Visible to the public Biblio

Found 332 results

Filters: Keyword is telecommunication security  [Clear All Filters]
2019-12-11
Yan-Tao, Zhong.  2018.  Lattice Based Authenticated Key Exchange with Universally Composable Security. 2018 International Conference on Networking and Network Applications (NaNA). :86–90.

The Internet of things (IoT) has experienced rapid development these years, while its security and privacy remains a major challenge. One of the main security goals for the IoT is to build secure and authenticated channels between IoT nodes. A common way widely used to achieve this goal is using authenticated key exchange protocol. However, with the increasing progress of quantum computation, most authenticated key exchange protocols nowadays are threatened by the rise of quantum computers. In this study, we address this problem by using ring-SIS based KEM and hash function to construct an authenticated key exchange scheme so that we base the scheme on lattice based hard problems believed to be secure even with quantum attacks. We also prove the security of universal composability of our scheme. The scheme hence can keep security while runs in complicated environment.

Skrobot, Marjan, Lancrenon, Jean.  2018.  On Composability of Game-Based Password Authenticated Key Exchange. 2018 IEEE European Symposium on Security and Privacy (EuroS P). :443–457.

It is standard practice that the secret key derived from an execution of a Password Authenticated Key Exchange (PAKE) protocol is used to authenticate and encrypt some data payload using a Symmetric Key Protocol (SKP). Unfortunately, most PAKEs of practical interest are studied using so-called game-based models, which – unlike simulation models – do not guarantee secure composition per se. However, Brzuska et al. (CCS 2011) have shown that a middle ground is possible in the case of authenticated key exchange that relies on Public-Key Infrastructure (PKI): the game-based models do provide secure composition guarantees when the class of higher-level applications is restricted to SKPs. The question that we pose in this paper is whether or not a similar result can be exhibited for PAKE. Our work answers this question positively. More specifically, we show that PAKE protocols secure according to the game-based Real-or-Random (RoR) definition with the weak forward secrecy of Abdalla et al. (S&P 2015) allow for safe composition with arbitrary, higher-level SKPs. Since there is evidence that most PAKEs secure in the Find-then-Guess (FtG) model are in fact secure according to RoR definition, we can conclude that nearly all provably secure PAKEs enjoy a certain degree of composition, one that at least covers the case of implementing secure channels.

2019-12-09
Rani, Rinki, Kumar, Sushil, Dohare, Upasana.  2019.  Trust Evaluation for Light Weight Security in Sensor Enabled Internet of Things: Game Theory Oriented Approach. IEEE Internet of Things Journal. 6:8421–8432.
In sensor-enabled Internet of Things (IoT), nodes are deployed in an open and remote environment, therefore, are vulnerable to a variety of attacks. Recently, trust-based schemes have played a pivotal role in addressing nodes' misbehavior attacks in IoT. However, the existing trust-based schemes apply network wide dissemination of the control packets that consume excessive energy in the quest of trust evaluation, which ultimately weakens the network lifetime. In this context, this paper presents an energy efficient trust evaluation (EETE) scheme that makes use of hierarchical trust evaluation model to alleviate the malicious effects of illegitimate sensor nodes and restricts network wide dissemination of trust requests to reduce the energy consumption in clustered-sensor enabled IoT. The proposed EETE scheme incorporates three dilemma game models to reduce additional needless transmissions while balancing the trust throughout the network. Specially: 1) a cluster formation game that promotes the nodes to be cluster head (CH) or cluster member to avoid the extraneous cluster; 2) an optimal cluster formation dilemma game to affirm the minimum number of trust recommendations for maintaining the balance of the trust in a cluster; and 3) an activity-based trust dilemma game to compute the Nash equilibrium that represents the best strategy for a CH to launch its anomaly detection technique which helps in mitigation of malicious activity. Simulation results show that the proposed EETE scheme outperforms the current trust evaluation schemes in terms of detection rate, energy efficiency and trust evaluation time for clustered-sensor enabled IoT.
2019-12-05
Chao, Chih-Min, Lee, Wei-Che, Wang, Cong-Xiang, Huang, Shin-Chung, Yang, Yu-Chich.  2018.  A Flexible Anti-Jamming Channel Hopping for Cognitive Radio Networks. 2018 Sixth International Symposium on Computing and Networking Workshops (CANDARW). :549-551.

