Abstract
Traditional PKIs face a well-known vulnerability that caused by compromised Certificate Authorities (CA) issuing bogus certificates. Several solutions like AKI and ARPKI have been proposed to address this vulnerability. However, they require complex interactions and synchronization among related entities, and their security has not been validated with wide deployment. We propose an accountable, flexible and efficient decentralized PKI to achieve the same goal using the blockchain technology of Bitcoin, which has been proven to be secure and reliable. The proposed scheme, called BKI, realizes certificate issuance, update and revocation with transactions on a special blockchain that is managed by multiple trusted maintainers. BKI achieves accountability and is easy to check certificate validity, and it is also more secure than centralized PKIs. Moreover, the certificate status update interval of BKI is in seconds, significantly reducing the vulnerability window. In addition, BKI is more flexible than AKI and ARPKI in that the number of required CAs to issue certificates is tunable for different applications. We analyze BKI’s security and performance, and present details on implementation of BKI. Experiments using Ethereum show that certificate issuance/update/revocation cost 2.38 ms/2.39 ms/1.59 ms respectively.
Z. Wan—This work was supported by the National Natural Science Foundation of China under Grant 61370027.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Kim, T.H.J., Huang, L.S., Perring, A., Jackson, C., Gligor, V.: Accountable key infrastructure (AKI): a proposal for a public-key validation infrastructure. In: Proceedings of the International World Wide Web Conference, pp. 679–690. ACM (2013)
Basin, D., Cremers, C., Kim, T.H.J., Perrig, A., Sasse, R., Szalachowski, P.: ARPKI: Attack resilient public-key infrastructure. In: Proceedings of ACM CCS 2014, pp. 382–393. ACM (2014)
Ryan, M.D.: Enhanced certificate transparency and end-to-end encrypted mail. In: Proceedings of NDSS (2014)
Yu, J., Cheval, V., Ryan, M.: DTKI: a new formalized PKI with no trusted parties (2014). http://arxiv.org/abs/1408.1023
Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system (2008). http://bitcoin.org/bitcoin.pdf
Wood, G.: Ethereum: a secure decentralised generalised transaction ledger (2014). http://gavwood.com/Paper.pdf
Buterin, V.: Ethereum white paper: a next generation smart contract and decentralized application platform (2013). https://github.com/ethereum/wiki/wiki/White-Paper
Laurie, B., Langley, A., Kasper, E.: Certificate transparency. IETF RFC 6962 (2013)
Laurie, B., Kasper, E.: Revocation transparency. Google Research, September 2012
Eckersley, P.: Sovereign key cryptography for internet domains (2011). https://git.eff.org/?p=sovereign-keys.git
Androulaki, E., Cachin, C., Christidis, K., Murthy, C., Nguyen, B., Vukolić, M.: Hyperledger fabric proposals: next consensus architecture proposal (2016)
King, S., Nadal, S.: PPCoin: Peer-to-peer crypto-currency with proof-of-stake (2012). http://peerco.in/assets/paper/peercoin-paper.pdf
Buterin, V.: Slasher: a punitive proof-of-stake algorithm (2014). https://blog.ethereum.org/2014/01/15/slasher-a-punitive-proof-of-stake-algorithm
Larimer, D.: Delegated proof-of-stake (DPOS). Bitshare whitepaper (2014)
Castro, M., Liskov, B.: Practical byzantine fault tolerance. In: OSDI. 99, pp. 173–186 (1999)
Work2Heat: understanding the ethereum trie (2014). https://easythereentropy.wordpress.com/2014/06/04/understanding-the-ethereum-trie/
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Wan, Z., Guan, Z., Zhuo, F., Xian, H. (2018). BKI: Towards Accountable and Decentralized Public-Key Infrastructure with Blockchain. In: Lin, X., Ghorbani, A., Ren, K., Zhu, S., Zhang, A. (eds) Security and Privacy in Communication Networks. SecureComm 2017. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 238. Springer, Cham. https://doi.org/10.1007/978-3-319-78813-5_33
Download citation
DOI: https://doi.org/10.1007/978-3-319-78813-5_33
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-78812-8
Online ISBN: 978-3-319-78813-5
eBook Packages: Computer ScienceComputer Science (R0)