Distributed Client Driven Certificate Transparency Log

Abstract: High profile cyber attacks such as the one on DigiNotar in 2011, where a Certificate Authority (CA) was compromised, has shed light on the vulnerabilities of the internet. In order to make the internet safer in terms of exposing fraudulent certificates, CertificateTransparency (CT) was introduced. The main idea is to append all certificates to a publicly visible log, which anyone can monitor to check for suspicious activity. Although this is a great initiative for needing to rely less on CAs, the logs are still centralized and run by large companies. Therefore, in this thesis, in order to make the logs more available and scalable, we investigate the idea of a distributed client driven CT log via peer-to-peer (P2P) and WebRTC technology that runs in the background of the user’s browser. We show that such a system is indeed implementable, but with limited scalability. We also show that such a system would provide better availability while keeping the integrity of CT by implementing an append only feature, enforced by the Merkle Tree structure.