CertChain: Public and Efficient Certificate Audit Based on Blockchain for TLS Connections
| Title | CertChain: Public and Efficient Certificate Audit Based on Blockchain for TLS Connections |
| Publication Type | Conference Paper |
| Year of Publication | 2018 |
| Authors | Chen, Jing, Yao, Shixiong, Yuan, Quan, He, Kun, Ji, Shouling, Du, Ruiying |
| Conference Name | IEEE INFOCOM 2018 - IEEE Conference on Computer Communications |
| ISBN Number | 978-1-5386-4128-6 |
| Keywords | auditing, blockchain system, blockchain-based public, Certchain, certificate audit service, certificate forward traceability, certificate revocation checking, certificate revocation mechanisms, certification, cryptographic protocols, data consistency, data privacy, data structure, data structures, DCBF, dependability-rank based consensus protocol, dual counting bloom filter, Electronic mail, Human Behavior, log servers, log-based schemes, Metrics, Monitoring, Protocols, pubcrawl, public key cryptography, query processing, resilience, Resiliency, revoked certificates checking, Scalability, security analysis, Servers, SSL connections, SSL Trust Models, system monitoring, telecommunication security, TLS connections |
| Abstract | In recent years, real-world attacks against PKI take place frequently. For example, malicious domains' certificates issued by compromised CAs are widespread, and revoked certificates are still trusted by clients. In spite of a lot of research to improve the security of SSL/TLS connections, there are still some problems unsolved. On one hand, although log-based schemes provided certificate audit service to quickly detect CAs' misbehavior, the security and data consistency of log servers are ignored. On the other hand, revoked certificates checking is neglected due to the incomplete, insecure and inefficient certificate revocation mechanisms. Further, existing revoked certificates checking schemes are centralized which would bring safety bottlenecks. In this paper, we propose a blockchain-based public and efficient audit scheme for TLS connections, which is called Certchain. Specially, we propose a dependability-rank based consensus protocol in our blockchain system and a new data structure to support certificate forward traceability. Furthermore, we present a method that utilizes dual counting bloom filter (DCBF) with eliminating false positives to achieve economic space and efficient query for certificate revocation checking. The security analysis and experimental results demonstrate that CertChain is suitable in practice with moderate overhead. |
| URL | https://ieeexplore.ieee.org/document/8486344 |
| DOI | 10.1109/INFOCOM.2018.8486344 |
| Citation Key | chen_certchain:_2018 |
- revoked certificates checking
- log-based schemes
- Metrics
- Monitoring
- Protocols
- pubcrawl
- public key cryptography
- query processing
- resilience
- Resiliency
- log servers
- Scalability
- Security analysis
- Servers
- SSL connections
- SSL Trust Models
- system monitoring
- telecommunication security
- TLS connections
- data consistency
- blockchain system
- blockchain-based public
- Certchain
- certificate audit service
- certificate forward traceability
- certificate revocation checking
- certificate revocation mechanisms
- certification
- Cryptographic Protocols
- auditing
- data privacy
- data structure
- data structures
- DCBF
- dependability-rank based consensus protocol
- dual counting bloom filter
- Electronic mail
- Human behavior