2018 • In The First IEEE/IFIP International Workshop on Managing and Managed by Blockchain (Man2Block) colocated with IEEE/IFIP NOMS 2018, Tapei, Tawain 23-27 April 2018
[en] Public-Key Infrastructure (PKI) is the cornerstone technology that facilitates secure information exchange over the Internet. However, PKI is exposed to risks due to potential failures of Certificate Authorities (CAs) that may be used to issue unauthorized certificates for end-users. Many recent breaches show that if a CA is compromised, the security of the corresponding end-users will be in risk. As an emerging solution, Blockchain technology potentially resolves the problems of traditional PKI systems - in particular, elimination of single point-of-failure and rapid reaction to CAs shortcomings. Blockchain has the ability to store and manage digital certificates within a public and immutable ledger, resulting in a fully traceable history log. In this paper we designed and developed a blockchain-based PKI management framework for issuing, validating and revoking X.509 certificates. Evaluation and experimental results confirm that the proposed framework provides more reliable and robust PKI systems with modest maintenance costs.
Research center :
Interdisciplinary Centre for Security, Reliability and Trust (SnT) > Services and Data management research group (SEDAN)
Disciplines :
Computer science
Author, co-author :
Yakubov, Alexander ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
Shbair, Wazen ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
Wallbom, Anders; Nexus Group
Sanda, David; Nexus Group
State, Radu ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
External co-authors :
yes
Language :
English
Title :
A Blockchain-Based PKI Management Framework
Publication date :
2018
Event name :
IEEE/IFIP Man2Block
Event organizer :
IEEE/IFIP
Event place :
Taipei, Taiwan
Event date :
from 23-04-2018 to 27-04-2018
Audience :
International
Main work title :
The First IEEE/IFIP International Workshop on Managing and Managed by Blockchain (Man2Block) colocated with IEEE/IFIP NOMS 2018, Tapei, Tawain 23-27 April 2018
J. Yu and M. Ryan, "Evaluating web pkis," in Software Architecture for Big Data and the Cloud. Elsevier, 2017, pp. 105-126.
D. Cooper, "Internet x. 509 public key infrastructure certificate and certificate revocation list (crl) profile," 2008.
H. Anada, J. Kawamoto, J. Weng, and K. Sakurai, "Identity-embedding method for decentralized public-key infrastructure," in International Conference on Trusted Systems. Springer, 2014, pp. 1-14.
J. Prins and B. U. Cybercrime, "Diginotar certificate authority breach'operation black tulip'," 2011.
B. Laurie, A. Langley, and E. Kasper, "Certificate transparency," Tech. Rep., 2013.
S. Matsumoto and R. M. Reischuk, "Ikp: Turning a pki around with blockchains." IACR Cryptology ePrint Archive, vol. 2016, p. 1018, 2016.
S. Matsumoto, P. Szalachowski, and A. Perrig, "Deployment challenges in log-based pki enhancements," in Proceedings of the Eighth European Workshop on System Security. ACM, 2015, p. 1.
K. Lewison and F. Corella, "Backing rich credentials with a blockchain pki," 2016.
L. Axon and M. Goldsmith, "PB-PKI: A privacy-aware blockchain-based PKI," in Proceedings of the 14th International Joint Conference on e-Business and Telecommunications (ICETE 2017)-Volume 4: SECRYPT, Madrid, Spain, July 24-26, 2017., 2017, pp. 311-318. [Online]. Available: https://doi.org/10.5220/0006419203110318
C. Fromknecht, D. Velicanu, and S. Yakoubov, "Certcoin: A namecoin based decentralized authentication system," Massachusetts Inst. Tech¬no!, Cambridge, MA, USA, Tech. Rep, vol. 6, 2014.
Mozilla included ca certificate list," 2017.
E. Androulaki, C. Cachin, A. D. Caro, A. Sorniotti, and M. Vukolic, "Permissioned blockchains and hyperledger fabric," ERCIM News, vol. 2017, no. 110, 2017. [Online]. Available: https://ercim-news.ercim.eu/ enllO/special/permissioned-blockchains-and-hyperledger-fabric
A. J. Nicholas Stifter and E. Weippl, "A holistic approach to smart contract security," ERCIM News, vol. 2017, no. 110, 2017. [Online]. Available: https://ercim-news.ercim.eu/enllO/special/ a-holistic-approach-to-smart-contract-security
M. Ali, J. C. Nelson, R. Shea, and M. J. Freedman, "Blockstack: A global naming and storage system secured by blockchains." in USENIX Annual Technical Conference, 2016, pp. 181-194.
M. Alicherry and A. D. Keromytis, "Doublecheck: Multi-path verifica¬tion against man-in-The-middle attacks," in Computers and communica¬tions, 2009. iscc 2009. ieee symposium on. IEEE, 2009, pp. 557-563.