PADVA: A Blockchain-Based TLS Notary Service

The TLS protocol is a de facto standard of secure client-server communication on the Internet. Unfortunately, the public-key infrastructure (PKI) deployed by TLS is a weakest-link system introducing hundreds of links (i.e., trusted entities). Consequently, an adversary compromising a single trusted...

Celý popis

Uložené v:
Podrobná bibliografia
Vydané v:2019 IEEE 25th International Conference on Parallel and Distributed Systems (ICPADS) s. 836 - 843
Hlavný autor: Szalachowski, Pawel
Médium: Konferenčný príspevok..
Jazyk:English
Vydavateľské údaje: IEEE 01.12.2019
Predmet:
blockchain
Blockchains
certificate
Ecosystems
Internet
Monitoring
Next generation networking
Proposals
Public key
Servers
Smart contracts
tls
tls notary
On-line prístup:Získať plný text
Tagy: Pridať tag
Žiadne tagy, Buďte prvý, kto otaguje tento záznam!
Popis
Shrnutí:The TLS protocol is a de facto standard of secure client-server communication on the Internet. Unfortunately, the public-key infrastructure (PKI) deployed by TLS is a weakest-link system introducing hundreds of links (i.e., trusted entities). Consequently, an adversary compromising a single trusted entity can impersonate any website. Notary systems, based on multi-path probing, were early and promising proposals to detect and prevent such attacks. Unfortunately, despite their benefits, they are not widely deployed, mainly due to their long-standing unresolved problems. In this paper, we present Persistent and Accountable Domain Validation (PADVA), which is a next-generation blockchain-based TLS notary service. PADVA keeps notaries auditable and accountable, introduces service-level agreements and mechanisms to enforce them, relaxes availability requirements for notaries, and works with the legacy TLS ecosystem. We implemented and evaluated PADVA, and our experiments indicate its efficiency and deployability.
DOI:10.1109/ICPADS47876.2019.00124