Cargando…
BRT: An Efficient and Scalable Blockchain-Based Revocation Transparency System for TLS Connections
Log-based public key infrastructure(PKI) refers to a robust class of CA-attack-resilient PKI that enhance transparency and accountability in the certificate revocation and issuance process by compelling certificate authorities (CAs) to submit revocations to publicly and verifiably accessible logs. H...
Autores principales: | , , , , , , |
---|---|
Formato: | Online Artículo Texto |
Lenguaje: | English |
Publicado: |
MDPI
2023
|
Materias: | |
Acceso en línea: | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC10649209/ https://www.ncbi.nlm.nih.gov/pubmed/37960516 http://dx.doi.org/10.3390/s23218816 |
Sumario: | Log-based public key infrastructure(PKI) refers to a robust class of CA-attack-resilient PKI that enhance transparency and accountability in the certificate revocation and issuance process by compelling certificate authorities (CAs) to submit revocations to publicly and verifiably accessible logs. However, log-based PKIs suffer from a reliance on centralized and consistent sources of information, rendering them susceptible to split-world attacks, and they regrettably fail to provide adequate incentives for recording or monitoring CA behavior. Blockchain-based PKIs address these limitations by enabling decentralized log audits through automated financial incentives. However, they continue to face challenges in developing a scalable revocation mechanism suited for lightweight clients. In this paper, we introduce BRT, a scalable blockchain-based system for certificate and revocation transparency. It serves to log, audit, and validate the status of certificates within the transport layer security (TLS)/secure sockets layer(SSL) PKI domain. We designed an audit-on-chain framework, coupled with an off-chain storage/computation system, to enhance the efficiency of BRT when operating in a blockchain environment. By implementing a blockchain-based prototype, we demonstrate that BRT achieves storage-efficient log recording with a peak compression rate reaching 8%, cost-effective log updates for large-scale certificates, and near-instantaneous revocation checks for users. |
---|