Next Article in Journal
SimpliFI: Hardware Simulation of Embedded Software Fault Attacks
Previous Article in Journal
CONFISCA: An SIMD-Based Concurrent FI and SCA Countermeasure with Switchable Performance and Security Modes
Article

Associative Blockchain for Decentralized PKI Transparency

1
School of Computer Science, Queensland University of Technology, Brisbane City, QLD 4000, Australia
2
Department of Combinatorics & Optimization, University of Waterloo, Waterloo, ON N2L3G1, Canada
*
Author to whom correspondence should be addressed.
Academic Editor: Rongxing Lu
Received: 21 March 2021 / Revised: 25 May 2021 / Accepted: 25 May 2021 / Published: 28 May 2021
The conventional public key infrastructure (PKI) model, which powers most of the Internet, suffers from an excess of trust into certificate authorities (CAs), compounded by a lack of transparency which makes it vulnerable to hard-to-detect targeted stealth impersonation attacks. Existing approaches to make certificate issuance more transparent, including ones based on blockchains, are still somewhat centralized. We present decentralized PKI transparency (DPKIT): a decentralized client-based approach to enforcing transparency in certificate issuance and revocation while eliminating single points of failure. DPKIT efficiently leverages an existing blockchain to realize an append-only, distributed associative array, which allows anyone (or their browser) to audit and update the history of all publicly issued certificates and revocations for any domain. Our technical contributions include definitions for append-only associative ledgers, a security model for certificate transparency, and a formal analysis of our DPKIT construction with respect to the same. Intended as a client-side browser extension, DPKIT will be effective at fraud detection and prosecution, even under fledgling user adoption, and with better coverage and privacy than federated observatories, such as Google’s or the Electronic Frontier Foundation’s. View Full-Text
Keywords: certificate transparency; blockchain; digital certificates certificate transparency; blockchain; digital certificates
Show Figures

Figure 1

MDPI and ACS Style

Boyen, X.; Herath, U.; McKague, M.; Stebila, D. Associative Blockchain for Decentralized PKI Transparency. Cryptography 2021, 5, 14. https://0-doi-org.brum.beds.ac.uk/10.3390/cryptography5020014

AMA Style

Boyen X, Herath U, McKague M, Stebila D. Associative Blockchain for Decentralized PKI Transparency. Cryptography. 2021; 5(2):14. https://0-doi-org.brum.beds.ac.uk/10.3390/cryptography5020014

Chicago/Turabian Style

Boyen, Xavier, Udyani Herath, Matthew McKague, and Douglas Stebila. 2021. "Associative Blockchain for Decentralized PKI Transparency" Cryptography 5, no. 2: 14. https://0-doi-org.brum.beds.ac.uk/10.3390/cryptography5020014

Find Other Styles
Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Article Access Map by Country/Region

1
Back to TopTop