51 research outputs found
Keeping Authorities "Honest or Bust" with Decentralized Witness Cosigning
The secret keys of critical network authorities - such as time, name,
certificate, and software update services - represent high-value targets for
hackers, criminals, and spy agencies wishing to use these keys secretly to
compromise other hosts. To protect authorities and their clients proactively
from undetected exploits and misuse, we introduce CoSi, a scalable witness
cosigning protocol ensuring that every authoritative statement is validated and
publicly logged by a diverse group of witnesses before any client will accept
it. A statement S collectively signed by W witnesses assures clients that S has
been seen, and not immediately found erroneous, by those W observers. Even if S
is compromised in a fashion not readily detectable by the witnesses, CoSi still
guarantees S's exposure to public scrutiny, forcing secrecy-minded attackers to
risk that the compromise will soon be detected by one of the W witnesses.
Because clients can verify collective signatures efficiently without
communication, CoSi protects clients' privacy, and offers the first
transparency mechanism effective against persistent man-in-the-middle attackers
who control a victim's Internet access, the authority's secret key, and several
witnesses' secret keys. CoSi builds on existing cryptographic multisignature
methods, scaling them to support thousands of witnesses via signature
aggregation over efficient communication trees. A working prototype
demonstrates CoSi in the context of timestamping and logging authorities,
enabling groups of over 8,000 distributed witnesses to cosign authoritative
statements in under two seconds.Comment: 20 pages, 7 figure
Beyond the Hype: On Using Blockchains in Trust Management for Authentication
Trust Management (TM) systems for authentication are vital to the security of
online interactions, which are ubiquitous in our everyday lives. Various
systems, like the Web PKI (X.509) and PGP's Web of Trust are used to manage
trust in this setting. In recent years, blockchain technology has been
introduced as a panacea to our security problems, including that of
authentication, without sufficient reasoning, as to its merits.In this work, we
investigate the merits of using open distributed ledgers (ODLs), such as the
one implemented by blockchain technology, for securing TM systems for
authentication. We formally model such systems, and explore how blockchain can
help mitigate attacks against them. After formal argumentation, we conclude
that in the context of Trust Management for authentication, blockchain
technology, and ODLs in general, can offer considerable advantages compared to
previous approaches. Our analysis is, to the best of our knowledge, the first
to formally model and argue about the security of TM systems for
authentication, based on blockchain technology. To achieve this result, we
first provide an abstract model for TM systems for authentication. Then, we
show how this model can be conceptually encoded in a blockchain, by expressing
it as a series of state transitions. As a next step, we examine five prevalent
attacks on TM systems, and provide evidence that blockchain-based solutions can
be beneficial to the security of such systems, by mitigating, or completely
negating such attacks.Comment: A version of this paper was published in IEEE Trustcom.
http://ieeexplore.ieee.org/document/8029486
Managing Identities Using Blockchains and CoSi
We combine collective signing and blockchains to create a secure and easy-to-use, decentralized SSH-key management system
BlockPKI: An Automated, Resilient, and Transparent Public-Key Infrastructure
This paper describes BlockPKI, a blockchain-based public-key infrastructure
that enables an automated, resilient, and transparent issuance of digital
certificates. Our goal is to address several shortcomings of the current TLS
infrastructure and its proposed extensions. In particular, we aim at reducing
the power of individual certification authorities and make their actions
publicly visible and accountable, without introducing yet another trusted third
party. To demonstrate the benefits and practicality of our system, we present
evaluation results and describe our prototype implementation.Comment: Workshop on Blockchain and Sharing Economy Application
Contour: A Practical System for Binary Transparency
Transparency is crucial in security-critical applications that rely on
authoritative information, as it provides a robust mechanism for holding these
authorities accountable for their actions. A number of solutions have emerged
in recent years that provide transparency in the setting of certificate
issuance, and Bitcoin provides an example of how to enforce transparency in a
financial setting. In this work we shift to a new setting, the distribution of
software package binaries, and present a system for so-called "binary
transparency." Our solution, Contour, uses proactive methods for providing
transparency, privacy, and availability, even in the face of persistent
man-in-the-middle attacks. We also demonstrate, via benchmarks and a test
deployment for the Debian software repository, that Contour is the only system
for binary transparency that satisfies the efficiency and coordination
requirements that would make it possible to deploy today.Comment: International Workshop on Cryptocurrencies and Blockchain Technology
(CBT), 201
SklCoin: Toward a Scalable Proof-of-Stake and Collective Signature Based Consensus Protocol for Strong Consistency in Blockchain
The proof-of-work consensus protocol suffers from two main limitations: waste
of energy and offering only probabilistic guarantees about the status of the
blockchain. This paper introduces SklCoin, a new Byzantine consensus protocol
and its corresponding software architecture. This protocol leverages two ideas:
1) the proof-of-stake concept to dynamically form stake proportionate consensus
groups that represent block miners (stakeholders), and 2) scalable collective
signing to efficiently commit transactions irreversibly. SklCoin has immediate
finality characteristic where all miners instantly agree on the validity of
blocks. In addition, SklCoin supports high transaction rate because of its fast
miner election mechanis
- …