Blockchain-Enabled DPKI Framework

Public Key Infrastructures (PKIs), which rely on digital signature technology and establishment of trust and security association parameters between entities, allow entities to interoperate with authentication proofs, using standardized digital certificates (with X.509v3 as the current reference). Despite PKI technology being used by many applications for their security foundations (e.g. WEB/HTTPS/TLS, Cloud-Enabled Services, LANs/WLANs Security, VPNs, IP-Security), there are several concerns regarding their inherent design assumptions based on a centralized trust model. To avoid some problems and drawbacks that emerged from the centralization assumptions, a Decentralized Public Key Infrastructure (DPKI), is an alternative approach. The main idea for DPKIs is the ability to establish trust relations between all parties, in a web-of-trust model, avoiding centralized authorities and related root-of-trust certificates. As a possible solution for DPKI frameworks, the Blockchain technology, as an enabler solution, can help overcome some of the identified PKI problems and security drawbacks. Blockchain-enabled DPKIs can be designed to address a fully decentralized ledger for managed certificates, providing data-replication with strong consistency guarantees, and fairly distributed trust management properties founded on a P2P trust model. In this approach, typical PKI functions are supported cooperatively, with validity agreement based on consistency criteria, for issuing, verification and revocation of X509v3 certificates. It is also possible to address mechanisms to provide rapid reaction of principals in the verification of traceable, shared and immutable history logs of state-changes related to the life-cycle of certificates, with certificate validation rules established consistently by programmable Smart Contracts executed by peers. In this dissertation we designed, implemented and evaluated a Blockchain-Enabled Decentralized Public Key Infrastructure (DPKI) framework, providing an implementation prototype solution that can be used and to support experimental research. The proposal is based on a framework instantiating a permissioned collaborative consortium model, using the service planes supported in an extended Blockchain platform leveraged by the Hyperledger Fabric (HLF) solution. In our proposed DPKI framework model, X509v3 certificates are issued and managed following security invariants, processing rules, managing trust assumptions and establishing consistency metrics, defined and executed in a decentralized way by the Blockchain nodes, using Smart Contracts. Certificates are issued cooperatively and can be issued with group-oriented threshold-based Byzantine fault-tolerant (BFT) signatures, as group-oriented authentication proofs. The Smart Contracts dictate how Blockchain peers participate consistently in issuing, signing, attestation, validation and revocation processes. Any peer can validate certificates obtaining their consistent states consolidated in closed blocks in a Meckle tree structure maintained in the Blockchain. State-transition operations are managed with serializability guarantees, provided by Byzantine Fault Tolerant (BFT) consensus primitives

Quantified vehicles: data, services, ecosystems

Advancing digitalization has shown the potential of so-called Quantified Vehicles for gathering valuable sensor data about the vehicle itself and its environment. Consequently, (vehicle) Data has become an important resource, which can pave the way to (Data-driven) Services. The (Data-driven Service) Ecosystem of actors that collaborate to ultimately generate services, has only shaped up in recent years. This cumulative dissertation summarizes the author's contributions and includes a synopsis as well as 14 peer-reviewed publications, which contribute to answer the three research questions.Die Digitalisierung hat das Potenzial für Quantified Vehicles aufgezeigt, um Sensordaten über das Fahrzeug selbst und seine Umgebung zu sammeln. Folglich sind (Fahrzeug-)Daten zu einer wichtigen Ressource der Automobilindustrie geworden, da sie auch (datengetriebene) Services ermöglichen. Es bilden sich Ökosysteme von Akteuren, die zusammenarbeiten, um letztlich Services zu generieren. Diese kumulative Dissertation fasst die Beiträge des Autors zusammen und enthält eine Synopsis sowie 14 begutachtete Veröffentlichungen, die zur Beantwortung der drei Forschungsfragen beitragen