Abstract
The PKI framework is a widely used network identity verification framework. Users will register their identity information with a certification authority to obtain a digital certificate and then show the digital certificate to others as an identity certificate. After others receive the certificate, they must check the revocation list from the CA to confirm whether the certificate is valid. Although this architecture has a long history of use on the Internet, significant doubt surrounds its security. Because the CA may be attacked by DDoS, the verifier may not obtain the revocation list to complete the verification process. At present, there are many new PKI architectures that can improve on the CA’s single point of failure, but since they still have some shortcomings, the original architecture is still used. In this paper, we proposed a semidecentralized PKI architecture that can easily prevent a single point of failure. Users can obtain cryptographic evidence through specific protocols to clarify the responsibility for the incorrect certificate and then submit the cryptographic evidence to the smart contract for automatic judgment and indemnification.
Highlights
In a public key infrastructure (PKI) system, a Certificate Authority (CA) is responsible for issuing digital certificates
In addition to verifying the CA’s signature, the validity of the certificate requires confirmation as to whether the certificate has been revoked. ere are two methods to revoke the certificate. e first is called the Certificate Revocation List (CRL) [2], whereby the CA periodically publishes a revocation list. e verifier needs to download the complete revocation list to check whether the certificate is in the list. e second one is the Online Certificate Status Protocol (OCSP) [3], whereby the CA creates a certificate status database. e verifier only needs to provide the certificate information to the CA, whereupon the CA will return the latest status of the certificate to the verifier, based on the database. e current certificate status can be “Good” or “Revoked” or “Unknown.”
E main contributions of this paper are as follows: (1) e proposed scheme could protect CA from attacks, such as DDoS attack. (2) e high-trust public blockchain could not cope with the issuance of a large number of certificates. e problem is insufficient bandwidth
Summary
Decentralized public key infrastructure (DPKI) is used to solve the problems associated with the centralized PKI. One is trust networks, such as PGP [5], which is the most widely used software package for e-mail and file protection It establishes a decentralized trust model, wherein each party acts as a user and as a certification authority (CA); all users can be introducers to the web of trust, generate their key pairs, distribute their own public keys, and certify those of other users. E bulks of cryptocurrencies [7, 14] are blockchain-based and are decentralized networks comprising distributed ledgers that are enforced by a wide-ranging network of computers. Written in Solidity, smart contracts author the digital tokens that can be used as proxies for money or other valuable assets, ownership shares, evidence of membership, and so on. Developers can apply these schemes to analyze and verify both the runtime safety and the functional correctness of the smart contracts
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
