【Author】
Xia, Bingqing; Ji, Dongyao; Yao, Gang
【Source】ADVANCES IN INFORMATION AND COMPUTER SECURITY, IWSEC 2017
【Abstract】Transport Layer Security (TLS) is the main standard designed for secure connections over the Internet. Security of TLS connections against active Man-in-the-Middle attacks relies on correctly validating public-key certificates during TLS handshake authentication. Although Certificate Transparency (CT) and further improved CT system-IKP mitigated the certificate authentication issues from the perspective of monitoring CA misbehavior, less attentions have been paid to consider the misbehavior of domain in using certificates during TLS handshake authentication. One misusing case is that domains refuse to use the certificates in Certificate Transparency Log for their own profits, the other is that a malicious domain impersonates the real one to deceive clients. In order to defend against domain's misbehaviors in using certificates, we propose ETDA system based on IKP and CT aiming to enhance the security of TLS protocol from a novel perspective. ETDA is a blockchain-based system enforcing the automatic punishments in response to domain misbehavior and compensations to the client during TLS handshake authentication. The decentralized nature and incentives mechanism of ETDA provide an effective approach to prevent domains from sending invalid certificates to clients. We implement this system through Ethereum platform and Game Theory, which proved to be both technically and economically feasible.
【Keywords】TLS Handshake Protocol; Certificate transparency; Ethereum blockchain; Smart contract; Game Theory
评论