A carregar...
Publicação
Blockchain-Enabled DPKI Framework
| Nome: | Descrição: | Tamanho: | Formato: | |
|---|---|---|---|---|
| 1.91 MB | Adobe PDF |
Autores
Orientador(es)
Resumo(s)
Public Key Infrastructures (PKIs), which rely on digital signature technology and establishment
of trust and security association parameters between entities, allow entities
to interoperate with authentication proofs, using standardized digital certificates (with
X.509v3 as the current reference). Despite PKI technology being used by many applications
for their security foundations (e.g. WEB/HTTPS/TLS, Cloud-Enabled Services,
LANs/WLANs Security, VPNs, IP-Security), there are several concerns regarding their
inherent design assumptions based on a centralized trust model.
To avoid some problems and drawbacks that emerged from the centralization assumptions,
a Decentralized Public Key Infrastructure (DPKI), is an alternative approach. The
main idea for DPKIs is the ability to establish trust relations between all parties, in a
web-of-trust model, avoiding centralized authorities and related root-of-trust certificates.
As a possible solution for DPKI frameworks, the Blockchain technology, as an enabler
solution, can help overcome some of the identified PKI problems and security drawbacks.
Blockchain-enabled DPKIs can be designed to address a fully decentralized ledger for
managed certificates, providing data-replication with strong consistency guarantees, and
fairly distributed trust management properties founded on a P2P trust model. In this
approach, typical PKI functions are supported cooperatively, with validity agreement
based on consistency criteria, for issuing, verification and revocation of X509v3 certificates.
It is also possible to address mechanisms to provide rapid reaction of principals in
the verification of traceable, shared and immutable history logs of state-changes related
to the life-cycle of certificates, with certificate validation rules established consistently by
programmable Smart Contracts executed by peers.
In this dissertation we designed, implemented and evaluated a Blockchain-Enabled
Decentralized Public Key Infrastructure (DPKI) framework, providing an implementation
prototype solution that can be used and to support experimental research. The
proposal is based on a framework instantiating a permissioned collaborative consortium
model, using the service planes supported in an extended Blockchain platform leveraged
by the Hyperledger Fabric (HLF) solution. In our proposed DPKI framework model,
X509v3 certificates are issued and managed following security invariants, processing
rules, managing trust assumptions and establishing consistency metrics, defined and executed in a decentralized way by the Blockchain nodes, using Smart Contracts. Certificates
are issued cooperatively and can be issued with group-oriented threshold-based
Byzantine fault-tolerant (BFT) signatures, as group-oriented authentication proofs. The
Smart Contracts dictate how Blockchain peers participate consistently in issuing, signing,
attestation, validation and revocation processes. Any peer can validate certificates
obtaining their consistent states consolidated in closed blocks in a Meckle tree structure
maintained in the Blockchain. State-transition operations are managed with serializability
guarantees, provided by Byzantine Fault Tolerant (BFT) consensus primitives.
Descrição
Palavras-chave
PKI DPKI Blockchains Distributed Ledger Consortium Blockchains Hyperledger- Fabric (HLF) Platform