Paper 2018/1232

Certificate Transparency Using Blockchain

D S V Madala, Mahabir Prasad Jhanwar, and Anupam Chattopadhyay

Abstract

The security of web communication via the SSL/TLS protocols relies on safe distributions of public keys associated with web domains in the form of $\mathsf{X.509}$ certificates. Certificate authorities (CAs) are trusted third parties that issue these certificates. However, the CA ecosystem is fragile and prone to compromises. Starting with Google's Certificate Transparency project, a number of research works have recently looked at adding transparency for better CA accountability, effectively through public logs of all certificates issued by certification authorities, to augment the current $\mathsf{X.509}$ certificate validation process into SSL/TLS. In this paper, leveraging recent progress in blockchain technology, we propose a novel system, called $\mathsf{CTB} $, that makes it impossible for a CA to issue a certificate for a domain without obtaining consent from the domain owner. We further make progress to equip $\mathsf{CTB}$ with certificate revocation mechanism. We implement $\mathsf{CTB}$ using IBM's Hyperledger Fabric blockchain platform. $\mathsf{CTB}$'s smart contract, written in Go, is provided for complete reference.

Metadata
Available format(s)
PDF
Category
Applications
Publication info
Published elsewhere. BlockSEA 2018 The 1st Workshop on Blockchain and Sharing Economy Applications
Keywords
TLSBlockchainHyperledger
Contact author(s)
mahavir jhawar @ ashoka edu in
History
2018-12-31: received
Short URL
https://ia.cr/2018/1232
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2018/1232,
      author = {D S V  Madala and Mahabir Prasad Jhanwar and Anupam Chattopadhyay},
      title = {Certificate Transparency Using Blockchain},
      howpublished = {Cryptology ePrint Archive, Paper 2018/1232},
      year = {2018},
      note = {\url{https://eprint.iacr.org/2018/1232}},
      url = {https://eprint.iacr.org/2018/1232}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.