Research On Security Enhancement Technology For The Blockchain-based PKI

Public Key Infrastructure(PKI)is an important trust infrastructure in cyberspace.At present,PKI has the problem of non transparency of Certification Authority(CA)issuing certificate,and frequent security accidents.With the rise of Cloud Computing,Big Data,Internet of Things and other distributed computing models,the demand of distributed PKI construction is increasingly urgent.Blockchain technology with the characteristics of open consensus,distributed,tamper proof,traceable and programmable provides a feasible way to solve these problems.PKI technology based on blockchain has become an important research direction in the field of blockchain data security.However,in view of the importance of PKI credibility and the technical characteristics of blockchain open consensus,this paper finds that the current blockchain PKI technology has a lack of security,mainly including not considering the credibility of nodes in the chain,the regulatory anonymity requirements of nodes in some applications and the disclosure and protection of privacy information in digital certificates on demand.Therefore,this paper makes an in-depth study on the security issues such as node trust and privacy protection in blockchain PKI,and proposes a series of security enhancement technologies for blockchain PKI,including:1.Propose a Node Trust Mechanism based on Smart Contract.In view of the initial trust problem of the nodes in the process of building blockchain PKI and the behavior trust problem of the nodes in the process of running,this paper proposes a Node Trust Mechanism based on Smart Contract(NTM-SC).This mechanism uses smart contract to set the initial joining conditions of nodes,and ensures that the nodes joining the blockchain PKI have a certain initial trust according to the transitivity of trust.It uses smart contract to realize the automatic detection of illegal digital certificates,the query of node supervision,and the timely discovery of illegal digital certificates on the blockchain,and introduces the forced certificate revocation transaction to realize the forced revocation of illegal certificates,Finally,build the behavior trust of the nodes in the blockchain,and realize the economic rewards and punishments based on the economic characteristics of the blockchain,so as to promote the nodes to maintain their own behavior trust,and build and maintain the open and reliable operation environment of the blockchain PKI system.After analysis,the NTM-SC mechanism is feasible and safe.2.Propose a digital certificate regulatory anonymous management scheme in the BlockchainAiming at the security requirements of anonymous issuance and management of certificatesby nodes in blockchain PKI,a Ring Signature with Multiple Indirect Verifications(RS-MIV)is proposed.Based on the RSA based ring signature mechanism,this mechanism introduces the verification public and private keys bound with the digital certificate to be issued,and adds the signer's identity information to the ring signature.The public key authentication based on challenge response is adopted to ensure the anonymity of signer and realize the multiple verification and indirect confirmation of signer's identity.On this basis,this paper further design a digital certificate regulatory anonymous management scheme,which realizes the anonymous issuance of digital certificates,the verification of anonymous digital certificates on the blockchain and the traceability of the issuer of illegal anonymous digital certificates,and meets the actual needs of the digital certificate regulatory anonymous management.It is proved that the scheme can guarantee anonymity and traceability.Experimental analysis shows that the performance overhead of the scheme is acceptable.3.Propose a Privacy Protection Mechanism of On-demand Disclosure on BlockchainIn view of the protection requirements of on-demand disclosure of privacy information in digital certificates in blockchain PKI,based on the in-depth analysis of the connotation of on-demand disclosure,inspired by the secure multicast communication mechanism,this paper proposes a Privacy Protection Mechanism of On-demand Disclosure on Blockchain(PPM-ODB).By improving the anonymous multi receiver encryption scheme based on RSA,this mechanism binds the privacy information with the identity of the informed person,realizes the one to many encryption and decryption of the privacy information in the certificate,the anonymity protection of the informed person and the traceability of privacy disclosure,and uses the quorum chain privacy protection mechanism to realize the safe and efficient distribution of the key between the certificate subject and the informed person.It has been proved that PPM-ODB mechanism can ensure the confidentiality of privacy information,and in order to obtain a good user experience,it is recommended that the number of informed people be less than 100.It has been proved that PPM-ODB mechanism can guarantee the confidentiality of privacy information,and has advantages over Quorum blockchain in time and storage cost of privacy protection of on-demand disclosure.In order to obtain a good user experience,it is recommended that the number of informed people be less than 100.