CBPKI

Abstract

This paper proposes a cloud based public key infrastructure utilizing blockchain technology model for replacing the currently outdated traditional variant. Environments such as Big Data and IoT ecosystems have scalable and resilient needs that current public key infrastructure cannot satisfy. Enhancements over past models include the use of blockchains to establish persistent access to certificate data and certificate revocation lists. Further improvements made were the decoupling of data from the certificate authority as well as hosting it on a cloud provider in order to tap into traffic security measures of said provider. This results in a smaller viable attack surface for the proposed model. Instead of holding data within the transaction data fields of blocks, certificate data and status were embedded into smart contracts. Our tests revealed a significant performance increase of our proposed model over that of both traditional and the version that stored data within blocks. Storing the certificate data within smart contracts reduced the size of data to be mined which in turn lowered the time to mine said data to 6.6% of the time used for the block data storage method. Also, the mining gas cost per certificate was consequently cut by a significant 87%. In summary, completely decoupling the certificate authority portion of a public key infrastructure and storing certificate data inside smart contracts yields a sizable performance boost while decreasing the attack surface.