A public-key infrastructure (PKI) gives us the ability to use machine identities in an asynchronous procedure to sign, encrypt, and subsequently verify information. A certificate authority (CA) serves as an intermediary for these transactions and guarantees the authenticity of the public key, making it possible for a recipient of data to validate the transaction’s content.
Although the CAs who generate keys and certificates for machine identities are designated as trusted third-parties, security researchers argue that in fact they are “corruptible central points of failure”, capable of compromising the integrity and security of the entire Internet. Since the control of the communication identifiers is given to CAs, the usability of those identifiers can also be compromised. These issues with corruptibility and usability cause additional problems, such as the increased corporate expenditures for fighting security breaches caused by misbehaving CAs, the lack of web-wide support of HTTPS and the absence of a truly secure and user-friendly communication.
In addition, PKIs have shortcomings, such as the insufficient identity verification process and the time and effort required to respond to CA misbehavior. The certificate revocation list (CRL) check can be based on an outdated list due to inadequate update cycle. Or the CRL/OCSP check can be disabled resulting in revoked certificates not being detected. The CRL distribution point (CDP) may become a single point of failure.
Finally, the security of online communications can be undermined because of the complexity of using traditional management for keys and certificates, which is further complicated by the risk of coercion or compromise of a CA. Because of these dangers, users who do not adequately protect their machine identities cannot be certain that their communications are not being compromised by a fraudulent certificate allowing a MITM (Man-in-the-Middle) attack.
One of the sources of these problems may be the centralized nature of PKI, which prevents the entities represented by these identifiers from truly controlling them, making it possible for third-parties to compromise their security.
The Internet Engineering Task Force (IETF) responsible for Web PKI itself has created a memo describing current issues of PKI agreeing that the current implementation of Web PKI has problems that shouldn’t be ignored. The out-of-date PKI design poses high security risks because a single point of failure can be used to open any encrypted online communication. Centralized PKI systems are struggling to keep up with the evolving digital landscape and there is a need for a better designed, decentralized approach to PKIs.
The above problems raise the question: Could these inadequacies be compensated for with blockchain technology? What do signatures, encryption, and entire PKIs have to do with the blockchain? The two basic functions of a blockchain are to authenticate or process transactions in a distributed network securely, and without a master node. That sounds quite similar to the purpose of a PKI. So, it is worthy of further investigation.
Blockchain is a distributed database of transactions (ledger) that maintains a growing list of records (blocks). Each entry in the list is linked to a previous entry (blockchain). This results in a so-called hash-tree or hash-calendar. As a rule, the list is distributed and publicly visible, i.e. neither confidential nor centralized.
Blockchain has a unique combination of properties that make it suitable for a number of applications: it is decentralized (it is controlled through majority consensus of members), and the transaction record is reliable (events recorded in the past cannot be altered without consensus of a majority of the network’s mining power). Proposed and existing applications include smart contracts, reputation systems and IoT device interactions. In theory, blockchain provides desirable security properties for PKI: certificate transparency and revocation, elimination of central points of failure and a reliable transaction record.
Building decentralized PKIs using blockchain removes the potential points-of-failure created by the use of CAs which, if subverted, can compromise entire certificate chains. Furthermore, blockchain-based PKI, as a public append-only log, provides the certificate transparency (CT) property implemented by Google to improve CA-based PKI security through public logging and monitoring of certificates.
Approaches to Blockchain-Based PKI
A key characteristic of a PKI is the certified identification of people and organizations who have been issued a certificate for a key. At the moment, this is a service that the blockchain cannot easily provide although proposed workarounds exist, such as:
Backing Rich Credentials with a Blockchain PKI, by Karen Lewison and Francisco Corella. The researchers are addressing the problem of remote identity proofing. While their approach of implementing PKI on a blockchain with on-chain storage requires the presence of an issuing CA, it comes with many advantages. Revocation checking is performed on the verifier’s local copy of the blockchain without requiring CRLs or OCSP. This proposal solves a longstanding problem of traditional PKIs by not requiring the use of a service that issues certificate revocation lists (CRLs) or responds to online certificate status protocol (OCSP) queries.
PB-PKI: a Privacy-Aware Blockchain-Based PKI, by Louise Axon and Michael Goldsmith, University of Oxford. The researchers argue that existing proposals do not provide the privacy awareness that is required of PKI in certain present and emerging applications. Their research aimed to demonstrate how a blockchain-based PKI can be constructed to provide varying levels of privacy awareness. Although the proposal achieves total anonymity, this comes at some security cost: network members may tamper in the short term with the public keys of others. The security of PB-PKI can be improved by achieving a slightly lower level of privacy through attestation by neighbor groups, who verify key changes at updates.
IKP (Instant Karma PKI) - Turning a PKI Around with Blockchain, by Stephanos Matsumoto of Carnegie Mellon University and Raphael Reischuk of ETH Zurich. The researchers argue that log-based PKI enhancements such as Certificate Transparency do not offer sufficient incentives to logs and monitors, and do not offer any actions that domains can take in response to CA misbehavior. To address this problem, they propose IKP, a blockchain-based PKI enhancement that offers automatic responses to CA misbehavior and incentives for those who help detect misbehavior. Through their research they demonstrate that IKP's decentralized nature and smart contract system allows open participation, offers incentives for vigilance over CAs, enables financial recourse against misbehavior, and that the incentives and increased deterrence offered by IKP are technically and economically viable.
Decentralized Public Key Infrastructure (DPKI) sponsored by Respect Network, PWC, Open Identity Exchange, and Alacrity Software. The researchers argue that the security and usability problems of PKI can be addressed through the use of decentralized key-value datastores, such as blockchains, to create a specification for a Decentralized Public Key Infrastructure (DPKI). The foundational precept of DPKI is that identities belong to the entities they represent. That requires designing a decentralized infrastructure where every identity is controlled not by a trusted third-party, but by its principal owner. The research has demonstrated that DPKI works even on resource-constrained mobile devices, and that it is able to preserve the integrity of identifiers by protecting organizations from private key loss or compromise. DPKI has advantages at each stage of the PKI life cycle. It makes permission-less bootstrapping of online identities possible and provides for the simple creation of stronger SSL certificates.
A big difference between using a PKI and how things work in a typical blockchain revolves around establishing the true identify of participants. PKI assures that a specific person or organization is actually registered as belonging to a specific technical account. On the other hand, the public key of a blockchain account represents an account whose true owner has not been identified beyond a doubt by any authority within the system. Transactions take place anonymously, even though trust in the processing of those transactions themselves is ensured by the system.
The focus of above approaches is on the implementation of a PKI within a blockchain or the functional replication of PKI identity verification for participants. None of the currently known approaches completely eliminates the necessity for a master node of some type. If we remove the requirement for the identification of individuals out of the equation, a traditional blockchain can replicate the signature functionality of a PKI for validating transactions. In addition, it provides the benefit that, with the consensus mechanism, no central CA is required, which considerably reduces the risk of an attack on that vector.