DeTRACT: a decentralized, transparent, immutable and open PKI certificate framework

  • PDF / 960,805 Bytes
  • 18 Pages / 595.276 x 790.866 pts Page_size
  • 86 Downloads / 245 Views

DOWNLOAD

REPORT


REGULAR CONTRIBUTION

DeTRACT: a decentralized, transparent, immutable and open PKI certificate framework Thomas Sermpinis1 · George Vlahavas1

· Konstantinos Karasavvas1 · Athena Vakali1

© Springer-Verlag GmbH Germany, part of Springer Nature 2020

Abstract Public key infrastructure (PKI) is widely used over the Internet to secure and to encrypt communication among parties. PKI involves digital certificates which are managed by certificate authorities (CAs) that authenticate users identity, in order to establish encrypted communication channels. The centralized operation model of CAs has already caused several targeted attacks due to the distribution of rogue certificates. Users remain vulnerable since it is too challenging to detect and revoke such certificates, but also to speed up the user update process when a certificate is revoked. To address such issues, a decentralized PKI alternative approach, targeting Domain Validated certificates, is proposed. In the proposed approach, which is based on blockchain technologies (such as Bitcoin and Ethereum), the transparency, immutability and decentralization aspects of these technologies have been leveraged. Comparisons among the proposed approach, the conventional PKI and other decentralized approaches have been implemented to showcase the impact and the potential of the proposed approach. Keywords Decentralized PKI · Blockchain technologies · Certificate management

1 Introduction A secure model is necessary to safeguard the intense and evolving Internet users interactions, offering trusted user roles’ certification. Public key infrastructure (PKI) empowers entities to link their physical identity with the digital one, so that everyone acknowledges and trusts communication channels, which are used among users. PKI binds the physical identity of a user with certificates, which are issued, verified and revoked by a set of centralized entities, called certificate authorities (CAs). These certificates (or public keys) are the actual digital identities which correspond to individuals, and CAs verify the link between the users digital and the physical identity [1]. In public key cryptography, which is PKI’s approach to encrypt the communication between a server and the end user of a Web service, a “key pair” is used. This key pair consists of a “private key” which is known only to the owner of the key pair, and the “public key” which may be disseminated widely. The public key is actually derived from the private key by applying special “one-way” cryptographic

B 1

George Vlahavas [email protected] School of Informatics, Aristotle University of Thessaloniki, Thessaloniki, Greece

functions, such that everyone can encrypt a message with the public key, but only the owner of the corresponding private key can decrypt this message [2]. The RSA algorithm [3] is typically used for that purpose, although it is possible to use other algorithms as well. CAs are trusted parties which are built into any device and software that requires a secure communication between a client a