Skip to main content
Springer Nature Link
Log in

BKI: Towards Accountable and Decentralized Public-Key Infrastructure with Blockchain

  • Conference paper
  • First Online:
Security and Privacy in Communication Networks (SecureComm 2017)

Abstract

Traditional PKIs face a well-known vulnerability that caused by compromised Certificate Authorities (CA) issuing bogus certificates. Several solutions like AKI and ARPKI have been proposed to address this vulnerability. However, they require complex interactions and synchronization among related entities, and their security has not been validated with wide deployment. We propose an accountable, flexible and efficient decentralized PKI to achieve the same goal using the blockchain technology of Bitcoin, which has been proven to be secure and reliable. The proposed scheme, called BKI, realizes certificate issuance, update and revocation with transactions on a special blockchain that is managed by multiple trusted maintainers. BKI achieves accountability and is easy to check certificate validity, and it is also more secure than centralized PKIs. Moreover, the certificate status update interval of BKI is in seconds, significantly reducing the vulnerability window. In addition, BKI is more flexible than AKI and ARPKI in that the number of required CAs to issue certificates is tunable for different applications. We analyze BKI’s security and performance, and present details on implementation of BKI. Experiments using Ethereum show that certificate issuance/update/revocation cost 2.38 ms/2.39 ms/1.59 ms respectively.

Z. Wan—This work was supported by the National Natural Science Foundation of China under Grant 61370027.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Kim, T.H.J., Huang, L.S., Perring, A., Jackson, C., Gligor, V.: Accountable key infrastructure (AKI): a proposal for a public-key validation infrastructure. In: Proceedings of the International World Wide Web Conference, pp. 679–690. ACM (2013)

    Google Scholar 

  2. Basin, D., Cremers, C., Kim, T.H.J., Perrig, A., Sasse, R., Szalachowski, P.: ARPKI: Attack resilient public-key infrastructure. In: Proceedings of ACM CCS 2014, pp. 382–393. ACM (2014)

    Google Scholar 

  3. Ryan, M.D.: Enhanced certificate transparency and end-to-end encrypted mail. In: Proceedings of NDSS (2014)

    Google Scholar 

  4. Yu, J., Cheval, V., Ryan, M.: DTKI: a new formalized PKI with no trusted parties (2014). http://arxiv.org/abs/1408.1023

  5. Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system (2008). http://bitcoin.org/bitcoin.pdf

  6. Wood, G.: Ethereum: a secure decentralised generalised transaction ledger (2014). http://gavwood.com/Paper.pdf

  7. Buterin, V.: Ethereum white paper: a next generation smart contract and decentralized application platform (2013). https://github.com/ethereum/wiki/wiki/White-Paper

  8. Laurie, B., Langley, A., Kasper, E.: Certificate transparency. IETF RFC 6962 (2013)

    Google Scholar 

  9. Laurie, B., Kasper, E.: Revocation transparency. Google Research, September 2012

    Google Scholar 

  10. Eckersley, P.: Sovereign key cryptography for internet domains (2011). https://git.eff.org/?p=sovereign-keys.git

  11. Androulaki, E., Cachin, C., Christidis, K., Murthy, C., Nguyen, B., Vukolić, M.: Hyperledger fabric proposals: next consensus architecture proposal (2016)

    Google Scholar 

  12. King, S., Nadal, S.: PPCoin: Peer-to-peer crypto-currency with proof-of-stake (2012). http://peerco.in/assets/paper/peercoin-paper.pdf

  13. Buterin, V.: Slasher: a punitive proof-of-stake algorithm (2014). https://blog.ethereum.org/2014/01/15/slasher-a-punitive-proof-of-stake-algorithm

  14. Larimer, D.: Delegated proof-of-stake (DPOS). Bitshare whitepaper (2014)

    Google Scholar 

  15. Castro, M., Liskov, B.: Practical byzantine fault tolerance. In: OSDI. 99, pp. 173–186 (1999)

    Google Scholar 

  16. Work2Heat: understanding the ethereum trie (2014). https://easythereentropy.wordpress.com/2014/06/04/understanding-the-ethereum-trie/

Download references

Author information

Authors and Affiliations

  1. School of Computer Science and Technology, Shandong University, Jinan, Shandong, China

    Zhiguo Wan, Zhangshuang Guan & Feng Zhuo

  2. College of Computer Science and Technology, Qingdao University, Qingdao, Shandong, China

    Hequn Xian

Authors
  1. Zhiguo Wan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Zhangshuang Guan
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Feng Zhuo
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Hequn Xian
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Zhiguo Wan .

Editor information

Editors and Affiliations

  1. Wilfrid Laurier University, Waterloo, Ontario, Canada

    Xiaodong Lin

  2. University of New Brunswick, Fredericton, New Brunswick, Canada

    Ali Ghorbani

  3. University at Buffalo, Buffalo, New York, USA

    Kui Ren

  4. Pennsylvania State University, Philadelphia, Pennsylvania, USA

    Sencun Zhu

  5. Anhui Normal University, Wuhu, China

    Aiqing Zhang

Rights and permissions

Reprints and permissions

Copyright information

© 2018 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Wan, Z., Guan, Z., Zhuo, F., Xian, H. (2018). BKI: Towards Accountable and Decentralized Public-Key Infrastructure with Blockchain. In: Lin, X., Ghorbani, A., Ren, K., Zhu, S., Zhang, A. (eds) Security and Privacy in Communication Networks. SecureComm 2017. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 238. Springer, Cham. https://doi.org/10.1007/978-3-319-78813-5_33

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-78813-5_33

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-78812-8

  • Online ISBN: 978-3-319-78813-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation