The X.509 standard and PKI ecosystem we use sits in the core of the confidentiality and integrity services on the internet. The X.509 ecosystem as we use has many structural flaws which can be abused by malicious parties to generate and use fake certificates in various man-in-the-middle attacks. In this thesis, we present the ConsensusPKI, a public blockchain supported data-driven PKI that addresses all known structural flaws of the X.509 standard. The certificates in the ConsensusPKI does not carry signatures, but it carries Merkle proofs which can be validated during the protocol handshake. The PBFT based consensus algorithms serve to detect non-honest or faulty CAs without the need to interrupt the end user communication. The ConsensusPKI has no trust and requires verification of the public keys each time it is interpreted. In ConsensusPKI, CAs conduct completely different role without explicit trust. A CA in the ConsensusPKI is an entity that never lies. All processes and the data model of the ConsensusPKI are built on this simple principle. The certificate issuance process of the ConsensusPKI is entirely transparent and rigorous verification process that guarantees that the requestors of the certificate issuance to have full control over the subject. To the best of our knowledge, the thesis introduces the following four new structures to the literature:

 

a) the use of the Merkle proofs instead of signatures in the certificate files,

b) the use of Practical Byzantines Fault Tolerance algorithm during interpretation of the certificates,

c) the use of leading root blockchain to manage the data retention for blockchains,

d) the use of consensus algorithms verifying identities to issue certificates. 

 

READ PDF

 

 

  • A cybersecurity information sharing process for Storm Su...
    Master CS/Jeroen Gaiser
    >
  • A cybersecurity info...
    Master CS/Jeroen Gaiser
    >
  • A cybersecurity information sharing process for Storm Su...
    Master CS/Jeroen Gaiser
    >
  • Can NL trust 5G?
    Master CS/Farley Wazir
    >
  • Can NL trust 5G?
    Master CS/Farley Wazir
    >
  • Can NL trust 5G?
    Master CS/Farley Wazir
    >
  • ConsensusPKI. Data driven public key ecosystem backed by...
    Master CS/Volkan Kaya
    >
  • ConsensusPKI. Data d...
    Master CS/Volkan Kaya
    >
  • ConsensusPKI. Data driven public key ecosystem backed by...
    Master CS/Volkan Kaya
    >
  • Evaluating server-side internet proxy detection methods
    Master CS/Hans Hoogstraaten
    >
  • Evaluating server-si...
    Master CS/Hans Hoogstraaten
    >
  • Evaluating server-side internet proxy detection methods
    Master CS/Hans Hoogstraaten
    >
  • Fake news, or framed news, that is the question
    Master CS/Elserike Looije
    >
  • Fake news, or framed...
    Master CS/Elserike Looije
    >
  • Fake news, or framed news, that is the question
    Master CS/Elserike Looije
    >
  • Fighting in the fifth dimension
    Master CS/John van Veenhuizen
    >
  • Fighting in the fift...
    Master CS/John van Veenhuizen
    >
  • Fighting in the fifth dimension
    Master CS/John van Veenhuizen
    >
  • Managing risks in the cyber realm: From a traditional to...
    Master CS/Emma Meines
    >
  • Managing risks in th...
    Master CS/Emma Meines
    >
  • Managing risks in the cyber realm: From a traditional to...
    Master CS/Emma Meines
    >
  • Multi-stakeholder roadmap for implementing consumer vuln...
    Master CS/Hinko Bastiaanse
    >
  • Multi-stakeholder ro...
    Master CS/Hinko Bastiaanse
    >
  • Multi-stakeholder roadmap for implementing consumer vuln...
    Master CS/Hinko Bastiaanse
    >
  • Public Private Partnership in the French National Cyber...
    Master CS/René Marchal
    >
  • Public Private Partn...
    Master CS/René Marchal
    >
  • Public Private Partnership in the French National Cyber...
    Master CS/René Marchal
    >
  • Public-Private Partnerships in Indian Industrial IoT.
    Master CS/Chandrasekhar Muppiri
    >
  • Public-Private Partn...
    Master CS/Chandrasekhar Muppiri
    >
  • Public-Private Partnerships in Indian Industrial IoT.
    Master CS/Chandrasekhar Muppiri
    >
  • The Design of a Risk Management Framework for Machine Le...
    Master CS/Antony Hibbert
    >
  • The Design of a Risk...
    Master CS/Antony Hibbert
    >
  • The Design of a Risk Management Framework for Machine Le...
    Master CS/Antony Hibbert
    >