Blockchain-Enabled DPKI Framework

Public Key Infrastructures (PKIs), which rely on digital signature technology and establishment of trust and security association parameters between entities, allow entities to interoperate with authentication proofs, using standardized digital certificates (with X.509v3 as the current reference). Despite PKI technology being used by many applications for their security foundations (e.g. WEB/HTTPS/TLS, Cloud-Enabled Services, LANs/WLANs Security, VPNs, IP-Security), there are several concerns regarding their inherent design assumptions based on a centralized trust model. To avoid some problems and drawbacks that emerged from the centralization assumptions, a Decentralized Public Key Infrastructure (DPKI), is an alternative approach. The main idea for DPKIs is the ability to establish trust relations between all parties, in a web-of-trust model, avoiding centralized authorities and related root-of-trust certificates. As a possible solution for DPKI frameworks, the Blockchain technology, as an enabler solution, can help overcome some of the identified PKI problems and security drawbacks. Blockchain-enabled DPKIs can be designed to address a fully decentralized ledger for managed certificates, providing data-replication with strong consistency guarantees, and fairly distributed trust management properties founded on a P2P trust model. In this approach, typical PKI functions are supported cooperatively, with validity agreement based on consistency criteria, for issuing, verification and revocation of X509v3 certificates. It is also possible to address mechanisms to provide rapid reaction of principals in the verification of traceable, shared and immutable history logs of state-changes related to the life-cycle of certificates, with certificate validation rules established consistently by programmable Smart Contracts executed by peers. In this dissertation we designed, implemented and evaluated a Blockchain-Enabled Decentralized Public Key Infrastructure (DPKI) framework, providing an implementation prototype solution that can be used and to support experimental research. The proposal is based on a framework instantiating a permissioned collaborative consortium model, using the service planes supported in an extended Blockchain platform leveraged by the Hyperledger Fabric (HLF) solution. In our proposed DPKI framework model, X509v3 certificates are issued and managed following security invariants, processing rules, managing trust assumptions and establishing consistency metrics, defined and executed in a decentralized way by the Blockchain nodes, using Smart Contracts. Certificates are issued cooperatively and can be issued with group-oriented threshold-based Byzantine fault-tolerant (BFT) signatures, as group-oriented authentication proofs. The Smart Contracts dictate how Blockchain peers participate consistently in issuing, signing, attestation, validation and revocation processes. Any peer can validate certificates obtaining their consistent states consolidated in closed blocks in a Meckle tree structure maintained in the Blockchain. State-transition operations are managed with serializability guarantees, provided by Byzantine Fault Tolerant (BFT) consensus primitives

IDMoB: IoT Data Marketplace on Blockchain

Today, Internet of Things (IoT) devices are the powerhouse of data generation with their ever-increasing numbers and widespread penetration. Similarly, artificial intelligence (AI) and machine learning (ML) solutions are getting integrated to all kinds of services, making products significantly more "smarter". The centerpiece of these technologies is "data". IoT device vendors should be able keep up with the increased throughput and come up with new business models. On the other hand, AI/ML solutions will produce better results if training data is diverse and plentiful. In this paper, we propose a blockchain-based, decentralized and trustless data marketplace where IoT device vendors and AI/ML solution providers may interact and collaborate. By facilitating a transparent data exchange platform, access to consented data will be democratized and the variety of services targeting end-users will increase. Proposed data marketplace is implemented as a smart contract on Ethereum blockchain and Swarm is used as the distributed storage platform.Comment: Presented at Crypto Valley Conference on Blockchain Technology (CVCBT 2018), 20-22 June 2018 - published version may diffe

Beyond the Hype: On Using Blockchains in Trust Management for Authentication

Trust Management (TM) systems for authentication are vital to the security of online interactions, which are ubiquitous in our everyday lives. Various systems, like the Web PKI (X.509) and PGP's Web of Trust are used to manage trust in this setting. In recent years, blockchain technology has been introduced as a panacea to our security problems, including that of authentication, without sufficient reasoning, as to its merits.In this work, we investigate the merits of using open distributed ledgers (ODLs), such as the one implemented by blockchain technology, for securing TM systems for authentication. We formally model such systems, and explore how blockchain can help mitigate attacks against them. After formal argumentation, we conclude that in the context of Trust Management for authentication, blockchain technology, and ODLs in general, can offer considerable advantages compared to previous approaches. Our analysis is, to the best of our knowledge, the first to formally model and argue about the security of TM systems for authentication, based on blockchain technology. To achieve this result, we first provide an abstract model for TM systems for authentication. Then, we show how this model can be conceptually encoded in a blockchain, by expressing it as a series of state transitions. As a next step, we examine five prevalent attacks on TM systems, and provide evidence that blockchain-based solutions can be beneficial to the security of such systems, by mitigating, or completely negating such attacks.Comment: A version of this paper was published in IEEE Trustcom. http://ieeexplore.ieee.org/document/8029486

Decentralized trust in the inter-domain routing infrastructure

Inter-domain routing security is of critical importance to the Internet since it prevents unwanted traffic redirections. The current system is based on a Public Key Infrastructure (PKI), a centralized repository of digital certificates. However, the inherent centralization of such design creates tensions between its participants and hinders its deployment. In addition, some technical drawbacks of PKIs delay widespread adoption. In this paper we present IPchain, a blockchain to store the allocations and delegations of IP addresses. IPchain leverages blockchains' properties to decentralize trust among its participants, with the final goal of providing flexible trust models that adapt better to the ever-changing geopolitical landscape. Moreover, we argue that Proof of Stake is a suitable consensus algorithm for IPchain due to the unique incentive structure of this use-case, and that blockchains offer relevant technical advantages when compared to existing systems, such as simplified management. In order to show its feasibility and suitability, we have implemented and evaluated IPchain's performance and scalability storing around 350k IP prefixes in a 2.5 GB chain.Peer ReviewedPostprint (published version

A Decentralized Trust Management System for Intelligent Transportation Environments

Commercialized 5G technology will provide reliable and efficient connectivity of motor vehicles that could support the dissemination of information under an intelligent transportation system. However, such service still suffers from risks or threats due to malicious content producers. The traditional public key infrastructure (PKI) cannot restrain such untrusted but legitimate publishers. Therefore, a trust-based service management mechanism is required to secure information dissemination. The issue of how to achieve a trust management model becomes a key problem in the situation. This paper proposes a novel prototype of the decentralized trust management system (DTMS) based on blockchain technologies. Compared with the conventional and centralized trust management system, DTMS adopts a decentralized consensus-based trust evaluation model and a blockchain-based trust storage system, which provide a transparent evaluation procedure and irreversible storage of trust credits. Moreover, the proposed trust model improves blockchain efficiency by only allowing trusted nodes participating in the validation and consensus process. Additionally, the designed system creatively applies a trusted execution environment (TEE) to secure the trust evaluation process together with an incentive model that is used to stimulate more participation and penalize malicious behaviours. Finally, to evaluate our new design prototype, both numerical analysis and practical experiments are implemented for performance evaluation