A Comparison of Blockchain-based PKI Implementations

Blockchain technology has recently been proposed by many authors for decentralized key management in the context of Public Key Infrastructures (PKIs). Instead of relying on trusted key servers – centralized or decentralized –, the confirmation and revocation of keys is distributed over a multitude of participants. A pletheora of implementations exist, all of which rely on different properties of blockchains. In this paper, we motivate the most relevant properties of blockchains as well as PKI and how they are linked. Furthermore, we provide an overview of state-of-the-art blockchain-based PKI implementations and compare them with respect to these properties. While all analyzed implementations fullfil the basic requirements of PKIs, we find that (i) privacy is very often neglected; and (ii) only a small subset is evaluated with respect to both, complexity and cost. In order to provide a guideline for future blockchain-based PKI implementations, we conclude with a set of recommendations based on our findings.

[1]  Raphael M. Reischuk,et al.  IKP: Turning a PKI Around with Blockchains , 2016, IACR Cryptol. ePrint Arch..

[2]  Deepak Kumar,et al.  Tracking Certificate Misissuance in the Wild , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[3]  Peter Gutmann,et al.  PKI: It's Not Dead, Just Resting , 2002, Computer.

[4]  Emin Gün Sirer,et al.  Majority is not enough , 2013, Financial Cryptography.

[5]  Louise Axon,et al.  Privacy-awareness in blockchain-based PKI , 2015 .

[6]  Mustafa Al-Bassam SCPKI: A Smart Contract-based PKI and Identity System , 2017 .

[7]  Tuomas Aura,et al.  Turning Trust Around: Smart Contract-Assisted Public Key Infrastructure , 2018, 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE).

[8]  Ze Wang,et al.  Blockchain-Based Certificate Transparency and Revocation Transparency , 2018, IEEE Transactions on Dependable and Secure Computing.

[9]  Zhuming Bi,et al.  New Blockchain-Based Architecture for Service Interoperations in Internet of Things , 2019, IEEE Transactions on Computational Social Systems.

[10]  Eli Ben-Sasson,et al.  Zerocash: Decentralized Anonymous Payments from Bitcoin , 2014, 2014 IEEE Symposium on Security and Privacy.

[11]  Radu State,et al.  BlockPGP: A Blockchain-based Framework for PGP Key Servers , 2020 .

[12]  Andreas Unterweger,et al.  Implementing a blockchain from scratch: why, how, and what we learned , 2019, EURASIP J. Inf. Secur..

[13]  Giuseppe Ateniese,et al.  From Pretty Good to Great: Enhancing PGP Using Bitcoin and the Blockchain , 2015, NSS.

[14]  Stephen B. Wicker,et al.  Vegvisir: A Partition-Tolerant Blockchain for the Internet-of-Things , 2018, 2018 IEEE 38th International Conference on Distributed Computing Systems (ICDCS).

[15]  Russ Housley,et al.  Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile , 2002, RFC.

[16]  Ahmed Serhrouchni,et al.  BCTrust: A decentralized authentication blockchain-based mechanism , 2018, 2018 IEEE Wireless Communications and Networking Conference (WCNC).

[17]  Radu State,et al.  BlockPGP: A Blockchain-Based Framework for PGP Key Servers , 2018, 2018 Sixth International Symposium on Computing and Networking Workshops (CANDARW).

[18]  Germano Caronni,et al.  Walking the Web of trust , 2000, Proceedings IEEE 9th International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WET ICE 2000).

[19]  Zhili Sun,et al.  A blockchain based certificate revocation scheme for vehicular communication systems , 2020, Future Gener. Comput. Syst..

[20]  Arthur Gervais,et al.  Do you Need a Blockchain? , 2018, 2018 Crypto Valley Conference on Blockchain Technology (CVCBT).

[21]  Massimiliano Sala,et al.  On the security of the blockchain BIX protocol and certificates , 2017, 2017 9th International Conference on Cyber Conflict (CyCon).

[22]  Eric Rescorla,et al.  The Transport Layer Security (TLS) Protocol Version 1.2 , 2008, RFC.

[23]  Daniel Davis Wood,et al.  ETHEREUM: A SECURE DECENTRALISED GENERALISED TRANSACTION LEDGER , 2014 .

[24]  Dominik Engel,et al.  Multi-resolution privacy-enhancing technologies for smart metering , 2017, EURASIP J. Inf. Secur..

[25]  Mark Ryan,et al.  Evaluating web PKIs , 2017, IACR Cryptol. ePrint Arch..

[26]  Eric Rescorla,et al.  The Transport Layer Security (TLS) Protocol Version 1.3 , 2018, RFC.

[27]  Jing Chen,et al.  CertChain: Public and Efficient Certificate Audit Based on Blockchain for TLS Connections , 2018, IEEE INFOCOM 2018 - IEEE Conference on Computer Communications.

[28]  Michael Goldsmith,et al.  PB-PKI: A Privacy-aware Blockchain-based PKI , 2017, SECRYPT.

[29]  Dragos Velicanu,et al.  CertCoin : A NameCoin Based Decentralized Authentication System 6 . 857 Class Project , 2014 .

[30]  Radu State,et al.  A blockchain-based PKI management framework , 2018, NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium.

[31]  Xin Liu,et al.  BlockCAM: A Blockchain-Based Cross-Domain Authentication Model , 2018, 2018 IEEE Third International Conference on Data Science in Cyberspace (DSC).

[32]  Enis Karaarslan,et al.  Blockchain Based DNS and PKI Solutions , 2018, IEEE Communications Standards Magazine.

[33]  Haci Ali Mantar,et al.  CertLedger: A New PKI Model with Certificate Transparency Based on Blockchain , 2018, IACR Cryptol. ePrint Arch..

[34]  Satoshi Nakamoto Bitcoin : A Peer-to-Peer Electronic Cash System , 2009 .

[35]  Philip R. Zimmermann,et al.  The official PGP user's guide , 1996 .

[36]  Andreas Unterweger,et al.  Lessons Learned from Implementing a Privacy-Preserving Smart Contract in Ethereum , 2018, 2018 9th IFIP International Conference on New Technologies, Mobility and Security (NTMS).

[37]  Muneeb Ali,et al.  Blockstack: A Global Naming and Storage System Secured by Blockchains , 2016, USENIX Annual Technical Conference.

[38]  Peter Mell,et al.  A Taxonomic Approach to Understanding Emerging Blockchain Identity Management Systems , 2019, ArXiv.

[39]  Max Mühlhäuser,et al.  Beyond the Hype: On Using Blockchains in Trust Management for Authentication , 2017, 2017 IEEE Trustcom/BigDataSE/ICESS.

[40]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[41]  Ronald L. Rivest,et al.  Can We Eliminate Certificate Revocations Lists? , 1998, Financial Cryptography.

[42]  Björn Scheuermann,et al.  Bitcoin and Beyond: A Technical Survey on Decentralized Digital Currencies , 2016, IEEE Communications Surveys & Tutorials.

[43]  Elaine Shi,et al.  Step by Step Towards Creating a Safe Smart Contract: Lessons and Insights from a Cryptocurrency Lab , 2016, Financial Cryptography Workshops.

[44]  Simson L. Garfinkel,et al.  PGP: Pretty Good Privacy , 1994 .

[45]  Clemens Brunner,et al.  SPROOF: A Platform for Issuing and Verifying Documents in a Public Blockchain , 2019, ICISSP.