基于区块链的高透明度PKI认证协议

doi:10.11959/j.issn.2096-109x.2022052

Abstract

Abstract:

The public key infrastructure (PKI), as an significant component of the current Internet security infrastructure, guarantees the information transmission with the necessary authenticity, integrity, confidentiality and non-repudiation.However, the existing PKI also has shortcomings of excessive power of certification authority and difficulties in revoking and querying.Blockchain can be used to solve those problems by leveraging its advantages, such as decentralization, high transparency and flat structure.Furthermore, the ability and efficiency of the entire Internet to establish trust relationships may be improved.The transparent public key infrastructure (PKI) certification protocol based on the blockchain was proposed.The TS-PBFT algorithm was designed in the proposed protocol by adopting the threshold signature technology to the Practical Byzantine fault tolerance (PBFT) algorithm.The TS-PBFT algorithm reduced the communication overhead via reducing the communication complexity, strengthened the supervision via introducing external monitoring mechanism in the master node election of the view change protocol, and also improved the performance of the consensus mechanism via adding a batch processing mechanism.Moreover, a transparent blockchain-based PKI certification protocol was designed.The proposed protocol increased the security of certificate revocation and query, it also improved the efficiency of the certificate query by the introduction of counting bloom filters.Besides, the proposed protocol added audit function into the certificate lifecycle management.Accordingly, it can supervise the behavior of the certificate authority (CA), prompt it to improve security standards, and then achieve the purpose of limiting its authority.According to the security analysis and efficiency experiments, the proposed protocol was equipped with security properties, such as the resistance to spoofing certificate application attacks, and it achieved the best performance on TLS/SSL handshake time compared with existing PKI protocols.

Key words: blockchain, Byzantine fault tolerant, public key infrastructure, authentication protocol

CLC Number:

TP393

Liquan CHEN, Xiao LI, Zheyi YANG, Sijie QIAN. Blockchain-based high transparent PKI authentication protocol[J]. Chinese Journal of Network and Information Security, 2022, 8(4): 1-11.

Figures/Tables 9

References 20

[1]	MATHUR S , ARORA A . Internet of things (IoT) and PKI-based Security Architecture[M]// Industrial Internet of Things and Cyber-Physical Systems:Transforming the Conventional to Digital. 2020: 25-46.
[2]	SERRANO N , HADAN H , CAMP L J . A complete study of PKI (PKI’s Known Incidents)[J]. SSRN Electronic Journal, 2019(47).
[3]	KAMINSKY D , PATTERSON M L , SASSAMAN L . PKI layer cake:new collision attacks against the global X.509 infrastructure[C]// International Conference on Financial Cryptography and Data Security. 2010: 289-303.
[4]	PRINS J R , CYBERCRIME B U . DigiNotar certificate authority breach “operation black tulip”[J]. Fox-IT, 2011,(11): 18.
[5]	DAVIDSON S , DE FILIPPI P , POTTS J . Blockchains and the economic institutions of capitalism[J]. Journal of Institutional Economics, 2018,14(4): 639-658.
[6]	FROMKNECHT C , VELICANU D , YAKOUBOV S . Certcoin:a namecoin based decentralized authentication system6.857 class project[J]. Unpublished Class Project, 2014.
[7]	AXON L , GOLDSMITH M . PB-PKI:a privacy-aware blockchain-based PKI[C]// SECRYPT. 2017: 311-318.
[8]	MATSUMOTO S , REISCHUK R M . IKP:turning a PKI around with decentralized automated incentives[C]// 2017 IEEE Symposium on Security and Privacy (SP). 2017: 410-426.
[9]	CHEN J , YAO S , YUAN Q ,et al. Certchain:public and efficient certificate audit based on blockchain for tls connections[C]// IEEE INFOCOM 2018-IEEE Conference on Computer Communications. 2018: 2060-2068.
[10]	KUBILAY M Y , KIRAZ M S , MANTAR H A . CertLedger:a new PKI model with certificate transparency based on blockchain[J]. Computers ＆ Security, 2019,85: 333-352.
[11]	马晓婷, 马文平, 刘小雪 . 基于区块链技术的跨域认证方案[J]. 电子学报, 2018,46(11): 2571-2579.
	MA X T , MA W P , LIU X X . A cross domain authentication scheme based on blockchain technology[J]. Acta Electronica Sinica, 2018,46(11): 2571-2579.
[12]	王昊, 吴天昊, 朱孔林 ,等. 交叉口场景下基于区块链技术的匿名车辆身份认证方案[J]. 网络与信息安全学报, 2020,6(5): 27-35.
	WANG H , WU T H , ZHU K L ,et al. Anonymous vehicle authentication scheme based on blockchain technology in the intersection scenario[J]. Chinese Journal of Network and Information Security, 2020,6(5): 27-35.
[13]	张勖, 马欣 . 基于区块链的轻量化移动自组网认证方案[J]. 网络与信息安全学报, 2020,6(4): 14-22.
	ZHANG X , MA X . Lightweight mobile Ad Hoc network authentication scheme based on blockchain[J]. Chinese Journal of Network and Information Security, 2020,6(4): 14-22.
[14]	LAMPORT L , FISCHER M . Byzantine generals and transaction commit protocols[R]. Technical Report 6. 1982.
[15]	CASTRO M , LISKOV B . Practical byzantine fault tolerance[C]// OSDI. 1999: 173-186.
[16]	HAO X , YU L , ZHIQIANG L ,et al. Dynamic practical byzantine fault tolerance[C]// 2018 IEEE Conference on Communications and Network Security (CNS). 2018: 1-8.
[17]	LI F , LIU K , LIU J ,et al. DHBFT:Dynamic hierarchical byzantine fault-tolerant consensus mechanism based on credit[C]// Asia-Pacific Web (APWeb) and Web-Age Information Management (WAIM) Joint International Conference on Web and Big Data. 2020: 3-17.
[18]	CHARITON A A , DEGKLERI E , PAPADOPOULOS P ,et al. CCSP:a compressed certificate status protocol[C]// IEEE INFOCOM 2017-IEEE Conference on Computer Communications. 2017: 1-9.
[19]	BASIN D , CREMERS C , KIM T H J ,et al. ARPKI:Attack resilient public-key infrastructure[C]// Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security. 2014: 382-393.
[20]	CHEN J , YAO S , YUAN Q ,et al. Checks and balances:a tripartite public key infrastructure for secure Web-based connections[C]// IEEE INFOCOM 2017-IEEE Conference on Computer Communications. 2017: 1-9.

