A blockchain-based certificate revocation management and status verification system

Yves Christian Elloh Adja, Badis Hammi, Ahmed Serhrouchni, Sherali Zeadally

Research output: Contribution to journalArticlepeer-review

34 Scopus citations

Abstract

Revocation management is one of the main tasks of the Public Key Infrastructure (PKI). It is also critical to the security of any PKI. As a result of the increase in the number and sizes of networks as well as the adoption of novel paradigms such as the Internet of Things and their usage of the web, current revocation mechanisms are vulnerable to single point of failures as the network loads increase. To address this challenge, we take advantage of blockchains power and resiliency in order to propose an efficient decentralized certificates revocation management and status verification system. We use the extension field of the X509 certificate's structure to introduce a field that describes to which distribution point the certificate will belong to if revoked. Each distribution point is represented by a Bloom filter filled with revoked certificates. Bloom filters and revocation information are stored in a public blockchain. We developed a real implementation of our proposed mechanism in Python and the Namecoin blockchain. Then, we conducted an extensive evaluation of our scheme using performance metrics such as execution time and data consumption to demonstrate that it can meet the needed requirements with high efficiency and low cost. Moreover, we compare the performance of our approach with two of the most well-known/used revocation techniques which are Online Certificate Status Protocol (OCSP) and Certificate Revocation List (CRL). The results obtained show that our proposed approach outperforms these current schemes.

Original languageEnglish
Article number102209
JournalComputers and Security
Volume104
DOIs
StatePublished - May 2021

Bibliographical note

Publisher Copyright:
© 2021 Elsevier Ltd

Keywords

  • Authentication
  • Blockchain
  • Bloom filter
  • Certificate
  • Decentralization
  • PKI
  • Revocation
  • Security
  • X509

ASJC Scopus subject areas

  • General Computer Science
  • Law

Fingerprint

Dive into the research topics of 'A blockchain-based certificate revocation management and status verification system'. Together they form a unique fingerprint.

Cite this