Public Key Infrastructure Using Blockchain Technology

Public Key Infrastructure (PKI) is a framework for creating a secure connection between the server and the client in an unsecured network. PKI handles public-key and private-key pair generation, distribution, storage, and revocation. PKI prevents unauthorised users and keeps organisational data secure. Conventionally, PKI operates based on public keys and digital certificates issued by a trusted third party, a certification authority (CA). The major drawback of the conventional procedure is that a digital certificate can be maliciously issued by a CA for several reasons and security gets heavily compromised. CA is responsible for issuing a digital certificate and charges the required fees to create a digital certificate. PKI design poses high-security risks because of a single point of failure. The centralised PKI framework requires transparency in issuing certificates, and the verification of revoked certificates is ignored due to incomplete, insecure, and inefficient mechanisms for certificate revocation. Lastly, if the CA is compromised or behaves maliciously, an adversary can perform a man-in-the-middle attack (MITM).

Protecting the client’s information PKI protects the information of the client from malicious parties. PKI is based on asymmetric key cryptography: a public-key and a private key. The public key is accessible to every user who connects with the website. The private key is generated when a connection is established and is used for decrypting the data. PKI technology depends on a combination of private/public keys that are connected in such a way that any data that encrypts the public key can only be decrypted successfully by the owner of the private key. The conventional approach to PKI includes the various components:

• Digital Certificate: A digital certificate is an electronic document that authenticates the ownership of a public key. It enables an individual to exchange data securely over the Internet. These digital certificates are informative, unique to each individual, and impossible to falsify. The X.509 standard defines the most common format for certificates, and the certificates following this format are called X.509, as shown in the figure.

Digital Certificate

• Certificate Authorities: The certification authority is an external trusted party that verifies the identities of entities (such as websites, companies, or individual people) and is responsible for issuing digital certificates in a network. The CA may also manage, revoke, and renew certificates. CA can be either a root CA or an intermediary CA. The root CA issues a certificate to the intermediary CA that allows the intermediary CA to sign certificates on behalf of the root CA. This is called a chain of trust, as shown in the below figure.

A chain of three certificates consisting of a root certificate, and an end-entity certificate.

• Registration Authorities: A Registration Authority (RA) verifies user requests for a digital certificate and informs the certificate authority (CA) to issue the certificate. When the verification is done by the RA, it forwards the request to the CA that passes it to the certificate server (CS). The primary goal of RA is to reduce a load of some functions from the CA to improve scalability. RA is never allowed to issue digital certificates to any entities.
• Validation Authorities: A Validation Authority (VA) is a secure platform that offers a service used to verify the validity of a digital certificate by referring to the list of invalid certificates as per the defined mechanism. VA also confirms that an authorised trusted CA issues the digital certificate.

In PKI, the problem of trust comes from a trusted third party, called a CA. CA is responsible for issuing a digital certificate and charges the required fees to create a digital certificate. The centralised PKIs, such as the CA-based system, have their own security issues and vulnerabilities. Firstly, conventional PKI design poses high-security risks because of a single point of failure. Secondly, the centralised PKI framework requires transparency in issuing certificates, and the verification of revoked certificates is ignored due to incomplete, insecure, and inefficient mechanisms of certificate revocation. Lastly, if the CA is compromised or behaves maliciously, an adversary can perform a man-in-the-middle attack (MITM). We propose a secure and decentralised PKI based on blockchain technology. In the proposed system, the architecture is based on a distributed database that maintains a growing list of records called blocks. A blockchain is a distributed ledger of transactions. The decentralised nature of the PKI framework handles the problem with the CA systems through certificate revocation and eliminating a single point of failure. The trust is established and maintained based on a consensus protocol. By using blockchain technology in the system, decentralised PKI resolves the issues with the PKI system. The conventional approach to PKI supports a trusted centralised infrastructure, as shown in the below figure.

Public Key Infrastructure Architecture

How does Blockchain technology solve issues related to PKI?

A blockchain is a public, immutable ledger with a growing list of records. A block contains a header (generally the hash of the previous block is present), a timestamp, and transaction data. A blockchain is a peer-to-peer decentralised network consisting of full nodes and light nodes. Light nodes store the block headers only while full nodes validate and propagate new transactions and store a copy of the blockchain. Each transaction is generally formed as:

• (Msg, Signature) trx
• (PK_Sender, Receiver, data) Msg
• SignPR_sender (H (M)) = Signature

In our conventional PKI, major issues arise in certificate revocation and validation processes. CAS have complete authority to revoke a domain certificate and provide appropriate revocation services. If CAs are compromised, then revoked certificates will be approved by the browser. Browsers rarely verify the revocation status of the certificate using OCSP and CRL revocation techniques, that also causes privacy concerns. Another security concern is client trust key management. Clients (e.g. web browsers) trust public key certificates or some other entities for successful certificate validation. In the case of an attack, the deletion of root certificates/keys from all the clients’ trusted key stores brings a burden and causes vulnerability. If an adversary can add a fake but valid CA certificate to the trusted certificate store of a client, the adversary can easily execute a man-in-the-middle (MITM) attack without being detected.

