Research Article
BKI: Towards Accountable and Decentralized Public-Key Infrastructure with Blockchain
@INPROCEEDINGS{10.1007/978-3-319-78813-5_33, author={Zhiguo Wan and Zhangshuang Guan and Feng Zhuo and Hequn Xian}, title={BKI: Towards Accountable and Decentralized Public-Key Infrastructure with Blockchain}, proceedings={Security and Privacy in Communication Networks. 13th International Conference, SecureComm 2017, Niagara Falls, ON, Canada, October 22--25, 2017, Proceedings}, proceedings_a={SECURECOMM}, year={2018}, month={4}, keywords={Blockchain PKI Security}, doi={10.1007/978-3-319-78813-5_33} }
- Zhiguo Wan
Zhangshuang Guan
Feng Zhuo
Hequn Xian
Year: 2018
BKI: Towards Accountable and Decentralized Public-Key Infrastructure with Blockchain
SECURECOMM
Springer
DOI: 10.1007/978-3-319-78813-5_33
Abstract
Traditional PKIs face a well-known vulnerability that caused by compromised Certificate Authorities (CA) issuing bogus certificates. Several solutions like AKI and ARPKI have been proposed to address this vulnerability. However, they require complex interactions and synchronization among related entities, and their security has not been validated with wide deployment. We propose an accountable, flexible and efficient decentralized PKI to achieve the same goal using the blockchain technology of Bitcoin, which has been proven to be secure and reliable. The proposed scheme, called BKI, realizes certificate issuance, update and revocation with transactions on a special blockchain that is managed by multiple trusted maintainers. BKI achieves accountability and is easy to check certificate validity, and it is also more secure than centralized PKIs. Moreover, the certificate status update interval of BKI is in seconds, significantly reducing the vulnerability window. In addition, BKI is more flexible than AKI and ARPKI in that the number of required CAs to issue certificates is tunable for different applications. We analyze BKI’s security and performance, and present details on implementation of BKI. Experiments using Ethereum show that certificate issuance/update/revocation cost 2.38 ms/2.39 ms/1.59 ms respectively.