Skip to main content
SpringerLink
Log in

Ghazal: Toward Truly Authoritative Web Certificates Using Ethereum

  • Conference paper
  • First Online:
Financial Cryptography and Data Security (FC 2018)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10958))

Included in the following conference series:

Abstract

Recently, a number of projects (both from academia and industry) have examined decentralized public key infrastructures (PKI) based on blockchain technology. These projects vary in scope from fullfledged domain name systems accompanied by a PKI to simpler transparency systems that augment the current HTTPS PKI. In this paper, we start by articulating, in a way we have not seen before, why this approach is more than a complementary composition of technologies, but actually a new and useful paradigm for thinking about who is actually authoritative over PKI information in the web certificate model. We then consider what smart contracts could add to the web certificate model, if we move beyond using a blockchain as passive, immutable (subject to consensus) store of data—as is the approach taken by projects like Blockstack. To illustrate the potential, we develop and experiment with an Ethereum-based web certificate model we call Ghazal, discuss different design decisions, and analyze deployment costs.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://github.com/mahsamoosavi/Ghazal.

  2. 2.

    https://ethstats.net/.

  3. 3.

    https://coinmarketcap.com/.

References

  1. Ethereum development tutorial ethereum/wiki wiki. https://github.com/ethereum/wiki/wiki/Ethereum-Development-Tutorial. Accessed 12 July 2017

  2. git.eff.org git - sovereign-keys.git/blob - sovereign-key-design.txt. https://git.eff.org/?p=sovereign-keys.git;a=blob;f=sovereign-key-design.txt;hb=HEAD. Accessed 10 Jan 2018

  3. Godaddy owns up to role in epic twitter account hijacking—pcworld. https://www.pcworld.com/article/2093100/godaddy-owns-up-to-role-in-twitter-account-hijacking-incident.html. Accessed 13 Feb 2018

  4. Home. http://www.ethereum-alarm-clock.com/. Accessed 29 Dec 2017

  5. Al-Bassam, M.: SCPKI: a smart contract-based PKI and identity system. In: Proceedings of the ACM Workshop on Blockchain, Cryptocurrencies and Contracts, pp. 35–40. ACM (2017)

    Google Scholar 

  6. Ali, M., Nelson, J.C., Shea, R., Freedman, M.J.: Blockstack: a global naming and storage system secured by blockchains. In: USENIX Annual Technical Conference, pp. 181–194 (2016)

    Google Scholar 

  7. Axon, L., Goldsmith, M.: PB-PKI: a privacy-aware blockchain-based PKI (2016)

    Google Scholar 

  8. Basin, D., Cremers, C., Kim, T.H.-J., Perrig, A., Sasse, R., Szalachowski, P.: ARPKI: attack resilient public-key infrastructure. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 382–393. ACM (2014)

    Google Scholar 

  9. Bonneau, J.: EthIKS: using ethereum to audit a CONIKS key transparency log. In: Clark, J., Meiklejohn, S., Ryan, P.Y.A., Wallach, D., Brenner, M., Rohloff, K. (eds.) FC 2016. LNCS, vol. 9604, pp. 95–105. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53357-4_7

    Chapter  Google Scholar 

  10. Buterin, V., et al.: A next-generation smart contract and decentralized application platform. White paper (2014)

    Google Scholar 

  11. Chase, M., Meiklejohn, S.: Transparency overlays and applications. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 168–179. ACM (2016)

    Google Scholar 

  12. Clark, J., van Oorschot, P.: SSL and HTTPS: revisiting past challenges and evaluating certificate trust model enhancements. In: IEEE S&P (2013)

    Google Scholar 

  13. Durumeric, Z., Kasten, J., Bailey, M., Halderman, J.A.: Analysis of the https certificate ecosystem. In: IMC (2013)

    Google Scholar 

  14. Fromknecht, C., Velicanu, D., Yakoubov, S.: Certcoin: a namecoin based decentralized authentication system 6.857 class project (2014)

    Google Scholar 

  15. Hardjono, T., Pentland, A.S.: Verifiable anonymous identities and access control in permissioned blockchains (2016)

    Google Scholar 

  16. Holz, R., Braun, L., Kammenhuber, N., Carle, G.: The SSL landscape: a thorough analysis of the X.509 PKI using active and passive measurements. In: IMC (2011)

    Google Scholar 

  17. Kalodner, H.A., Carlsten, M., Ellenbogen, P., Bonneau, J., Narayanan, A.: An empirical study of namecoin and lessons for decentralized namespace design. In: WEIS (2015)

