Abstract
Transport Layer Security (TLS) is the main standard designed for secure connections over the Internet. Security of TLS connections against active Man-in-the-Middle attacks relies on correctly validating public-key certificates during TLS handshake authentication. Although Certificate Transparency (CT) and further improved CT system—IKP mitigated the certificate authentication issues from the perspective of monitoring CA misbehavior, less attentions have been paid to consider the misbehavior of domain in using certificates during TLS handshake authentication. One misusing case is that domains refuse to use the certificates in Certificate Transparency Log for their own profits, the other is that a malicious domain impersonates the real one to deceive clients. In order to defend against domain’s misbehaviors in using certificates, we propose ETDA system based on IKP and CT aiming to enhance the security of TLS protocol from a novel perspective. ETDA is a blockchain-based system enforcing the automatic punishments in response to domain misbehavior and compensations to the client during TLS handshake authentication. The decentralized nature and incentives mechanism of ETDA provide an effective approach to prevent domains from sending invalid certificates to clients. We implement this system through Ethereum platform and Game Theory, which proved to be both technically and economically feasible.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
