Paper 2018/1071

CertLedger: A New PKI Model with Certificate Transparency Based on Blockchain

Murat Yasin Kubilay, Mehmet Sabir Kiraz, and Haci Ali Mantar

Abstract

In conventional PKI, CAs are assumed to be fully trusted. However, in practice, CAs' absolute responsibility for providing trustworthiness caused major security and privacy issues. To prevent such issues, Google introduced the concept of Certificate Transparency (CT) in 2013. Later, several new PKI models (e.g., AKI, ARPKI, and DTKI) are proposed to reduce the level of trust to the CAs. However, all of these proposals are still vulnerable to split-world attacks if the adversary is capable of showing different views of the log to the targeted victims. In this paper, we propose a new PKI architecture with certificate transparency based on blockchain, what we called CertLedger, to eliminate the split-world attacks and to provide certificate/revocation transparency. All TLS certificates' validation, storage, and entire revocation process are conducted in CertLedger as well as Trusted CA certificate management. During a TLS connection, TLS clients get an efficient proof of existence of the certificate directly from its domain owners. Hence, privacy is now perfectly preserved by eliminating the traceability issue of OCSP servers. It also provides a unique, efficient, and trustworthy certificate validation process eliminating the conventional inadequate and incompatible certificate validation processes implemented by different software vendors. TLS clients in CertLedger also do not require to make certificate validation and store the trusted CA certificates anymore. We analyze the security and performance of CertLedger and provide a comparison with the previous proposals.

Note: Only minor changes.

Metadata
Available format(s)
PDF
Publication info
Preprint. MINOR revision.
Keywords
PKISSLTLSCertificate TransparencyCertificate validationPrivacyBlockchain.
Contact author(s)
mehmet kiraz @ dmu ac uk
History
2019-04-29: last of 5 revisions
2018-11-09: received
See all versions
Short URL
https://ia.cr/2018/1071
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2018/1071,
      author = {Murat Yasin Kubilay and Mehmet Sabir Kiraz and Haci Ali Mantar},
      title = {{CertLedger}: A New {PKI} Model with Certificate Transparency Based on Blockchain},
      howpublished = {Cryptology {ePrint} Archive, Paper 2018/1071},
      year = {2018},
      url = {https://eprint.iacr.org/2018/1071}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.