{"title":"Blockchain-based Certificate Management with Multi-Party Authentication","authors":"Lei Xu, Xue Song, Jipeng Hou, Liehuang Zhu","doi":"10.1109/ICICT58900.2023.00042","DOIUrl":null,"url":null,"abstract":"The authenticity and reliability of user identity are the premise of secure network communication. Public key infrastructure (PKI) issues certificates through certificate authority (CA) and provides users with secure identity management services. In traditional PKI systems, the CA is given much power, and the compromise of CA will lead to a single point of failure. How to prevent the CA from issuing fraudulent certificates has become a vital issue. In this paper, we propose a blockchain-based certificate management scheme. The proposed scheme separates the identity verification process from certificate issuance, and distributes the verification task to multiple registration authorities (RAs). This can prevent the attacker from issuing fraudulent certificates by controlling one CA or RA. Besides, the proposed scheme requires the subject of a certificate to store information about the certificate on the blockchain. Only if the corresponding record can be found on the blockchain, the certificate will be considered validate. As a result, the impersonation attack can be prevented. Simulation results demonstrate that the proposed certificate management scheme is feasible.","PeriodicalId":425057,"journal":{"name":"2023 6th International Conference on Information and Computer Technologies (ICICT)","volume":"86 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2023 6th International Conference on Information and Computer Technologies (ICICT)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICICT58900.2023.00042","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
The authenticity and reliability of user identity are the premise of secure network communication. Public key infrastructure (PKI) issues certificates through certificate authority (CA) and provides users with secure identity management services. In traditional PKI systems, the CA is given much power, and the compromise of CA will lead to a single point of failure. How to prevent the CA from issuing fraudulent certificates has become a vital issue. In this paper, we propose a blockchain-based certificate management scheme. The proposed scheme separates the identity verification process from certificate issuance, and distributes the verification task to multiple registration authorities (RAs). This can prevent the attacker from issuing fraudulent certificates by controlling one CA or RA. Besides, the proposed scheme requires the subject of a certificate to store information about the certificate on the blockchain. Only if the corresponding record can be found on the blockchain, the certificate will be considered validate. As a result, the impersonation attack can be prevented. Simulation results demonstrate that the proposed certificate management scheme is feasible.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
