CertLedger: A New PKI Model with Certificate Transparency Based on Blockchain
Murat Yasin Kubilay, Mehmet Sabir Kiraz, Haci Ali Mantar
TL;DR
CertLedger introduces a blockchain-based PKI model that ensures transparent, trustworthy certificate management and revocation, effectively preventing split-world attacks and reducing reliance on traditional trusted CAs.
Contribution
This paper presents CertLedger, a novel blockchain-based PKI architecture that enhances security and transparency in certificate validation and revocation processes.
Findings
CertLedger effectively prevents split-world attacks.
It offers a more efficient certificate validation process.
The system reduces reliance on traditional trusted CAs.
Abstract
In conventional PKI, CAs are assumed to be fully trusted. However, in practice, CAs' absolute responsibility for providing trustworthiness caused major security and privacy issues. To prevent such issues, Google introduced the concept of Certificate Transparency (CT) in 2013. Later, several new PKI models (e.g., AKI, ARPKI, and DTKI) are proposed to reduce the level of trust to the CAs. However, all of these proposals are still vulnerable to split-world attacks if the adversary is capable of showing different views of the log to the targeted victims. In this paper, we propose a new PKI architecture with certificate transparency based on blockchain, what we called CertLedger, to eliminate the split-world attacks and to provide an ideal certificate/revocation transparency. All TLS certificates, their revocation status, entire revocation process, and trusted CA management are conducted in…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.