A Blockchain-based Method for Decentralizing the ACME Protocol to Enhance Trust in PKI

Kfoury, Elie; Khoury, David; AlSabeh, Ali; Gómez, José Juan González; Crichigno, Jorge; Bou‐Harb, Elias

doi:10.1109/tsp49548.2020.9163555

Cited by 10 publications

(13 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A novel technology called Automated Certificate Management Environment (ACME) automatises the issuance of certificates. With those concepts working the proposals of Dykcik et al [48] and Kfoury et al [49]. The proposal in [48] is designed to validate DNS names on the Internet using a tandem of multi-signatures, a blockchain and ACME technology.…”

Section: B: Modified Classical Pki Systemsmentioning

confidence: 99%

“…The CRL is not based on revocation but in the generation of new partial signatures when the domain pays the corresponding renewal fee. On one hand, [49] creates an Ehtereum-based ACME system to verify the x.509 certificates issued for web domains. In this case, the certificates can be issued by the web server or by a registered CA.…”

Section: B: Modified Classical Pki Systemsmentioning

confidence: 99%

“…One of the main features of these solutions is the existence and use of the CRL to maintain the registration of the revoked certificates. For these developments, a concept of self-generated certificates or identities does not exist, maybe with the exception of [49], that have some self-signed certificates, but not as a main feature of the proposals. The main goal of the proposals presented on sections II-B2a and II-B2b is to improve the mechanism of how PKI works, introducing decentralisation as a supplementary improvement, but without modifying the inner core in what all the CAs work.…”

Section: New Trends Analysismentioning

confidence: 99%

“…This means that in almost all cases, there is an entity that creates or issues the identity based on x.509 certificates. The proposals [49], [19], [57], [58] and [63] are the only ones that address the possibility of the creation of an identity by the user himself. As far as we know, there is no project or implementation where users are able to create their own identities; and to be capable of validating it without any entity or without depending on a group of users to have a valid identity.…”

Section: Figure 1: Summary Of New Trendsmentioning

confidence: 99%

See 3 more Smart Citations

Current Trends in Blockchain Implementations on the Paradigm of Public Key Infrastructure: A Survey

et al. 2022

View full text Add to dashboard Cite

Since the emergence of the Bitcoin cryptocurrency, the blockchain technology has become the new Internet tool with which researchers claim to be able to solve any existing online problem. From immutable log ledger applications to authorisation systems applications, the current technological consensus implies that most of Internet problems could be effectively solved by deploying some form of blockchain environment. Regardless this 'consensus', there are decentralised Internet-based applications on which blockchain technology can actually solve several problems and improve the functionality of these applications. The development of these new blockchain-based solutions is grouped into a new paradigm called Blockchain 3.0 and its concepts go far beyond the well-known cryptocurrencies. In this paper, we study the current trends in the application of blockchain on the paradigm of Public Key Infrastructures (PKI). In particular, we focus on how these current trends can guide the exploration of a fully Decentralised Identity System, with blockchain as be part of the core technology.

show abstract

Section: B: Modified Classical Pki Systemsmentioning

confidence: 99%

Section: B: Modified Classical Pki Systemsmentioning

confidence: 99%

Section: New Trends Analysismentioning

confidence: 99%

Section: Figure 1: Summary Of New Trendsmentioning

confidence: 99%

See 2 more Smart Citations

Current Trends in Blockchain Implementations on the Paradigm of Public Key Infrastructure: A Survey

et al. 2022

View full text Add to dashboard Cite

show abstract

“…It is similar to PGP, but the storage location is different. e latter was introduced by Karen Lewison and Francisco Corella [9][10][11][12][13], and it retains the CA, which stores the certificate and revocation information in the blockchain. e user only needs to check the certificate information in the blockchain, without communicating with the CA.…”

Section: Related Workmentioning

confidence: 99%

A Semidecentralized PKI System Based on Public Blockchains with Automatic Indemnification Mechanism

Hwang

Chang

Chiang

2021

Security and Communication Networks

View full text Add to dashboard Cite

The PKI framework is a widely used network identity verification framework. Users will register their identity information with a certification authority to obtain a digital certificate and then show the digital certificate to others as an identity certificate. After others receive the certificate, they must check the revocation list from the CA to confirm whether the certificate is valid. Although this architecture has a long history of use on the Internet, significant doubt surrounds its security. Because the CA may be attacked by DDoS, the verifier may not obtain the revocation list to complete the verification process. At present, there are many new PKI architectures that can improve on the CA’s single point of failure, but since they still have some shortcomings, the original architecture is still used. In this paper, we proposed a semidecentralized PKI architecture that can easily prevent a single point of failure. Users can obtain cryptographic evidence through specific protocols to clarify the responsibility for the incorrect certificate and then submit the cryptographic evidence to the smart contract for automatic judgment and indemnification.

show abstract

Smart contract assisted blockchain based public key infrastructure system

Panigrahi

Nayak

Paul

2022

Trans Emerging Tel Tech

View full text Add to dashboard Cite

Public key infrastructure (PKI) is a reliable solution for Internet communication. PKI finds applications in secure email, virtual private network (VPN), e‐commerce, e‐governance, and so on. It provides a secure mechanism to authenticate users and communications. The conventional PKI system is centralized, which exposes the infrastructure to many security issues. The digital certificate generation and validation processes in PKI suffer from high latency and inadequate authentication processes. Moreover, it needs enormous time and effort to mitigate the malfeasance of the certificate authority (CA). The complexity of employing the traditional key and certificate management increases by enforcing the centralized CA$$ CA $$, which can compromise the transaction security. To overcome the aforementioned issues of PKI, three different solutions have been reported in the literature: Log based PKI (LBPKI), Web of Trust (WoT), and blockchain based PKI. The blockchain based PKI achieves more attention as it is the combination of LBPKI and WoT, which serves distributed trust, log of transactions, and constant sized data to verify the identity of users. Motivated by these facts, this article reports a blockchain‐based PKI system which has a lighter smart contract and less storage capacity and is also suitable for lightweight applications. The lighter smart contract in our infrastructure uses a threshold0.3emvalue$$ threshold\kern0.3em value $$, which validates the limit of one participating node for becoming the CA$$ CA $$ of any transaction inside the network. This approach can prevent distributed denial of service (DDoS) attacks. This smart contract also checks the signer node address. The proposed smart contract can prevent seven cyber attacks, such as Denial of Service (DoS), Man in the Middle Attack (MITM), Distributed Denial of Service (DDoS), 51%, Injection attacks, Routing Attack, and Eclipse attack. The Delegated Proof of Stake (DPoS) consensus algorithm used in this model reduces the number of validators for each transaction which makes it suitable for lightweight applications. The timing complexity of key/certificate validation and signature/certificate revocation processes do not depend on the number of transactions. The comparisons of various timing parameters with existing solutions show that the proposed PKI is competitively better.

show abstract

A Blockchain-based Method for Decentralizing the ACME Protocol to Enhance Trust in PKI

Cited by 10 publications

References 15 publications

Current Trends in Blockchain Implementations on the Paradigm of Public Key Infrastructure: A Survey

Current Trends in Blockchain Implementations on the Paradigm of Public Key Infrastructure: A Survey

A Semidecentralized PKI System Based on Public Blockchains with Automatic Indemnification Mechanism

Smart contract assisted blockchain based public key infrastructure system

Contact Info

Product

Resources

About