BlockPKI: An Automated, Resilient, and Transparent Public-Key Infrastructure

Dykcik, Lukasz; Chuat, Laurent; Szałachowski, Paweł; Perrig, Adrian

doi:10.1109/icdmw.2018.00022

Cited by 32 publications

(25 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Recently, Dykcik et al proposed BlockPKI that stores domains' certificates in a blockchain 22 . Briefly, in the BlockPKI, to eliminate the weakest link security, a requester requests multiple CAs to endorse a domain certificate using a multisignature algorithm (adopting the Schnorr algorithm).…”

Section: Related Workmentioning

confidence: 99%

“…We presume that the cryptographic building that we use for such as commitment, hash function, and signature is secure. Table 2 compares security of our scheme with the following seven log‐ and blockchain‐based proposals: CT, 19 AKI, 4 ARPKI, 34 DTKI, 55 BlockPKI, 22 CertChain, 59 and CertLedger 18 …”

Section: Security Analysismentioning

confidence: 99%

“…Similarly, recent blockchain‐based PKI proposals 18,20‐23 utilized permissionless blockchain to make the certificate management process transparent and accountable. Regrettably, blockchain‐based PKIs have several limitations.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

SCM: Secure and accountable TLS certificate management

Khan

Zhang

Zhu

et al. 2020

Int J Communication

View full text Add to dashboard Cite

Summary In classical public‐key infrastructure (PKI), the certificate authorities (CAs) are fully trusted, and the security of the PKI relies on the trustworthiness of the CAs. However, recent failures and compromises of CAs showed that if a CA is corrupted, fake certificates may be issued, and the security of clients will be at risk. As emerging solutions, blockchain‐ and log‐based PKI proposals potentially solved the shortcomings of the PKI, in particular, eliminating the weakest link security and providing a rapid remedy to CAs' problems. Nevertheless, log‐based PKIs are still exposed to split‐world attacks if the attacker is capable of presenting two distinct signed versions of the log to the targeted victim(s), while the blockchain‐based PKIs have scaling and high‐cost issues to be overcome. To address these problems, this paper presents a secure and accountable transport layer security (TLS) certificate management (SCM), which is a next‐generation PKI framework. It combines the two emerging architectures, introducing novel mechanisms, and makes CAs and log servers accountable to domain owners. In SCM, CA‐signed domain certificates are stored in log servers, while the management of CAs and log servers is handed over to a group of domain owners, which is conducted on the blockchain platform. Different from existing blockchain‐based PKI proposals, SCM decreases the storage cost of blockchain from several hundreds of GB to only hundreds of megabytes. Finally, we analyze the security and performance of SCM and compare SCM with previous blockchain‐ and log‐based PKI schemes.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Security Analysismentioning

confidence: 99%

See 1 more Smart Citation

SCM: Secure and accountable TLS certificate management

Khan

Zhang

Zhu

et al. 2020

Int J Communication

View full text Add to dashboard Cite

show abstract

“…Outside the VC realm, there are different proposals for PKI to be resilient against compromised insiders. Such schemes rely on signing a certificate by more than a threshold number of CAs, e.g., [44,62]; however, such schemes cannot be used by VC systems. For example, issuing a certificate in [44] takes approximately 2 minutes and it varies with the number of required CAs.…”

Section: Background and Related Workmentioning

confidence: 99%

“…Such schemes rely on signing a certificate by more than a threshold number of CAs, e.g., [44,62]; however, such schemes cannot be used by VC systems. For example, issuing a certificate in [44] takes approximately 2 minutes and it varies with the number of required CAs. Obviously, this contradicts with on-demand pseudonym acquisition strategies for VC systems, e.g., [55,56,60,65], which necessitate efficient pseudonym provisioning.…”

Section: Background and Related Workmentioning

confidence: 99%

Scaling pseudonymous authentication for large mobile systems

Khodaei¹,

Noroozi²,

Papadimitratos³

2019

Proceedings of the 12th Conference on Security and Privacy in Wireless and Mobile Networks

View full text Add to dashboard Cite

The central building block of secure and privacy-preserving Vehicular Communication (VC) systems is a Vehicular Public-Key Infrastructure (VPKI), which provides vehicles with multiple anonymized credentials, termed pseudonyms. These pseudonyms are used to ensure message authenticity and integrity while preserving vehicle (thus passenger) privacy. In the light of emerging largescale multi-domain VC environments, the efficiency of the VPKI and, more broadly, its scalability are paramount. By the same token, preventing misuse of the credentials, in particular, Sybil-based misbehavior, and managing "honest-but-curious" insiders are other facets of a challenging problem. In this paper, we leverage a stateof-the-art VPKI system and enhance its functionality towards a highly-available, dynamically-scalable, and resilient design; this ensures that the system remains operational in the presence of benign failures or resource depletion attacks, and that it dynamically scales out, or possibly scales in, according to request arrival rates. Our full-blown implementation on the Google Cloud Platform shows that deploying large-scale and efficient VPKI can be cost-effective.

show abstract

Decentralized Certificate Management for Network Function Virtualization (NFV) Implementation in 5G Networks

Yan

Yang

et al. 2021

Mobile Multimedia Communications

View full text Add to dashboard Cite

BlockPKI: An Automated, Resilient, and Transparent Public-Key Infrastructure

Cited by 32 publications

References 20 publications

SCM: Secure and accountable TLS certificate management

SCM: Secure and accountable TLS certificate management

Scaling pseudonymous authentication for large mobile systems

Decentralized Certificate Management for Network Function Virtualization (NFV) Implementation in 5G Networks

Contact Info

Product

Resources

About