In cognitive radio networks (CRNs), secondary users (SUs) are vulnerable to malicious attacks because an SU node's opportunistic access cannot be protected from adversaries. How to design a channel hopping scheme to protect SU nodes from jamming attacks is thus an important issue in CRNs. Existing anti-jamming channel hopping schemes have some limitations: Some require SU nodes to exchange secrets in advance; some require an SU node to be either a receiver or a sender, and some are not flexible enough. Another issue for existing anti-jamming channel hopping schemes is that they do not consider different nodes may have different traffic loads. In this paper, we propose an anti-jamming channel hopping protocol, Load Awareness Anti-jamming channel hopping (LAA) scheme. Nodes running LAA are able to change their channel hopping sequences based on their sending and receiving traffic. Simulation results verify that LAA outperforms existing anti-jamming schemes.

Avila, J, Prem, S, Sneha, R, Thenmozhi, K.  2018.  Mitigating Physical Layer Attack in Cognitive Radio - A New Approach. 2018 International Conference on Computer Communication and Informatics (ICCCI). :1-4.

With the improvement in technology and with the increase in the use of wireless devices there is deficiency of radio spectrum. Cognitive radio is considered as the solution for this problem. Cognitive radio is capable to detect which communication channels are in use and which are free, and immediately move into free channels while avoiding the used ones. This increases the usage of radio frequency spectrum. Any wireless system is prone to attack. Likewise, the main two attacks in the physical layer of cognitive radio are Primary User Emulation Attack (PUEA) and replay attack. This paper focusses on mitigating these two attacks with the aid of authentication tag and distance calculation. Mitigation of these attacks results in error free transmission which in turn fallouts in efficient dynamic spectrum access.

Hussain, Muzzammil, Swami, Tulsi.  2018.  Primary User Authentication in Cognitive Radio Network Using Pre-Generated Hash Digest. 2018 International Conference on Advances in Computing, Communications and Informatics (ICACCI). :903-908.

The primary objective of Cognitive Radio Networks (CRN) is to opportunistically utilize the available spectrum for efficient and seamless communication. Like all other radio networks, Cognitive Radio Network also suffers from a number of security attacks and Primary User Emulation Attack (PUEA) is vital among them. Primary user Emulation Attack not only degrades the performance of the Cognitive Radio Networks but also dissolve the objective of Cognitive Radio Network. Efficient and secure authentication of Primary Users (PU) is an only solution to mitigate Primary User Emulation Attack but most of the mechanisms designed for this are either complex or make changes to the spectrum. Here, we proposed a mechanism to authenticate Primary Users in Cognitive Radio Network which is neither complex nor make any changes to spectrum. The proposed mechanism is secure and also has improved the performance of the Cognitive Radio Network substantially.

Mu, Li, Mianquan, Li, Yuzhen, Huang, Hao, Yin, Yan, Wang, Baoquan, Ren, Xiaofei, Qu, Rui, Yu.  2018.  Security Analysis of Overlay Cognitive Wireless Networks with an Untrusted Secondary User. 2018 IEEE International Conference on Signal Processing, Communications and Computing (ICSPCC). :1-5.

In this article, we study the transmission secrecy performance of primary user in overlay cognitive wireless networks, in which an untrusted energy-limited secondary cooperative user assists the primary transmission to exchange for the spectrum resource. In the network, the information can be simultaneously transmitted through the direct and relay links. For the enhancement of primary transmission security, a maximum ratio combining (MRC) scheme is utilized by the receiver to exploit the two copies of source information. For the security analysis, we firstly derive the tight lower bound expression for secrecy outage probability (SOP). Then, three asymptotic expressions for SOP are also expressed to further analyze the impacts of the transmit power and the location of secondary cooperative node on the primary user information security. The findings show that the primary user information secrecy performance enhances with the improvement of transmit power. Moreover, the smaller the distance between the secondary node and the destination, the better the primary secrecy performance.

Sejaphala, Lanka, Velempini, Mthulisi, Dlamini, Sabelo Velemseni.  2018.  HCOBASAA: Countermeasure Against Sinkhole Attacks in Software-Defined Wireless Sensor Cognitive Radio Networks. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems (icABCD). :1-5.

Software-defined wireless sensor cognitive radio network is one of the emerging technologies which is simple, agile, and flexible. The sensor network comprises of a sink node with high processing power. The sensed data is transferred to the sink node in a hop-by-hop basis by sensor nodes. The network is programmable, automated, agile, and flexible. The sensor nodes are equipped with cognitive radios, which sense available spectrum bands and transmit sensed data on available bands, which improves spectrum utilization. Unfortunately, the Software-defined wireless sensor cognitive radio network is prone to security issues. The sinkhole attack is the most common attack which can also be used to launch other attacks. We propose and evaluate the performance of Hop Count-Based Sinkhole Attack detection Algorithm (HCOBASAA) using probability of detection, probability of false negative, and probability of false positive as the performance metrics. On average HCOBASAA managed to yield 100%, 75%, and 70% probability of detection.

