A Decentralized Certification Authority Based on Real World Trust Relationships

Abstract

The public key infrastructure (PKI) provides security services for e-commerce, e-government and other cyber transactions. certification authority (CA), a critical component of PKI, acts as a trust third party (TTP) among these applications. A CA is usually controlled and operated by an authority in real world, which stores and publishes users' public key and other attributes. However, various types of attributes on certificates are always determined by several authorities instead of a single one. Based on the practical experiences, PKI must be built on real world trust relationships [1], but CAs, registration authorities (RAs) and other commodity PKI components cannotreflect these relationships among authorities well. Although some decentralized CA systems [2, 3] are designed and these CAs are operated by several administrators cooperatively, they focus on the security of CApsilas private key but not the trust relationships among administrators. To the best of our knowledge, no systematic work has been conducted to integrate several real world authorities into a CA, reflecting their trust relationships through system structure. We present a decentralized CA system, which is built and operated on real world trust relationships among several authorities, and issues standard X.509 certificates. Different authorities are responsible for different attributes on certificates, which make the certificates more trust and make the CA more similar to real world.