new entries. To obtain the hash values of the nodes required for the calculation, the auditor provides the CT log with the root hash value of both the old and the new tree.
Audit proof can verify that an entry for a specific certificate exists in a CT log. All nodes missing between the hash value of the searched entry and the root node are required. Once the missing nodes are obtained, the root hash value can be calculated and compared with the one provided by the CT log. If the values match, the searched certificate is included in the CT log.
The process: To carry out this cryptographic proof, the so-called audit path is used. This contains the smallest set of nodes needed to calculate the root hash value of the tree starting from the hash value of the searched entry. To obtain the audit path, the auditor provides the CT log server with the hash value of the entry whose existence is to be verified in the log. If the hash value is not present in the log, the auditor receives an error message and no audit path. However, whether or not nodes are delivered by the log after a request is not yet proof of the log’s correct operation. Therefore, the root hash value must be calculated from the nodes contained in the audit path. Only if the calculated value matches the one presented by the log is it proven that the entry exists in the log and that no entry in the tree has been subsequently altered, thereby violating the append-only property of the CT log.
Log monitoring with the help of essendi xc
The essendi xc certificate manager is a tool that enables users to fully automate their certificate management. This application has been enhanced with a log monitoring component. By integrating this component, it becomes possible to promptly detect, block, and revoke fraudulent certificates.
The CT log monitor not only sends alerts about incorrectly issued certificates but also provides informational messages when certificates requested by the actual user are entered into the CT logs. By implementing the Certificate Transparency standard, the application therefore delivers significantly greater security.
