Google Certificate Transparency

Dr. Buttyán Levente
Google's Certificate Transparency project fixes several structural flaws in the TLS/SSL certificate system, which is the main cryptographic system that underlies all HTTPS connections (for details see http://www.certificate-transparency.org/). In particular, Certificate Transparency makes it possible to detect TLS/SSL certificates that have been mistakenly issued by or maliciously acquired from a certificate authority. This is achieved by introducing new functional components into the traditional certificate system that provide supplemental monitoring and auditing services. In addition, Certificate Transparency is an open and public framework, therefore, anyone can build or access its basic components.
The task of the student is to study the Certificate Transparency framework, understand the operation of its basic components, and based on the open specifications and the available related open source projects, build a certificate log service in the CrySyS Lab. The student should also run and maintain the service for some time in order to get experience in operating such a service, and develop an interface between the certificate log and our ROSCO database (rosco.crysys.hu).
For more information, contact Levente Buttyán (buttyan@crysys.hu).