ДЕЦЕНТРАЛІЗОВАНА СИСТЕМА ІДЕНТИФІКАЦІЇ ТА СЕРТИФІКАЦІЇ

This article describes an approach to identification and certification in a decentralized environment. The protocol defines the way to integrate blockchain technology and web-of-trust concepts to create a decentralized public key infrastructure with easy user ID management. The essence of the scheme is to differentiate the entire infrastructure into 2 levels: the level of certification authorities (service providers) that jointly keep track of events related to user certificates; and the level of end users, systems and applications. During creating, updating, and revoking certificates, higher-level members reach a consensus on the confirmation of transactions associated with them, which ensures a higher level of validity of the certificates and synchronization of their status between certification centers. In turn, lower-level members do not need to perform complex verification procedures for a corresponding certificate: unlike the classic X.509 architecture and web-of-trust approach, the maximum number of checks in a chain can be two. An important feature of such a system is its ability to refuse certification centers: in the case of failure and / or compromise of the keys of one certification center, other network members continue to work seamlessly with others, and blockchain technology may make it impossible to add a certificate to a center whose keys have been compromised, because all the events in the system are connected by cryptographic methods. In particular, such a system can be used on the Internet of Things. Each individual sensor must communicate properly with other components of the system as a whole. In order to enable the secure interaction of these components, they must exchange encrypted messages to verify their integrity and authenticity, the provisioning scheme of which is in the described scheme.

[1]  Stephen Farrell Not Reinventing PKI until We Have Something Better , 2011, IEEE Internet Computing.

[2]  Sokratis K. Katsikas,et al.  Public Key Infrastructure, 5th European PKI Workshop: Theory and Practice, EuroPKI 2008, Trondheim, Norway, June 16-17, 2008, Proceedings , 2008, EuroPKI.

[3]  Antonio Lioy,et al.  Public Key Infrastructure: Third European PKI Workshop: Theory and Practice, EuroPKI 2006, Turin, Italy, June 19-20, 2006, Proceedings (Lecture Notes in Computer Science) , 2006 .

[4]  Dave Cooper Implementation Report for the Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile RFC 5280 , 2010 .

[5]  William T. Polk,et al.  6th Annual PKI R&D Workshop "Applications-Driven PKI" Proceedings , 2007 .

[6]  Joshua Davies Implementing SSL / TLS Using Cryptography and PKI , 2011 .

[7]  Carlisle M. Adams,et al.  X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP , 1999, RFC.

[8]  Zhi Jin,et al.  Trust Analysis of Web Services Based on a Trust Ontology , 2007, KSEM.

[9]  Joel M. Strong,et al.  To Trust Or Not To Trust: The Impact Of WebTrust On The Perceived Trustworthiness Of A Web Site , 2011, BIS 2011.

[10]  Bruce Schneier,et al.  Applied cryptography, second edition : protocols, algorithms,and source code in C , 2015 .

[11]  Kateryna Isirova,et al.  Post quantum hash based digital signatures comparative analysis. Features of their implementation and using in public key infrastructure , 2017, 2017 4th International Scientific-Practical Conference Problems of Infocommunications. Science and Technology (PIC S&T).

[12]  Alexandr Kuznetsov,et al.  Code-based key encapsulation mechanisms for post-quantum standardization , 2018, 2018 IEEE 9th International Conference on Dependable Systems, Services and Technologies (DESSERT).

[13]  Sergii Kavun,et al.  Code-based cryptosystems from NIST PQC , 2018, 2018 IEEE 9th International Conference on Dependable Systems, Services and Technologies (DESSERT).

[14]  Y. Stasev,et al.  Asymmetric Code-Theoretical Schemes Constructed with the Use of Algebraic Geometric Codes , 2005 .

[15]  Joshua Davies Implementing SSL/TLS Using Cryptography and PKI: Davies/Implementing SSL , 2010 .

[16]  V. Krasnobayev Method for Realization of Transformations in Public-Key Cryptography , 2007 .

[17]  Ivan Gorbenko,et al.  Anonymous electronic signature method , 2016, 2016 Third International Scientific-Practical Conference Problems of Infocommunications Science and Technology (PIC S&T).

[18]  Z. Zulkifli,et al.  Trust, risk and public key infrastructure model on e-procurement adoption , 2017, 2017 5th International Conference on Cyber and IT Service Management (CITSM).

[19]  Balaji Rajendran Evolution of PKI ecosystem , 2017, 2017 International Conference on Public Key Infrastructure and its Applications (PKIA).

[20]  Kateryna Isirova,et al.  Decentralized public key infrastructure development principles , 2018, 2018 IEEE 9th International Conference on Dependable Systems, Services and Technologies (DESSERT).

[21]  Alexandr Kuznetsov,et al.  Code-based public-key cryptosystems for the post-quantum period , 2017, 2017 4th International Scientific-Practical Conference Problems of Infocommunications. Science and Technology (PIC S&T).

[22]  A. Maeda PKI Solutions for Trusted E-Commerce: Survey of the De Facto Standard Competition in PKI Industries , 2004 .

[23]  A. Kuznetsov,et al.  NIST PQC: CODE-BASED CRYPTOSYSTEMS , 2018, Telecommunications and Radio Engineering.

[24]  Alexandr Kuznetsov,et al.  Code-based electronic digital signature , 2018, 2018 IEEE 9th International Conference on Dependable Systems, Services and Technologies (DESSERT).

[25]  Richard Nicholas,et al.  Internet X.509 Public Key Infrastructure: Certification Path Building , 2005, RFC.

[26]  Jon Callas,et al.  OpenPGP Message Format , 1998, RFC.

[27]  Julita Vassileva,et al.  Improving PGP Web of Trust through the Expansion of Trusted Neighborhood , 2011, 2011 IEEE/WIC/ACM International Conferences on Web Intelligence and Intelligent Agent Technology.

[28]  Viktor Dolgov,et al.  Proposals of using chameleon-signature in Ukrainian prototype of combined PKI , 2010, 2010 International Conference on Modern Problems of Radio Engineering, Telecommunications and Computer Science (TCSET).

[29]  Budi Rahardjo,et al.  Design of a Public Key Infrastructure-based Single Ballot E-Voting System , 2018, 2018 International Conference on Information Technology Systems and Innovation (ICITSI).

[30]  Sean W. Smith,et al.  Extending PKI Interoperability in Computational Grids , 2008, 2008 Eighth IEEE International Symposium on Cluster Computing and the Grid (CCGRID).

[31]  Pierangela Samarati,et al.  Proceedings of the 4th European PKI workshop: Theory and Practice on Public Key Infrastructure: Theory and Practice , 2007 .

[32]  P. Landrock PKI, past, present and future , 2005 .