Security and Privacy in Communication Networks. 13th International Conference, SecureComm 2017, Niagara Falls, ON, Canada, October 22–25, 2017, Proceedings

Research Article

BKI: Towards Accountable and Decentralized Public-Key Infrastructure with Blockchain

Download
502 downloads
  • @INPROCEEDINGS{10.1007/978-3-319-78813-5_33,
        author={Zhiguo Wan and Zhangshuang Guan and Feng Zhuo and Hequn Xian},
        title={BKI: Towards Accountable and Decentralized Public-Key Infrastructure with Blockchain},
        proceedings={Security and Privacy in Communication Networks. 13th International Conference, SecureComm 2017, Niagara Falls, ON, Canada, October 22--25, 2017, Proceedings},
        proceedings_a={SECURECOMM},
        year={2018},
        month={4},
        keywords={Blockchain PKI Security},
        doi={10.1007/978-3-319-78813-5_33}
    }
    
  • Zhiguo Wan
    Zhangshuang Guan
    Feng Zhuo
    Hequn Xian
    Year: 2018
    BKI: Towards Accountable and Decentralized Public-Key Infrastructure with Blockchain
    SECURECOMM
    Springer
    DOI: 10.1007/978-3-319-78813-5_33
Zhiguo Wan1,*, Zhangshuang Guan1,*, Feng Zhuo1,*, Hequn Xian2,*
  • 1: Shandong University
  • 2: Qingdao University
*Contact email: wanzhiguo@sdu.edu.cn, gzs_1994@163.com, 2906719340@qq.com, xianhq@126.com

Abstract

Traditional PKIs face a well-known vulnerability that caused by compromised Certificate Authorities (CA) issuing bogus certificates. Several solutions like AKI and ARPKI have been proposed to address this vulnerability. However, they require complex interactions and synchronization among related entities, and their security has not been validated with wide deployment. We propose an accountable, flexible and efficient decentralized PKI to achieve the same goal using the blockchain technology of Bitcoin, which has been proven to be secure and reliable. The proposed scheme, called BKI, realizes certificate issuance, update and revocation with transactions on a special blockchain that is managed by multiple trusted maintainers. BKI achieves accountability and is easy to check certificate validity, and it is also more secure than centralized PKIs. Moreover, the certificate status update interval of BKI is in seconds, significantly reducing the vulnerability window. In addition, BKI is more flexible than AKI and ARPKI in that the number of required CAs to issue certificates is tunable for different applications. We analyze BKI’s security and performance, and present details on implementation of BKI. Experiments using Ethereum show that certificate issuance/update/revocation cost 2.38 ms/2.39 ms/1.59 ms respectively.