Abstract
Recently, a number of projects (both from academia and industry) have examined decentralized public key infrastructures (PKI) based on blockchain technology. These projects vary in scope from fullfledged domain name systems accompanied by a PKI to simpler transparency systems that augment the current HTTPS PKI. In this paper, we start by articulating, in a way we have not seen before, why this approach is more than a complementary composition of technologies, but actually a new and useful paradigm for thinking about who is actually authoritative over PKI information in the web certificate model. We then consider what smart contracts could add to the web certificate model, if we move beyond using a blockchain as passive, immutable (subject to consensus) store of data—as is the approach taken by projects like Blockstack. To illustrate the potential, we develop and experiment with an Ethereum-based web certificate model we call Ghazal, discuss different design decisions, and analyze deployment costs.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Ethereum development tutorial ethereum/wiki wiki. https://github.com/ethereum/wiki/wiki/Ethereum-Development-Tutorial. Accessed 12 July 2017
git.eff.org git - sovereign-keys.git/blob - sovereign-key-design.txt. https://git.eff.org/?p=sovereign-keys.git;a=blob;f=sovereign-key-design.txt;hb=HEAD. Accessed 10 Jan 2018
Godaddy owns up to role in epic twitter account hijacking—pcworld. https://www.pcworld.com/article/2093100/godaddy-owns-up-to-role-in-twitter-account-hijacking-incident.html. Accessed 13 Feb 2018
Home. http://www.ethereum-alarm-clock.com/. Accessed 29 Dec 2017
Al-Bassam, M.: SCPKI: a smart contract-based PKI and identity system. In: Proceedings of the ACM Workshop on Blockchain, Cryptocurrencies and Contracts, pp. 35–40. ACM (2017)
Ali, M., Nelson, J.C., Shea, R., Freedman, M.J.: Blockstack: a global naming and storage system secured by blockchains. In: USENIX Annual Technical Conference, pp. 181–194 (2016)
Axon, L., Goldsmith, M.: PB-PKI: a privacy-aware blockchain-based PKI (2016)
Basin, D., Cremers, C., Kim, T.H.-J., Perrig, A., Sasse, R., Szalachowski, P.: ARPKI: attack resilient public-key infrastructure. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 382–393. ACM (2014)
Bonneau, J.: EthIKS: using ethereum to audit a CONIKS key transparency log. In: Clark, J., Meiklejohn, S., Ryan, P.Y.A., Wallach, D., Brenner, M., Rohloff, K. (eds.) FC 2016. LNCS, vol. 9604, pp. 95–105. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53357-4_7
Buterin, V., et al.: A next-generation smart contract and decentralized application platform. White paper (2014)
Chase, M., Meiklejohn, S.: Transparency overlays and applications. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 168–179. ACM (2016)
Clark, J., van Oorschot, P.: SSL and HTTPS: revisiting past challenges and evaluating certificate trust model enhancements. In: IEEE S&P (2013)
Durumeric, Z., Kasten, J., Bailey, M., Halderman, J.A.: Analysis of the https certificate ecosystem. In: IMC (2013)
Fromknecht, C., Velicanu, D., Yakoubov, S.: Certcoin: a namecoin based decentralized authentication system 6.857 class project (2014)
Hardjono, T., Pentland, A.S.: Verifiable anonymous identities and access control in permissioned blockchains (2016)
Holz, R., Braun, L., Kammenhuber, N., Carle, G.: The SSL landscape: a thorough analysis of the X.509 PKI using active and passive measurements. In: IMC (2011)
Kalodner, H.A., Carlsten, M., Ellenbogen, P., Bonneau, J., Narayanan, A.: An empirical study of namecoin and lessons for decentralized namespace design. In: WEIS (2015)
Laurie, B.: Certificate transparency. Queue 12(8), 10 (2014)
Liu, D., Hao, S., Wang, H.: All your DNS records point to us: understanding the security threats of dangling DNS records. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 1414–1425. ACM (2016)
Luu, L., Chu, D.-H., Olickel, H., Saxena, P., Hobor, A.: Making smart contracts smarter. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 254–269. ACM (2016)
Marlinspike, M.: SSL and the future of authenticity. In: Black Hat, USA (2011)
Matsumoto, S., Reischuk, R.M.: IKP: Turning a PKI around with blockchains. IACR Cryptology ePrint Archive, 2016:1018 (2016)
Melara, M.S., Blankstein, A., Bonneau, J., Felten, E.W., Freedman, M.J.: Coniks: bringing key transparency to end users. In: USENIX Security Symposium, pp. 383–398 (2015)
Myers, M.: Revocatoin: options and challenges. In: Hirchfeld, R. (ed.) FC 1998. LNCS, vol. 1465, pp. 165–171. Springer, Heidelberg (1998). https://doi.org/10.1007/BFb0055480
Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system (2008)
Son, S., Shmatikov, V.: The Hitchhiker’s guide to DNS cache poisoning. In: Jajodia, S., Zhou, J. (eds.) SecureComm 2010. LNICST, vol. 50, pp. 466–483. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-16161-2_27
Syta, E., et al.: Keeping authorities “honest or bust” with decentralized witness cosigning. In: 2016 IEEE Symposium on Security and Privacy (SP), pp. 526–545. IEEE (2016)
Szabo, N.: Formalizing and securing relationships on public networks. First Monday 2(9) (1997)
Topalovic, E., Saeta, B., Huang, L.-S., Jackson, C., Boneh, D.: Towards short-lived certificates. In: Web 2.0 Security and Privacy (2012)
Wendlandt, D., Andersen, D.G., Perrig, A.: Perspectives: improving SSH-style host authentication with multi-path probing. In: USENIX Annual Tech (2008)
Wood, G.: Ethereum: a secure decentralised generalised transaction ledger. Ethereum Project Yellow Paper, 151 (2014)
Zusman, M.: Criminal charges are not pursued: hacking PKI. DEFCON 17 (2009)
Acknowledgements
J. Clark thanks NSERC, FRQNT, and the Office of the Privacy Commissioner of Canada for funding that supported this research.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 International Financial Cryptography Association
About this paper
Cite this paper
Moosavi, S., Clark, J. (2019). Ghazal: Toward Truly Authoritative Web Certificates Using Ethereum. In: Zohar, A., et al. Financial Cryptography and Data Security. FC 2018. Lecture Notes in Computer Science(), vol 10958. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-58820-8_24
Download citation
DOI: https://doi.org/10.1007/978-3-662-58820-8_24
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-58819-2
Online ISBN: 978-3-662-58820-8
eBook Packages: Computer ScienceComputer Science (R0)