• Login
    View Item 
    •   DORA Home
    • Faculty of Computing, Engineering and Media
    • School of Computer Science and Informatics
    • View Item
    •   DORA Home
    • Faculty of Computing, Engineering and Media
    • School of Computer Science and Informatics
    • View Item
    JavaScript is disabled for your browser. Some features of this site may not work without it.

    CertLedger: A New PKI Model with Certi cate Transparency Based on Blockchain

    Thumbnail
    View/Open
    CertLedger.pdf (654.8Kb)
    Date
    2019-05-21
    Author
    Kubilay, Murat;
    Mantar, Haci Ali;
    Kiraz, Mehmet Sabir
    Metadata
    Show attachments and full item record
    Abstract
    In conventional PKI, CAs are assumed to be fully trusted. However, in practice, CAs' absolute responsibility for providing trustworthiness caused major security and privacy issues. To prevent such issues, Google introduced the concept of Certi cate Transparency (CT) in 2013. Later, several new PKI models are proposed to reduce the level of trust to the CAs. However, all of these proposals are still vulnerable to split-world attacks if the adversary is capable of showing different views of the log to the targeted victims. In this paper, we propose a new PKI architecture with certi cate transparency based on blockchain, what we called CertLedger, to eliminate the split-world attacks and to provide certi cate/revocation transparency. All TLS certi cates' validation, storage, and entire revocation process is conducted in CertLedger as well as Trusted CA certi cate management. During a TLS connection, TLS clients get an efficient proof of existence of the certi cate directly from its domain owners. Hence, privacy is now perfectly preserved by eliminating the traceability issue via OCSP servers. It also provides a unique, efficient, and trustworthy certi cate validation process eliminating the conventional inadequate and incompatible certi cate validation processes implemented by different software vendors. TLS clients in CertLedger also do not require to make certi cate validation and store the trusted CA certi cates anymore. We analyze the security and performance of CertLedger and provide a comparison with the previous proposals. Finally, we implement its protoype on Ethereum to demonstrate experimental results. The results show that the performance of the TLS handshake and certi cate validation through CertLedger is signi cantly improved compared to the current TLS protocol.
    Description
    The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.
    Citation : Kubilay, M., Mantar, H.A. and Kiraz, M.S. (2019) CertLedger: A New PKI Model with Certi cate Transparency Based on Blockchain. Computers & Security, 85, pp. 333-352
    URI
    https://www.dora.dmu.ac.uk/handle/2086/18204
    DOI
    https://doi.org/10.1016/j.cose.2019.05.013
    Research Institute : Cyber Technology Institute (CTI)
    Peer Reviewed : Yes
    Collections
    • School of Computer Science and Informatics [2978]

    Submission Guide | Reporting Guide | Reporting Tool | DMU Open Access Libguide | Take Down Policy | Connect with DORA
    DMU LIbrary
     

     

    Browse

    All of DORACommunities & CollectionsAuthorsTitlesSubjects/KeywordsResearch InstituteBy Publication DateBy Submission DateThis CollectionAuthorsTitlesSubjects/KeywordsResearch InstituteBy Publication DateBy Submission Date

    My Account

    Login

    Submission Guide | Reporting Guide | Reporting Tool | DMU Open Access Libguide | Take Down Policy | Connect with DORA
    DMU LIbrary