Visible to the public ScalaCert: Scalability-Oriented PKI with Redactable Consortium Blockchain Enabled "On-Cert" Certificate Revocation

TitleScalaCert: Scalability-Oriented PKI with Redactable Consortium Blockchain Enabled "On-Cert" Certificate Revocation
Publication TypeConference Paper
Year of Publication2022
AuthorsLuo, Xinyi, Xu, Zhuo, Xue, Kaiping, Jiang, Qiantong, Li, Ruidong, Wei, David
Conference Name2022 IEEE 42nd International Conference on Distributed Computing Systems (ICDCS)
Keywords5G mobile communication, authentication, blockchains, Certificate Revocation, compositionality, consortium Blockchain, data structures, Performance analysis, PKI system, pubcrawl, Public key, redactable blockchain, Scalability, security scalability
AbstractAs the voucher for identity, digital certificates and the public key infrastructure (PKI) system have always played a vital role to provide the authentication services. In recent years, with the increase in attacks on traditional centralized PKIs and the extensive deployment of blockchains, researchers have tried to establish blockchain-based secure decentralized PKIs and have made significant progress. Although blockchain enhances security, it brings new problems in scalability due to the inherent limitations of blockchain's data structure and consensus mechanism, which become much severe for the massive access in the era of 5G and B5G. In this paper, we propose ScalaCert to mitigate the scalability problems of blockchain-based PKIs by utilizing redactable blockchain for "on-cert" revocation. Specifically, we utilize the redactable blockchain to record revocation information directly on the original certificate ("on-cert") and remove additional data structures such as CRL, significantly reducing storage overhead. Moreover, the combination of redactable and consortium blockchains brings a new kind of attack called deception of versions (DoV) attack. To defend against it, we design a random-block-node-check (RBNC) based freshness check mechanism. Security and performance analyses show that ScalaCert has sufficient security and effectively solves the scalability problem of the blockchain-based PKI system.
DOI10.1109/ICDCS54860.2022.00121
Citation Keyluo_scalacert_2022