9,260 research outputs found
Blockchain-Enabled DPKI Framework
Public Key Infrastructures (PKIs), which rely on digital signature technology and establishment
of trust and security association parameters between entities, allow entities
to interoperate with authentication proofs, using standardized digital certificates (with
X.509v3 as the current reference). Despite PKI technology being used by many applications
for their security foundations (e.g. WEB/HTTPS/TLS, Cloud-Enabled Services,
LANs/WLANs Security, VPNs, IP-Security), there are several concerns regarding their
inherent design assumptions based on a centralized trust model.
To avoid some problems and drawbacks that emerged from the centralization assumptions,
a Decentralized Public Key Infrastructure (DPKI), is an alternative approach. The
main idea for DPKIs is the ability to establish trust relations between all parties, in a
web-of-trust model, avoiding centralized authorities and related root-of-trust certificates.
As a possible solution for DPKI frameworks, the Blockchain technology, as an enabler
solution, can help overcome some of the identified PKI problems and security drawbacks.
Blockchain-enabled DPKIs can be designed to address a fully decentralized ledger for
managed certificates, providing data-replication with strong consistency guarantees, and
fairly distributed trust management properties founded on a P2P trust model. In this
approach, typical PKI functions are supported cooperatively, with validity agreement
based on consistency criteria, for issuing, verification and revocation of X509v3 certificates.
It is also possible to address mechanisms to provide rapid reaction of principals in
the verification of traceable, shared and immutable history logs of state-changes related
to the life-cycle of certificates, with certificate validation rules established consistently by
programmable Smart Contracts executed by peers.
In this dissertation we designed, implemented and evaluated a Blockchain-Enabled
Decentralized Public Key Infrastructure (DPKI) framework, providing an implementation
prototype solution that can be used and to support experimental research. The
proposal is based on a framework instantiating a permissioned collaborative consortium
model, using the service planes supported in an extended Blockchain platform leveraged
by the Hyperledger Fabric (HLF) solution. In our proposed DPKI framework model,
X509v3 certificates are issued and managed following security invariants, processing
rules, managing trust assumptions and establishing consistency metrics, defined and executed in a decentralized way by the Blockchain nodes, using Smart Contracts. Certificates
are issued cooperatively and can be issued with group-oriented threshold-based
Byzantine fault-tolerant (BFT) signatures, as group-oriented authentication proofs. The
Smart Contracts dictate how Blockchain peers participate consistently in issuing, signing,
attestation, validation and revocation processes. Any peer can validate certificates
obtaining their consistent states consolidated in closed blocks in a Meckle tree structure
maintained in the Blockchain. State-transition operations are managed with serializability
guarantees, provided by Byzantine Fault Tolerant (BFT) consensus primitives
IDMoB: IoT Data Marketplace on Blockchain
Today, Internet of Things (IoT) devices are the powerhouse of data generation
with their ever-increasing numbers and widespread penetration. Similarly,
artificial intelligence (AI) and machine learning (ML) solutions are getting
integrated to all kinds of services, making products significantly more
"smarter". The centerpiece of these technologies is "data". IoT device vendors
should be able keep up with the increased throughput and come up with new
business models. On the other hand, AI/ML solutions will produce better results
if training data is diverse and plentiful.
In this paper, we propose a blockchain-based, decentralized and trustless
data marketplace where IoT device vendors and AI/ML solution providers may
interact and collaborate. By facilitating a transparent data exchange platform,
access to consented data will be democratized and the variety of services
targeting end-users will increase. Proposed data marketplace is implemented as
a smart contract on Ethereum blockchain and Swarm is used as the distributed
storage platform.Comment: Presented at Crypto Valley Conference on Blockchain Technology (CVCBT
2018), 20-22 June 2018 - published version may diffe
Beyond the Hype: On Using Blockchains in Trust Management for Authentication
Trust Management (TM) systems for authentication are vital to the security of
online interactions, which are ubiquitous in our everyday lives. Various
systems, like the Web PKI (X.509) and PGP's Web of Trust are used to manage
trust in this setting. In recent years, blockchain technology has been
introduced as a panacea to our security problems, including that of
authentication, without sufficient reasoning, as to its merits.In this work, we
investigate the merits of using open distributed ledgers (ODLs), such as the
one implemented by blockchain technology, for securing TM systems for
authentication. We formally model such systems, and explore how blockchain can
help mitigate attacks against them. After formal argumentation, we conclude
that in the context of Trust Management for authentication, blockchain
technology, and ODLs in general, can offer considerable advantages compared to
previous approaches. Our analysis is, to the best of our knowledge, the first
to formally model and argue about the security of TM systems for
authentication, based on blockchain technology. To achieve this result, we
first provide an abstract model for TM systems for authentication. Then, we
show how this model can be conceptually encoded in a blockchain, by expressing
it as a series of state transitions. As a next step, we examine five prevalent
attacks on TM systems, and provide evidence that blockchain-based solutions can
be beneficial to the security of such systems, by mitigating, or completely
negating such attacks.Comment: A version of this paper was published in IEEE Trustcom.
http://ieeexplore.ieee.org/document/8029486
Decentralized trust in the inter-domain routing infrastructure
Inter-domain routing security is of critical importance to the Internet since it prevents unwanted traffic redirections. The current system is based on a Public Key Infrastructure (PKI), a centralized repository of digital certificates. However, the inherent centralization of such design creates tensions between its participants and hinders its deployment. In addition, some technical drawbacks of PKIs delay widespread adoption. In this paper we present IPchain, a blockchain to store the allocations and delegations of IP addresses. IPchain leverages blockchains' properties to decentralize trust among its participants, with the final goal of providing flexible trust models that adapt better to the ever-changing geopolitical landscape. Moreover, we argue that Proof of Stake is a suitable consensus algorithm for IPchain due to the unique incentive structure of this use-case, and that blockchains offer relevant technical advantages when compared to existing systems, such as simplified management. In order to show its feasibility and suitability, we have implemented and evaluated IPchain's performance and scalability storing around 350k IP prefixes in a 2.5 GB chain.Peer ReviewedPostprint (published version
A Decentralized Trust Management System for Intelligent Transportation Environments
Commercialized 5G technology will provide reliable and efficient connectivity of motor vehicles that could support the dissemination of information under an intelligent transportation system. However, such service still suffers from risks or threats due to malicious content producers. The traditional public key infrastructure (PKI) cannot restrain such untrusted but legitimate publishers. Therefore, a trust-based service management mechanism is required to secure information dissemination. The issue of how to achieve a trust management model becomes a key problem in the situation. This paper proposes a novel prototype of the decentralized trust management system (DTMS) based on blockchain technologies. Compared with the conventional and centralized trust management system, DTMS adopts a decentralized consensus-based trust evaluation model and a blockchain-based trust storage system, which provide a transparent evaluation procedure and irreversible storage of trust credits. Moreover, the proposed trust model improves blockchain efficiency by only allowing trusted nodes participating in the validation and consensus process. Additionally, the designed system creatively applies a trusted execution environment (TEE) to secure the trust evaluation process together with an incentive model that is used to stimulate more participation and penalize malicious behaviours. Finally, to evaluate our new design prototype, both numerical analysis and practical experiments are implemented for performance evaluation
- …