PADVA: A Blockchain-Based TLS Notary Service

The TLS protocol is a de facto standard of secure client-server communication on the Internet. Unfortunately, the public-key infrastructure (PKI) deployed by TLS is a weakest-link system introducing hundreds of links (i.e., trusted entities). Consequently, an adversary compromising a single trusted...

Celý popis

Uloženo v:
Podrobná bibliografie
Vydáno v:2019 IEEE 25th International Conference on Parallel and Distributed Systems (ICPADS) s. 836 - 843
Hlavní autor: Szalachowski, Pawel
Médium: Konferenční příspěvek
Jazyk:angličtina
Vydáno: IEEE 01.12.2019
Témata:
blockchain
Blockchains
certificate
Ecosystems
Internet
Monitoring
Next generation networking
Proposals
Public key
Servers
Smart contracts
tls
tls notary
On-line přístup:Získat plný text
Tagy: Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
Popis
Shrnutí:The TLS protocol is a de facto standard of secure client-server communication on the Internet. Unfortunately, the public-key infrastructure (PKI) deployed by TLS is a weakest-link system introducing hundreds of links (i.e., trusted entities). Consequently, an adversary compromising a single trusted entity can impersonate any website. Notary systems, based on multi-path probing, were early and promising proposals to detect and prevent such attacks. Unfortunately, despite their benefits, they are not widely deployed, mainly due to their long-standing unresolved problems. In this paper, we present Persistent and Accountable Domain Validation (PADVA), which is a next-generation blockchain-based TLS notary service. PADVA keeps notaries auditable and accountable, introduces service-level agreements and mechanisms to enforce them, relaxes availability requirements for notaries, and works with the legacy TLS ecosystem. We implemented and evaluated PADVA, and our experiments indicate its efficiency and deployability.
DOI:10.1109/ICPADS47876.2019.00124