    Google Scholar 

  18. Laurie, B.: Certificate transparency. Queue 12(8), 10 (2014)

    Article  Google Scholar 

  19. Liu, D., Hao, S., Wang, H.: All your DNS records point to us: understanding the security threats of dangling DNS records. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 1414–1425. ACM (2016)

    Google Scholar 

  20. Luu, L., Chu, D.-H., Olickel, H., Saxena, P., Hobor, A.: Making smart contracts smarter. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 254–269. ACM (2016)

    Google Scholar 

  21. Marlinspike, M.: SSL and the future of authenticity. In: Black Hat, USA (2011)

    Google Scholar 

  22. Matsumoto, S., Reischuk, R.M.: IKP: Turning a PKI around with blockchains. IACR Cryptology ePrint Archive, 2016:1018 (2016)

    Google Scholar 

  23. Melara, M.S., Blankstein, A., Bonneau, J., Felten, E.W., Freedman, M.J.: Coniks: bringing key transparency to end users. In: USENIX Security Symposium, pp. 383–398 (2015)

    Google Scholar 

  24. Myers, M.: Revocatoin: options and challenges. In: Hirchfeld, R. (ed.) FC 1998. LNCS, vol. 1465, pp. 165–171. Springer, Heidelberg (1998). https://doi.org/10.1007/BFb0055480

    Chapter  Google Scholar 

  25. Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system (2008)

    Google Scholar 

  26. Son, S., Shmatikov, V.: The Hitchhiker’s guide to DNS cache poisoning. In: Jajodia, S., Zhou, J. (eds.) SecureComm 2010. LNICST, vol. 50, pp. 466–483. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-16161-2_27

    Chapter  Google Scholar 

  27. Syta, E., et al.: Keeping authorities “honest or bust” with decentralized witness cosigning. In: 2016 IEEE Symposium on Security and Privacy (SP), pp. 526–545. IEEE (2016)

    Google Scholar 

  28. Szabo, N.: Formalizing and securing relationships on public networks. First Monday 2(9) (1997)

    Google Scholar 

  29. Topalovic, E., Saeta, B., Huang, L.-S., Jackson, C., Boneh, D.: Towards short-lived certificates. In: Web 2.0 Security and Privacy (2012)

    Google Scholar 

  30. Wendlandt, D., Andersen, D.G., Perrig, A.: Perspectives: improving SSH-style host authentication with multi-path probing. In: USENIX Annual Tech (2008)

    Google Scholar 

  31. Wood, G.: Ethereum: a secure decentralised generalised transaction ledger. Ethereum Project Yellow Paper, 151 (2014)

    Google Scholar 

  32. Zusman, M.: Criminal charges are not pursued: hacking PKI. DEFCON 17 (2009)

    Google Scholar 

Download references

Acknowledgements

J. Clark thanks NSERC, FRQNT, and the Office of the Privacy Commissioner of Canada for funding that supported this research.

Author information

Authors and Affiliations

  1. Concordia University, Montreal, Canada

    Seyedehmahsa Moosavi & Jeremy Clark

Authors
  1. Seyedehmahsa Moosavi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jeremy Clark
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jeremy Clark .

Editor information

Editors and Affiliations

  1. Hebrew University, Jerusalem, Israel

    Aviv Zohar

  2. Technion – Israel Institute of Technology, Haifa, Israel

    Ittay Eyal

  3. University of Melbourne, Parkville, VIC, Australia

    Vanessa Teague

  4. Concordia University, Beaconsfield, QC, Canada

    Jeremy Clark

  5. Computer Science and Mathematics, Stirling University, Stirling, UK

    Andrea Bracciali

  6. Mathematical Institute, University of Oxford, Oxford, UK

    Federico Pintore

  7. Department of Mathematics, University of Trento, Trento, Italy

    Massimiliano Sala

Rights and permissions

Reprints and permissions

Copyright information

© 2019 International Financial Cryptography Association

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Moosavi, S., Clark, J. (2019). Ghazal: Toward Truly Authoritative Web Certificates Using Ethereum. In: Zohar, A., et al. Financial Cryptography and Data Security. FC 2018. Lecture Notes in Computer Science(), vol 10958. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-58820-8_24

Download citation

  • DOI: https://doi.org/10.1007/978-3-662-58820-8_24

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-662-58819-2

  • Online ISBN: 978-3-662-58820-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation