Abstract
Public Key Infrastructure (PKI) is the cornerstone technology to solve trust issues in cyberspace. However, PKI faces a serious problem of centralized trust in Certificate Authorities (CAs). Fraudulent certificates issued by CAs due to misoperation, being deceived, or being compromised, are used to launch attacks like Man-in-the-Middle (MitM), spoofing, etc. To enhance the security of CAs, we present a domain-centric system based on blockchain called Domain Transparency (DT). Domain owners are enabled to declare issuance policies that CAs should comply with in the DT system, so that all issued certificates are authorized by them. Furthermore, we design a Domain Configuration Transaction (DCT) to manage policies and certificates of domains. To resist CAs’ misbehaviors, domain owners are involved in the certificate issuance process to balance the absolute authority of CAs. We conduct extensive security analysis and implement a prototype of DT based on Hyperledger Fabric for performance evaluations. Experimental results reveal that DT is superior to competitor schemes in terms of functionality, storage and communication cost.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
