KORGAN: An Efficient PKI Architecture Based on PBFT Through Dynamic Threshold Signatures

【Author】 Kubilay, Murat Yasin; Kiraz, Mehmet Sabir; Mantar, Haci Ali

【Source】COMPUTER JOURNAL

【影响因子】1.762

【Abstract】During the past decade, several misbehaving certificate authorities (CAs) have issued fraudulent TLS certificates allowing man-in-the-middle (MITM) kinds of attacks that result in serious security incidents. In order to avoid such incidents, Yakubov et al. ((2018) A blockchain-based PKI management framework. NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium, Taipei, Taiwan, April, pp. 16. IEEE) recently proposed a new public key infrastructure (PKI) architecture where CAs issue, revoke and validate X.509 certificates on a public blockchain. However, in their proposal TLS clients are subject to MITM kinds of attacks, and certificate transparency is not fully provided. In this paper, we eliminate the issues of the Yakubov et al.'s scheme and propose a new PKI architecture based on permissioned blockchain with PBFT consensus mechanism where the consensus nodes utilize a dynamic threshold signature scheme to generate signed blocks. In this way, the trust to the intermediary entities can be completely eliminated during certificate validation. Our scheme enjoys the dynamic property of the threshold signature because TLS clients do not have to change the verification key even if the validator set is dynamic. We implement our proposal on private Ethereum network to demonstrate the experimental results. The results show that our proposal has negligible overhead during TLS handshake. The certificate validation duration is less than the duration in the conventional PKI and Yakubov et al.'s scheme.

【Keywords】SSL/TLS; PKI; certificate transparency; PBFT; dynamic threshold signatures

【发表时间】2021 APR

【收录时间】2022-01-02

【文献类型】

【主题类别】

--