The Public Key Infrastructure is a critical component of digital communication and it relies on the trustworthiness of Certification Authorities to sign digital certificates, binding a public key with an entity in the digital domain. However, recent incidents have shown that attackers can force Certification Authorities to sign fraudulent certificates, creating a single point of failure in digital communication security. This paper presents VeriCert, a novel solution that mitigates this vulnerability by leveraging the Self Sovereign Identity paradigm and the Blockchain. VeriCert allows web service providers to demonstrate control over their digital certificate information, supporting the verification and management of certificate transparency. VeriCert ensures that the trust, integrity and authenticity of digital certificates are maintained by a blockchain-based registry, without relying on centralized authorities, thereby reducing the risk of fraudulent certificates. A prototype of VeriCert has been implemented using Solidity smart contracts and a dataset consisting of digital certificates from well-known providers has been used to simulate client and web server behaviour during a TLS handshake. Performance evaluations indicate that the overhead required to detect rogue certificates remains below 700 ms for the majority of service providers, even in the event of a compromised Certificate Authority.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

VeriCert: SSL/TLS Certificate Verification Based on Self-sovereign Identity and Blockchain

  • Andrea Giuliani,
  • Andrea De Salve,
  • Paolo Mori,
  • Laura Ricci

摘要

The Public Key Infrastructure is a critical component of digital communication and it relies on the trustworthiness of Certification Authorities to sign digital certificates, binding a public key with an entity in the digital domain. However, recent incidents have shown that attackers can force Certification Authorities to sign fraudulent certificates, creating a single point of failure in digital communication security. This paper presents VeriCert, a novel solution that mitigates this vulnerability by leveraging the Self Sovereign Identity paradigm and the Blockchain. VeriCert allows web service providers to demonstrate control over their digital certificate information, supporting the verification and management of certificate transparency. VeriCert ensures that the trust, integrity and authenticity of digital certificates are maintained by a blockchain-based registry, without relying on centralized authorities, thereby reducing the risk of fraudulent certificates. A prototype of VeriCert has been implemented using Solidity smart contracts and a dataset consisting of digital certificates from well-known providers has been used to simulate client and web server behaviour during a TLS handshake. Performance evaluations indicate that the overhead required to detect rogue certificates remains below 700 ms for the majority of service providers, even in the event of a compromised Certificate Authority.