Application of Public Ledgers to Revocation in Distributed Access Control

TL;DR

This paper explores how public ledgers, like blockchains, can be effectively used for revocation in distributed access control, addressing challenges of negative information management and proposing an efficient ledger design.

Contribution

It introduces a novel ledger design tailored for membership revocation, combining blockchain concepts with web-PKI monitoring to improve distributed access control.

Findings

Different revocation types require specific ledger properties

The proposed design effectively manages certificate revocation

Comparison with Bitcoin highlights tailored requirements for access control

Abstract

There has recently been a flood of interest in potential new applications of blockchains, as well as proposals for more generic designs called public ledgers. Most of the novel proposals have been in the financial sector. However, the public ledger is an abstraction that solves several of the fundamental problems in the design of secure distributed systems: global time in the form of a strict linear order of past events, globally consistent and immutable view of the history, and enforcement of some application-specific safety properties. This paper investigates the applications of public ledgers to access control and, more specifically, to group management in distributed systems where entities are represented by their public keys and authorization is encoded into signed certificates. It is particularly difficult to handle negative information, such as revocation of certificates or group membership, in the distributed setting. The linear order of events and global consistency simplify these problems, but the enforcement of internal constraints in the ledger implementation often presents problems. We show that different types of revocation require slightly different properties from the ledger. We compare the requirements with Bitcoin, the best known blockchain, and describe an efficient ledger design for membership revocation that combines ideas from blockchains and from web-PKI monitoring. While we use certificate-based group-membership management as the case study, the same ideas can be applied more widely to rights revocation in distributed systems.