Metrics

Recommended 0

No Suggested Reading articles found!

区块结构	可信度列表	双计数布隆过滤器	BcCert证书
TB-PKI协议	具备	具备	具备
比特币	不具备	不具备	不具备

阶段	耗时	起始时刻	终止时刻
证书申请	8 103	0	8 103
共识阶段	5 001	44	5 045
查询阶段	90	8 013	8 103

阶段	耗时	起始时刻	终止时刻
证书更新	8 379	0	8 379
共识阶段	5 970	163	6 133
查询阶段	99	8 280	8 379

阶段	耗时	起始时刻	终止时刻
证书吊销	7 562	0	7 562
共识阶段	5 020	103	5 123
查询阶段	23	7 539	7 562

Blockchain-based high transparent PKI authentication protocol

RichHTML

PDF下载

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 9

References 20

Related Articles 15

Metrics

Recommended 0

[1]	Zhao CAI, Tao JING, Shuang REN. Survey on Ethereum phishing detection technology [J]. Chinese Journal of Network and Information Security, 2023, 9(2): 21-32.
[2]	Heli WANG, Qiao YAN. Selfish mining detection scheme based on the characters of transactions [J]. Chinese Journal of Network and Information Security, 2023, 9(2): 104-114.
[3]	Beiyuan YU, Shanyao REN, Jianwei LIU. Overview of blockchain assets theft attacks and defense technology [J]. Chinese Journal of Network and Information Security, 2023, 9(1): 1-17.
[4]	Fei TANG, Ning GAN, Xianggui YANG, Jinyang WANG. Anti malicious KGC certificateless signature scheme based on blockchain and domestic cryptographic SM9 [J]. Chinese Journal of Network and Information Security, 2022, 8(6): 9-19.
[5]	Dan LIN, Kaixin LIN, Jiajing WU, Zibin ZHENG. Bytecode-based approach for Ethereum smart contract classification [J]. Chinese Journal of Network and Information Security, 2022, 8(5): 111-120.
[6]	Wenbo ZHANG, Simin CHEN, Lifei WEI, Wei SONG, Dongmei HUANG. State-of-the-art survey of smart contract verification based on formal methods [J]. Chinese Journal of Network and Information Security, 2022, 8(4): 12-28.
[7]	Feng LIU, Jie YANG, Jiayin QI. Survey on blockchain privacy protection techniques in cryptography [J]. Chinese Journal of Network and Information Security, 2022, 8(4): 29-44.
[8]	Xiaoling SONG, Yong LIU, Jingnan DONG, Yongfei HUANG. Application and prospect of blockchain in Metaverse [J]. Chinese Journal of Network and Information Security, 2022, 8(4): 45-65.
[9]	Lin JIN, Youliang TIAN. Multi-authority attribute hidden for electronic medical record sharing scheme based on blockchain [J]. Chinese Journal of Network and Information Security, 2022, 8(4): 66-76.
[10]	Pengkun JIANG, Wenyin ZHANG, Jiuru WANG, Shanyun HUANG, Wanshui SONG. Blockchain covert communication scheme based on the cover of normal transactions [J]. Chinese Journal of Network and Information Security, 2022, 8(4): 77-86.
[11]	Jianlin NIU, Zhiyu REN, Xuehui DU. Cross-domain authentication scheme based on consortium blockchain [J]. Chinese Journal of Network and Information Security, 2022, 8(3): 123-133.
[12]	Baoqin ZHAI, Jian WANG, Lei HAN, Jiqiang LIU, Jiahao HE, Tianhao LIU. Hierarchical proxy consensus optimization for IoV based on blockchain and trust value [J]. Chinese Journal of Network and Information Security, 2022, 8(3): 142-153.
[13]	Jiaren YU, Youliang TIAN, Hui LIN. Design of miner type identification mechanism based on reputation management model [J]. Chinese Journal of Network and Information Security, 2022, 8(1): 128-138.
[14]	Zhensheng GAO, Lifeng CAO, Xuehui DU. Research progress of access control based on blockchain [J]. Chinese Journal of Network and Information Security, 2021, 7(6): 68-87.
[15]	Guanqun YANG, Yin LIU, Hao XU, Hongwei XING, Jianhui ZHANG, Entang LI. Credible distributed identity authentication system of microgrid based on blockchain [J]. Chinese Journal of Network and Information Security, 2021, 7(6): 88-98.