Show simple item record

dc.contributor.authorKubilay, Murat
dc.contributor.authorMantar, Haci Ali
dc.contributor.authorKiraz, Mehmet Sabir
dc.date.accessioned2019-07-10T15:17:51Z
dc.date.available2019-07-10T15:17:51Z
dc.date.issued2019-05-21
dc.identifier.citationKubilay, M., Mantar, H.A. and Kiraz, M.S. (2019) CertLedger: A New PKI Model with Certi cate Transparency Based on Blockchain. Computers & Security, 85, pp. 333-352en
dc.identifier.urihttps://www.dora.dmu.ac.uk/handle/2086/18204
dc.descriptionThe file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.en
dc.description.abstractIn conventional PKI, CAs are assumed to be fully trusted. However, in practice, CAs' absolute responsibility for providing trustworthiness caused major security and privacy issues. To prevent such issues, Google introduced the concept of Certi cate Transparency (CT) in 2013. Later, several new PKI models are proposed to reduce the level of trust to the CAs. However, all of these proposals are still vulnerable to split-world attacks if the adversary is capable of showing different views of the log to the targeted victims. In this paper, we propose a new PKI architecture with certi cate transparency based on blockchain, what we called CertLedger, to eliminate the split-world attacks and to provide certi cate/revocation transparency. All TLS certi cates' validation, storage, and entire revocation process is conducted in CertLedger as well as Trusted CA certi cate management. During a TLS connection, TLS clients get an efficient proof of existence of the certi cate directly from its domain owners. Hence, privacy is now perfectly preserved by eliminating the traceability issue via OCSP servers. It also provides a unique, efficient, and trustworthy certi cate validation process eliminating the conventional inadequate and incompatible certi cate validation processes implemented by different software vendors. TLS clients in CertLedger also do not require to make certi cate validation and store the trusted CA certi cates anymore. We analyze the security and performance of CertLedger and provide a comparison with the previous proposals. Finally, we implement its protoype on Ethereum to demonstrate experimental results. The results show that the performance of the TLS handshake and certi cate validation through CertLedger is signi cantly improved compared to the current TLS protocol.en
dc.language.isoenen
dc.publisherElsevieren
dc.subjectPKIen
dc.subjectSSL/TLSen
dc.subjectPrivacyen
dc.subjectBlockchainen
dc.subjectCertificate Transparencyen
dc.subjectCertificate validationen
dc.titleCertLedger: A New PKI Model with Certi cate Transparency Based on Blockchainen
dc.typeArticleen
dc.identifier.doihttps://doi.org/10.1016/j.cose.2019.05.013
dc.peerreviewedYesen
dc.funderNo external funderen
dc.cclicenceCC-BY-NC-NDen
dc.date.acceptance2019-05-15
dc.researchinstituteCyber Technology Institute (CTI)en


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record