DeepAI AI Chat
Log In Sign Up

Hardening X.509 Certificate Issuance using Distributed Ledger Technology

by   Holger Kinkelin, et al.
Technische Universität München

The security of cryptographic communication protocols that use X.509 certificates depends on the correctness of those certificates. This paper proposes a system that helps to ensure the correct operation of an X.509 certification authority and its registration authorities. We achieve this goal by enforcing a policy-defined, multi-party validation and authorization workflow of certificate signing requests. Besides, our system offers full accountability for this workflow for forensic purposes. As a foundation for our implementation, we leverage the distributed ledger and smart contract framework Hyperledger Fabric. Our implementation inherits the strong tamper-resistance of Fabric which strengthens the integrity of the computer processes that enforce the validation and authorization of the certificate signing request, and of the metadata collected during certificate issuance.


page 1

page 2

page 3

page 4


Privacy-Preserving and Efficient Verification of the Outcome in Genome-Wide Association Studies

Providing provenance in scientific workflows is essential for reproducib...

Towards Simplifying PKI Implementation: Client-Server based Validation of Public Key Certificates

With real-time certificate validation checking, a public-key-using syste...

On the usefulness of linear types for correct nonce use enforcement during compile time

Cryptographic algorithms and protocols often need unique random numbers ...

Bitcoin Trace-Net: Formal Contract Verification at Signing Time

Smart contracting protocols promise to regulate the transfer of cryptocu...

Towards a Secure and Reliable IT-Ecosystem in Seaports

Digitalization in seaports dovetails the IT infrastructure of various ac...

Proactive Provenance Policies for Automatic Cryptographic Data Centric Security

Data provenance analysis has been used as an assistive measure for ensur...

The VACCINE Framework for Building DLP Systems

Conventional Data Leakage Prevention (DLP) systems suffer from the follo...