标题：BKI: Towards accountable and decentralized public-key infrastructure with blockchain
作者：Wan, Zhiguo ;Guan, Zhangshuang ;Zhuo, Feng ;Xian, Hequn
作者机构：[Wan, Zhiguo ;Guan, Zhangshuang ;Zhuo, Feng ] School of Computer Science and Technology, Shandong University, Jinan; Shandong, China;[Xian, Hequn ] Co 更多
会议名称：13th EAI International Conference on Security and Privacy in Communication Networks, SecureComm 2017
会议日期：22 October 2017 through 25 October 2017
来源：Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST
关键词：Blockchain; PKI; Security
摘要：Traditional PKIs face a well-known vulnerability that caused by compromised Certificate Authorities (CA) issuing bogus certificates. Several solutions like AKI and ARPKI have been proposed to address this vulnerability. However, they require complex interactions and synchronization among related entities, and their security has not been validated with wide deployment. We propose an accountable, flexible and efficient decentralized PKI to achieve the same goal using the blockchain technology of Bitcoin, which has been proven to be secure and reliable. The proposed scheme, called BKI, realizes certificate issuance, update and revocation with transactions on a special blockchain that is managed by multiple trusted maintainers. BKI achieves accountability and is easy to check certificate validity, and it is also more secure than centralized PKIs. Moreover, the certificate status update interval of BKI is in seconds, significantly reducing the vulnerability window. In addition, BKI is more flexible than AKI and ARPKI in that the number of required CAs to issue certificates is tunable for different applications. We analyze BKI’s security and performance, and present details on implementation of BKI. Experiments using Ethereum show that certificate issuance/update/revocation cost 2.38 ms/2.39 ms/1.59 ms respectively. © ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2018.