Abstract
Transport Layer Security (TLS) is the main standard designed for secure connections over the Internet. Security of TLS connections against active Man-in-the-Middle attacks relies on correctly validating public-key certificates during TLS handshake authentication. Although Certificate Transparency (CT) and further improved CT system—IKP mitigated the certificate authentication issues from the perspective of monitoring CA misbehavior, less attentions have been paid to consider the misbehavior of domain in using certificates during TLS handshake authentication. One misusing case is that domains refuse to use the certificates in Certificate Transparency Log for their own profits, the other is that a malicious domain impersonates the real one to deceive clients. In order to defend against domain’s misbehaviors in using certificates, we propose ETDA system based on IKP and CT aiming to enhance the security of TLS protocol from a novel perspective. ETDA is a blockchain-based system enforcing the automatic punishments in response to domain misbehavior and compensations to the client during TLS handshake authentication. The decentralized nature and incentives mechanism of ETDA provide an effective approach to prevent domains from sending invalid certificates to clients. We implement this system through Ethereum platform and Game Theory, which proved to be both technically and economically feasible.
This work was supported by the National Key Research and Development Program of China, No. 2016YFB0800503.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Rescorla, E.: The Transport Layer Security (TLS) Protocol Version 1.3-draft-ietf-tls-tls13-20, April 2017. https://tools.ietf.org/html/draft-ietf-tls-tls13-20
Laurie, B., Langley, A., Kasper, E. Certificate Transparency, June 2013. http://tools.ietf.org/pdf/rfc6962.pdf, IETF RFC 6962
Laurie, B., Kasper, E.: Revocation Transparency (2012). http://sump2.links.org/RevocationTransparency.pdf
Matsumoto, S., Reischuk, R.: IKP: Turning a PKI Around with Blockchains. Cryptology ePrint Archive: Report 2016/1018
Aura, T., Nikander, P., Leiwo, J.: DOS-resistant authentication with client puzzles. In: Christianson, B., Malcolm, J.A., Crispo, B., Roe, M. (eds.) Security Protocols 2000. LNCS, vol. 2133, pp. 170–177. Springer, Heidelberg (2001). doi:10.1007/3-540-44810-1_22
Luu, L., Chu, D., Olickel, H., Saxena, P., Hober, A.: Making smart contracts smarter. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 254–269, October 2016
Bhargavan, K., Lavaud, A., Fournet, C., Pironti, A., Strub, P.: Triple handshakes and cookie cutters: breaking and fixing authentication over TLS. In: IEEE Symposium on Security and Privacy (SP), pp. 98–113 (2014)
Nakamoto, S.: Bitcoin: A pee-to-peer electronic cash system (2008)
Delmolino, K., Arnett, M., Kosba, A., Miller, A., Shi, E.: Step by step towards creating a safe smart contract: lessons and insights from a cryptocurrency lab. In: Clark, J., Meiklejohn, S., Ryan, P.Y.A., Wallach, D., Brenner, M., Rohloff, K. (eds.) FC 2016. LNCS, vol. 9604, pp. 79–94. Springer, Heidelberg (2016). doi:10.1007/978-3-662-53357-4_6
Ethereum Foundation. Ethereum’s white paper (2014). https://github.com/ethereum/wiki/White-Paper
Bonneau, J.: EthIKS: using ethereum to audit a CONIKS key transparency log. In: Clark, J., Meiklejohn, S., Ryan, P.Y.A., Wallach, D., Brenner, M., Rohloff, K. (eds.) FC 2016. LNCS, vol. 9604, pp. 95–105. Springer, Heidelberg (2016). doi:10.1007/978-3-662-53357-4_7
Weibull, J.: Evolutionary Game Theory. MIT Press, Cambridge (1995)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Xia, B., Ji, D., Yao, G. (2017). Enhanced TLS Handshake Authentication with Blockchain and Smart Contract (Short Paper). In: Obana, S., Chida, K. (eds) Advances in Information and Computer Security. IWSEC 2017. Lecture Notes in Computer Science(), vol 10418. Springer, Cham. https://doi.org/10.1007/978-3-319-64200-0_4
Download citation
DOI: https://doi.org/10.1007/978-3-319-64200-0_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-64199-7
Online ISBN: 978-3-319-64200-0
eBook Packages: Computer ScienceComputer Science (R0)