TY - GEN
T1 - Blockchain-based Certificate Management with Multi-Party Authentication
AU - Xu, Lei
AU - Song, Xue
AU - Hou, Jipeng
AU - Zhu, Liehuang
N1 - Publisher Copyright:
© 2023 IEEE.
PY - 2023
Y1 - 2023
N2 - The authenticity and reliability of user identity are the premise of secure network communication. Public key infrastructure (PKI) issues certificates through certificate authority (CA) and provides users with secure identity management services. In traditional PKI systems, the CA is given much power, and the compromise of CA will lead to a single point of failure. How to prevent the CA from issuing fraudulent certificates has become a vital issue. In this paper, we propose a blockchain-based certificate management scheme. The proposed scheme separates the identity verification process from certificate issuance, and distributes the verification task to multiple registration authorities (RAs). This can prevent the attacker from issuing fraudulent certificates by controlling one CA or RA. Besides, the proposed scheme requires the subject of a certificate to store information about the certificate on the blockchain. Only if the corresponding record can be found on the blockchain, the certificate will be considered validate. As a result, the impersonation attack can be prevented. Simulation results demonstrate that the proposed certificate management scheme is feasible.
AB - The authenticity and reliability of user identity are the premise of secure network communication. Public key infrastructure (PKI) issues certificates through certificate authority (CA) and provides users with secure identity management services. In traditional PKI systems, the CA is given much power, and the compromise of CA will lead to a single point of failure. How to prevent the CA from issuing fraudulent certificates has become a vital issue. In this paper, we propose a blockchain-based certificate management scheme. The proposed scheme separates the identity verification process from certificate issuance, and distributes the verification task to multiple registration authorities (RAs). This can prevent the attacker from issuing fraudulent certificates by controlling one CA or RA. Besides, the proposed scheme requires the subject of a certificate to store information about the certificate on the blockchain. Only if the corresponding record can be found on the blockchain, the certificate will be considered validate. As a result, the impersonation attack can be prevented. Simulation results demonstrate that the proposed certificate management scheme is feasible.
KW - aggregated signature
KW - blockchain
KW - certificate management
KW - impersonation attack
KW - public key infrastructure
UR - http://www.scopus.com/inward/record.url?scp=85171764146&partnerID=8YFLogxK
U2 - 10.1109/ICICT58900.2023.00042
DO - 10.1109/ICICT58900.2023.00042
M3 - Conference contribution
AN - SCOPUS:85171764146
T3 - Proceedings - 2023 6th International Conference on Information and Computer Technologies, ICICT 2023
SP - 211
EP - 219
BT - Proceedings - 2023 6th International Conference on Information and Computer Technologies, ICICT 2023
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 6th International Conference on Information and Computer Technologies, ICICT 2023
Y2 - 24 March 2023 through 26 March 2023
ER -