A Secure Two-Tier Domain Verification and Certificate Validation Integrating Intermediate Certificate Authorities and Secure Certificate Box

Abstract

Digital certificates play a key role in the public key infrastructure (PKI). They are mainly used to secure communication between a browser and a webserver to keep the transmitted data safe from interception. Digital certificates are issued by certificate authorities (CAs). Numerous CAs serve as root CAs around the world. Moreover, root CAs can delegate intermediate CAs (ICAs). Any CA can issue a certificate for any entity on the internet world. However, it will be difficult for an end user to identify which authorities are trustworthy and genuine. In addition, adversaries can quickly induce fraudulent certificates due to a lack of rigorous background checks for domain possession at the time of certificate issuance. Our work is primarily oriented towards incorporating the domain validation and certificate validity check from the client side as an additional security fortification. This is in addition to a novel associative approach for domain validation using ICAs. This paper presents a novel two-tier system for domain validation of servers. The system operates at two levels. At the first level, an associative validation of the domains by making use of multiple ICAs is employed. A set of CAs validates domain ownership before issuing the certificate to prevent false issuance of the certificate. In addition to this, during the initiation of the client–server connection, the client itself validates the certificate to make sure that the certificate received securely from any webserver is a genuine one.