T3AB: Transparent and Trustworthy Third-party Authority using Blockchain

Increasingly, information systems rely on computational, storage, and network resources deployed in third-party facilities or are supported by service providers. Such an approach further exacerbates cybersecurity concerns constantly raised by numerous incidents of security and privacy attacks resulting in data leakage and identity theft, among others. These have in turn forced the creation of stricter security and privacy related regulations and have eroded the trust in cyberspace. In particular, security related services and infrastructures such as Certificate Authorities (CAs) that provide digital certificate service and Third-Party Authorities (TPAs) that provide cryptographic key services, are critical components for establishing trust in Internet enabled applications and services. To address such trust issues, various transparency frameworks and approaches have been recently proposed in the literature. In this paper, we propose a Transparent and Trustworthy TPA using Blockchain (T 3AB) to provide transparency and accountability to the trusted third-party entities, such as honest-but-curious third-party IaaS servers, and coordinators in various privacy-preserving machine learning (PPML) approaches. T 3AB employs the Ethereum blockchain as the underlying public ledger and also includes a novel smart contract to automate accountability with an incentive mechanism that motivates participants’ to participate in auditing, and punishes unintentional or malicious behaviors. We implement T 3AB, and show through experimental evaluation in the Ethereum official test network, Rinkeby, that the framework is efficient. We also formally show the security guarantee provided by T 3AB, and analyze the privacy guarantee and trustworthiness it provides.

[1]  Morris J. Dworkin,et al.  SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions , 2015 .

[2]  Mihir Bellare,et al.  Interactive Message-Locked Encryption and Secure Deduplication , 2015, Public Key Cryptography.

[3]  Mark Ryan,et al.  Enhanced Certificate Transparency and End-to-End Encrypted Mail , 2014, NDSS.

[4]  Dan Boneh,et al.  Certificate Transparency with Privacy , 2017, Proc. Priv. Enhancing Technol..

[5]  J. Joshi,et al.  Trustworthy and Transparent Third-party Authority , 2020, ACM Trans. Internet Techn..

[6]  Jing Chen,et al.  CertChain: Public and Efficient Certificate Audit Based on Blockchain for TLS Connections , 2018, IEEE INFOCOM 2018 - IEEE Conference on Computer Communications.

[7]  Arno Fiedler,et al.  Certificate transparency , 2014, Commun. ACM.

[8]  Melissa Chase,et al.  Transparency Overlays and Applications , 2016, IACR Cryptol. ePrint Arch..

[9]  Ralph Holz,et al.  A First Look at Certification Authority Authorization (CAA) , 2018, CCRV.

[10]  Chao Li,et al.  CryptoNN: Training Neural Networks over Encrypted Data , 2019, 2019 IEEE 39th International Conference on Distributed Computing Systems (ICDCS).

[11]  Francis Bach,et al.  Partially Encrypted Deep Learning using Functional Encryption , 2019, NeurIPS.

[12]  Michael J. Freedman,et al.  CONIKS: Bringing Key Transparency to End Users , 2015, USENIX Security Symposium.

[13]  Brent Waters,et al.  Functional Encryption: Definitions and Challenges , 2011, TCC.

[14]  Ralf Sasse,et al.  Design, Analysis, and Implementation of ARPKI: An Attack-Resilient Public-Key Infrastructure , 2016, IEEE Transactions on Dependable and Secure Computing.

[15]  Brent Waters,et al.  Practical constructions and new proof methods for large universe attribute-based encryption , 2013, CCS.

[16]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[17]  Runhua Xu,et al.  HybridAlpha: An Efficient Approach for Privacy-Preserving Federated Learning , 2019, AISec@CCS.

[18]  Ze Wang,et al.  Blockchain-Based Certificate Transparency and Revocation Transparency , 2018, IEEE Transactions on Dependable and Secure Computing.

[19]  Christopher Krügel,et al.  Cloud Strife: Mitigating the Security Risks of Domain-Validated Certificates , 2018, NDSS.

[20]  Mark Ryan,et al.  DECIM: Detecting Endpoint Compromise In Messaging , 2018, IEEE Transactions on Information Forensics and Security.

[21]  Dario Fiore,et al.  Multi-Input Functional Encryption for Inner Products: Function-Hiding Realizations and Constructions without Pairings , 2018, IACR Cryptol. ePrint Arch..

[22]  Douglas Stebila,et al.  Secure Logging Schemes and Certificate Transparency , 2016, ESORICS.

[23]  Angelo De Caro,et al.  Simple Functional Encryption Schemes for Inner Products , 2015, IACR Cryptol. ePrint Arch..

[24]  Daniel Davis Wood,et al.  ETHEREUM: A SECURE DECENTRALISED GENERALISED TRANSACTION LEDGER , 2014 .

[25]  Alfred Menezes,et al.  The Elliptic Curve Digital Signature Algorithm (ECDSA) , 2001, International Journal of Information Security.

[26]  Nishant Doshi,et al.  Improving Security in Multi Authority Attribute Based Encryption with Fast Decryption , 2016 .

[27]  Changyu Dong,et al.  Betrayal, Distrust, and Rationality: Smart Counter-Collusion Contracts for Verifiable Cloud Computing , 2017, CCS.

[28]  Deepak Kumar,et al.  Tracking Certificate Misissuance in the Wild , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[29]  Melissa Chase,et al.  FAME: Fast Attribute-based Message Encryption , 2017, CCS.

[30]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[31]  David Pointcheval,et al.  Reading in the Dark: Classifying Encrypted Digits with Functional Encryption , 2018, IACR Cryptol. ePrint Arch..