PBCert: Privacy-Preserving Blockchain-Based Certificate Status Validation Toward Mass Storage Management

Yao, S; Chen, J; He, K; Du, R; Zhu, T; Chen, X

PBCert: Privacy-Preserving Blockchain-Based Certificate Status Validation Toward Mass Storage Management

Yao, S Chen, J He, K Du, R Zhu, T

Chen, X

Permalink

Publication Type:: Journal Article
Citation:: IEEE Access, 2019, 7 pp. 6117 - 6128
Issue Date:: 2019-01-01

Open Access

Copyright Clearance Process

Recently Added
In Progress
Open Access

This item is open access.

Adobe PDF

Download Published VersionAdobe PDF (13.44 MB)

View on publisher's site

View statistics

Full metadata record

Field	Value	Language
dc.contributor.author	Yao, S	en_US
dc.contributor.author	Chen, J	en_US
dc.contributor.author	He, K	en_US
dc.contributor.author	Du, R	en_US
dc.contributor.author	Zhu, T https://orcid.org/0000-0003-3411-7947	en_US
dc.contributor.author	Chen, X	en_US
dc.date.issued	2019-01-01	en_US
dc.identifier.citation	IEEE Access, 2019, 7 pp. 6117 - 6128	en_US
dc.identifier.uri	http://hdl.handle.net/10453/132445
dc.description.abstract	© 2013 IEEE. In the recent years, the vulnerabilities of conventional public key infrastructure are exposed by the real-world attacks, such as the certificate authority's single-point-of-failure or clients' private information leakage. Aimed at the first issue, one type of approach is that multiple entities are introduced to assist the certificate operations, including registration, update, and revocation. However, it is inefficient in computation. Another type is to make the certificate information publicly visible by bringing in the log servers. Nevertheless, the data synchronization among log servers may lead to network latency. Based on the second approach, the blockchain-based public key infrastructure schemes are proposed. Through these type of schemes, all the certificate operations are stored in the blockchain for public audit. However, the issue of revoked certificates' status storage is worth paying attention, especially in the setting with massive certificates. In addition, the target web server that a client wants to access is exposed in the process of certificate status validation. In this paper, we propose a privacy-preserving blockchain-based certificate status validation scheme called PBCert to solve these two issues. First, we separate the revoked certificates control and storage plane. Only the minimal control information (namely, certificate hashes and related operation block height) is stored in the blockchain and it uses external data stores for the detailed information about all revoked certificates. Second, we design an obscure response to the clients' certificate status query for the purpose of privacy preserving. Through the security analysis and experiment evaluation, our scheme is significant in practice.	en_US
dc.relation.ispartof	IEEE Access	en_US
dc.relation.isbasedon	10.1109/ACCESS.2018.2889898	en_US
dc.title	PBCert: Privacy-Preserving Blockchain-Based Certificate Status Validation Toward Mass Storage Management	en_US
dc.type	Journal Article
utslib.citation.volume	7	en_US
utslib.for	08 Information and Computing Sciences	en_US
utslib.for	09 Engineering	en_US
utslib.for	10 Technology	en_US
pubs.embargo.period	Not known	en_US
pubs.organisational-group	/University of Technology Sydney
pubs.organisational-group	/University of Technology Sydney/Faculty of Engineering and Information Technology
utslib.copyright.status	open_access
pubs.publication-status	Published	en_US
pubs.volume	7	en_US

Abstract:

© 2013 IEEE. In the recent years, the vulnerabilities of conventional public key infrastructure are exposed by the real-world attacks, such as the certificate authority's single-point-of-failure or clients' private information leakage. Aimed at the first issue, one type of approach is that multiple entities are introduced to assist the certificate operations, including registration, update, and revocation. However, it is inefficient in computation. Another type is to make the certificate information publicly visible by bringing in the log servers. Nevertheless, the data synchronization among log servers may lead to network latency. Based on the second approach, the blockchain-based public key infrastructure schemes are proposed. Through these type of schemes, all the certificate operations are stored in the blockchain for public audit. However, the issue of revoked certificates' status storage is worth paying attention, especially in the setting with massive certificates. In addition, the target web server that a client wants to access is exposed in the process of certificate status validation. In this paper, we propose a privacy-preserving blockchain-based certificate status validation scheme called PBCert to solve these two issues. First, we separate the revoked certificates control and storage plane. Only the minimal control information (namely, certificate hashes and related operation block height) is stored in the blockchain and it uses external data stores for the detailed information about all revoked certificates. Second, we design an obscure response to the clients' certificate status query for the purpose of privacy preserving. Through the security analysis and experiment evaluation, our scheme is significant in practice.

Please use this identifier to cite or link to this item:

http://hdl.handle.net/10453/132445