PADVA: A Blockchain-Based TLS Notary Service

The TLS protocol is a de facto standard of secure client-server communication on the Internet. Unfortunately, the public-key infrastructure (PKI) deployed by TLS is a weakest-link system introducing hundreds of links (i.e., trusted entities). Consequently, an adversary compromising a single trusted...

Full description

Saved in:
Bibliographic Details
Published in:2019 IEEE 25th International Conference on Parallel and Distributed Systems (ICPADS) pp. 836 - 843
Main Author: Szalachowski, Pawel
Format: Conference Proceeding
Language:English
Published: IEEE 01.12.2019
Subjects:
blockchain
Blockchains
certificate
Ecosystems
Internet
Monitoring
Next generation networking
Proposals
Public key
Servers
Smart contracts
tls
tls notary
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:The TLS protocol is a de facto standard of secure client-server communication on the Internet. Unfortunately, the public-key infrastructure (PKI) deployed by TLS is a weakest-link system introducing hundreds of links (i.e., trusted entities). Consequently, an adversary compromising a single trusted entity can impersonate any website. Notary systems, based on multi-path probing, were early and promising proposals to detect and prevent such attacks. Unfortunately, despite their benefits, they are not widely deployed, mainly due to their long-standing unresolved problems. In this paper, we present Persistent and Accountable Domain Validation (PADVA), which is a next-generation blockchain-based TLS notary service. PADVA keeps notaries auditable and accountable, introduces service-level agreements and mechanisms to enforce them, relaxes availability requirements for notaries, and works with the legacy TLS ecosystem. We implemented and evaluated PADVA, and our experiments indicate its efficiency and deployability.
DOI:10.1109/ICPADS47876.2019.00124