Abstract

Modern Internet TCP uses Secure Sockets Layers (SSL)/Transport Layer Security (TLS) for secure communication, which relies on Public Key Infrastructure (PKIs) to authenticate public keys. Conventional PKI is done by Certification Authorities (CAs), issuing and storing Digital Certificates, which are public keys of users with the users identity. This leads to centralization of authority with the CAs and the storage of CAs being vulnerable and imposes a security concern. There have been instances in the past where CAs have issued rogue certificates or the CAs have been hacked to issue malicious certificates. Motivated from these facts, in this paper, we propose a method (named as Trustful), which aims to build a decentralized PKI using blockchain. Blockchains provide immutable storage in a decentralized manner and allows us to write smart contracts. Ethereum blockchain can be used to build a web of trust model where users can publish attributes, validate attributes about other users by signing them and creating a trust store of users that they trust. Trustful works on the Web-of-Trust (WoT) model and allows for any entity on the network to verify attributes about any other entity through a trusted network. This provides an alternative to the conventional CA-based identity verification model. The proposed model has been implemented and tested for efficacy and known major security attacks.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.