In the following, we explain how blockchain solves these problems easily:

• Certificate revocation and validation process: In the model of PKI, certificate verification is required for each connection establishment phase. In the conventional model of PKI, the burden of verification of certificates lies totally with clients (e.g., web browsers). When certificates are stored in a blockchain, however, the authentication step can only be done once. The validation is done at that time when the certificate is appended to the blockchain using the consensus protocol. Clients/Browsers trust the certificates stored on a blockchain once they obtain the required Merkle proof. The conventional PKI revocation checking process is done by using CRL and OCSP services. CRLs are regularly updated every 5–14 days. It leaves the door open for the attack before the next CRL update. Unless the client can’t download the CRL, then the client must trust the certificate by default. The burden of CRL and OCSP can be eliminated by using blockchain technology. The revocation process becomes more simple and transparent when it is implemented through the blockchain.
• Trust key Store Management: While checking certificates when being appended to the blockchain, trustworthy CA certificates on the blockchain do need to exist. So, these certificates are also stored and managed by the blockchain. Therefore, clients do not need to store as a burden the entire list of trusted CA certificates. The blockchain ensures that the certificates issued by trusted CAs are only appended.

What are our goals?

A new and efficient PKI model is needed to make a digital certificate and its revocation status and process transparent. The following contributions are made to us:

• Provide transparency in the revocation and certificate validation process.
• Removal of the trusted key store in the client (e.g. web browser).

The methodology

A secure and decentralised public key infrastructure based on blockchain technology. In our system, there are three kinds of entities present: As shown in Figure 4, clients (e.g. web browsers), external entities (Domain and Certificate Authorities (CA)), and blockchain entities (Miners) are as shown in Figure 4. Each entity has a unique address on the ethereum blockchain. The process of state change of certificates is initiated by transactions and tracked through smart contracts. A client is an entity that wants to establish a connection with a domain. They are also a light node in the blockchain network and interact with their own peer-to-peer network. Also fetches, validates, and downloads a Merkle state proof from a full node to verify the correctness of a certificate for a domain. A domain is an entity that usually refers to a website that requests a certificate for secure connections. It also generates a transaction to append the received certificate to the blockchain and monitors its validity. In the event of compromise detection, domains create a transaction immediately for the revocation process of their certificate and create another transaction for reporting the attack. CAs essentially have four distinct roles:

• Check the domain identity for the request of a certificate.
• Issue a certificate after successful verification of identity.
• Generate a transaction to add the issued certificate to the blockchain.
• Optionally, create a transaction within the blockchain to modify the revocation status of the certificate.

The client verifies whether the X.509 certificate is issued for the domain, its period of validity and whether Merkle proof corresponding to a blockchain is correct. The client validates the proof of the domain certificate using the state tree hash named Merkle proof, that resides in the block header. During the connection establishment phase, the domain sends a certificate and its Merkle proof to the clients (e.g., web browsers). Clients do not require the certificate to be further validated as this process is already completed while the certificate is appended to the blockchain. Trusted CA certificates are also stored and managed in the blockchain after the verification procedure. By adding the domain certificate to the blockchain, it is validated whether they are issued by one of the trusted CAs, i.e., stored on the blockchain. We introduce the miner to verify the certificate using the consensus protocol. Miners are also responsible for storing the operations in blocks and maintaining the blockchain. Miners choose pending transactions from the pool and then generate new blocks based on the consensus protocol. Miners verify the transaction events on the same network before they are confirmed in an incentivized system. Miners must compete against each other using the proof-of-work consensus algorithm. Using blockchain technology in PKI, the certificate verification, checking and revocation process are getting faster. The blockchain-based PKI model is secured because all the digital certificates are verified by miners before the digital certificate is stored in the blockchain. It eliminates the role and drawbacks of the PKI model without using blockchain technology. With the blockchain-based PKI model, the only authorised digital certificate is recorded in the blockchain by the miners. The verification process of certificates is done by miners, so it removes the shortcoming of a single point of failure.

Public Key Infrastructure using Blockchain

The PKI model based on blockchain technology is designed to make a digital certificate and its revocation process transparent. In this architecture, miners validate every certificate before storing the certificate on the blockchain to avoid double-spending attacks and illegal certificates. This mechanism provides transparency and can be seamlessly accessed without any delay or extra cost. It mitigates the problems with conventional PKI, such as the problems with the rapid revocation of certificates. Such a framework avoids hierarchical architecture’s weaknesses and shortcomings. There are still some areas that need to be addressed. As further development, the efficiency of the system needs to be improved.

Written by: Saumya Bajpai, Blockchain Developer.