Research On Authentication Technology Of PKI Based On Blockchain

After nearly three decades of development,the public key infrastructure(PKI)has become the cornerstone of building trust relationships in the computer field.It can provide a low-cost trustbuilding way in untrusted network.But from a strict security perspective,there are still many problems.For example,excessive power of certificate authority(CA),lack of transparency,complex trust model,etc.In recent years,academia and industry have proposed a variety of solutions to address these issues,with improving transparency being one of the most likely successful directions.Blockchain is the most worthy of research from the perspective of improving the transparency of the certificate because of its openness,transparency,non-tampering,and decentralization.This paper focuses on the consensus mechanism in the blockchain.Based on the practical byzantine fault tolerant(PBFT),a threshold signature practical byzantine fault tolerant(TS-PBFT)consensus mechanism is proposed.There are three major innovations.The first is to reduce the communication cost by joining threshold signature technology.The second is to combine a reward and punishment mechanism in the master node election of the view change protocol to increase the supervision.The third is to design the dual-mode consensus protocol which can improve the performance of the consensus mechanism when the malicious nodes are litter.Using TS-PBFT can greatly improve the efficiency of the consensus protocol while ensuring the same security as PBFT.Besides,based on audit functions of TS-PBFT,a transparent-advanced blockchain-based public key infrastructure(TB-PKI)is proposed.This protocol is designed to make full use of the audit function.It can use the audit information for the CA to influence the election of the master and limit the authority of the CA.At the same time,it deeply integrates the blockchain in the process of certificate lifecycle management to provide a more complete certificate revocation service.In terms of security,TB-PKI has stronger security than the traditional PKI.In terms of performance,TB-PKI also has certain advantages in the performance of the TLS / SSL handshake protocol.Finally,to solve the problem of cross-domain authentication in the PKI,a blockchain-based alliance trust model cross-domain authentication mechanism(BATM-CAM)is proposed.In BATMCAM,the original trust model is retained for the domain.For the inter-domains,the root CAs in each trust domain is formed into a alliance.By default,all members in the alliance establish a trust relationship directly,eliminating the previous peer-to-peer method,thereby simplifying the trust model.BATM-CAM achieves a better balance in terms of security and theoretical performance than other blockchain-based PKI cross-domain authentication mechanism.