Yadav, Kuldeep, Roy, Sanjay Dhar, Kundu, Sumit.  2018.  Total Error Reduction in Presence of Malicious User in a Cognitive Radio Network. 2018 2nd International Conference on Electronics, Materials Engineering Nano-Technology (IEMENTech). :1-4.

Primary user emulation (PUE) attack causes security issues in a cognitive radio network (CRN) while sensing the unused spectrum. In PUE attack, malicious users transmit an emulated primary signal in spectrum sensing interval to secondary users (SUs) to forestall them from accessing the primary user (PU) spectrum bands. In the present paper, the defense against such attack by Neyman-Pearson criterion is shown in terms of total error probability. Impact of several parameters such as attacker strength, attacker's presence probability, and signal-to-noise ratio on SU is shown. Result shows proposed method protect the harmful effects of PUE attack in spectrum sensing.

Bouabdellah, Mounia, Ghribi, Elias, Kaabouch, Naima.  2019.  RSS-Based Localization with Maximum Likelihood Estimation for PUE Attacker Detection in Cognitive Radio Networks. 2019 IEEE International Conference on Electro Information Technology (EIT). :1-6.

With the rapid proliferation of mobile users, the spectrum scarcity has become one of the issues that have to be addressed. Cognitive Radio technology addresses this problem by allowing an opportunistic use of the spectrum bands. In cognitive radio networks, unlicensed users can use licensed channels without causing harmful interference to licensed users. However, cognitive radio networks can be subject to different security threats which can cause severe performance degradation. One of the main attacks on these networks is the primary user emulation in which a malicious node emulates the characteristics of the primary user signals. In this paper, we propose a detection technique of this attack based on the RSS-based localization with the maximum likelihood estimation. The simulation results show that the proposed technique outperforms the RSS-based localization method in detecting the primary user emulation attacker.

Ngomane, I., Velempini, M., Dlamini, S. V..  2018.  The Detection of the Spectrum Sensing Data Falsification Attack in Cognitive Radio Ad Hoc Networks. 2018 Conference on Information Communications Technology and Society (ICTAS). :1-5.

Cognitive radio technology addresses the spectrum scarcity challenges by allowing unlicensed cognitive devices to opportunistically utilize spectrum band allocated to licensed devices. However, the openness of the technology has introduced several attacks to cognitive radios, one which is the spectrum sensing data falsification attack. In spectrum sensing data falsification attack, malicious devices share incorrect spectrum observations to other cognitive radios. This paper investigates the spectrum sensing data falsification attack in cognitive radio networks. We use the modified Z-test to isolate extreme outliers in the network. The q-out-of-m rule scheme is implemented to mitigate the spectrum sensing data falsification attack, where a random number m is selected from the sensing results and q is the final decision from m. The scheme does not require the services of a fusion Centre for decision making. This paper presents the theoretical analysis of the proposed scheme.

Mapunya, Sekgoari, Velempini, Mthulisi.  2018.  The Design of Byzantine Attack Mitigation Scheme in Cognitive Radio Ad-Hoc Networks. 2018 International Conference on Intelligent and Innovative Computing Applications (ICONIC). :1-4.

The ever-increasing number of wireless network systems brought a problem of spectrum congestion leading to slow data communications. All of the radio spectrums are allocated to different users, services and applications. Hence studies have shown that some of those spectrum bands are underutilized while others are congested. Cognitive radio concept has evolved to solve the problem of spectrum congestion by allowing cognitive users to opportunistically utilize the underutilized spectrum while minimizing interference with other users. Byzantine attack is one of the security issues which threaten the successful deployment of this technology. Byzantine attack is compromised cognitive radios which relay falsified data about the availability of the spectrum to other legitimate cognitive radios in the network leading interference. In this paper we are proposing a security measure to thwart the effect caused by these attacks and compared it to Attack-Proof Cooperative Spectrum Sensing.

Sohu, Izhar Ahmed, Ahmed Rahimoon, Asif, Junejo, Amjad Ali, Ahmed Sohu, Arsalan, Junejo, Sadam Hussain.  2019.  Analogous Study of Security Threats in Cognitive Radio. 2019 2nd International Conference on Computing, Mathematics and Engineering Technologies (iCoMET). :1-4.

Utilization of Wireless sensor network is growing with the development in modern technologies. On other side electromagnetic spectrum is limited resources. Application of wireless communication is expanding day by day which directly threaten electromagnetic spectrum band to become congested. Cognitive Radio solves this issue by implementation of unused frequency bands as "White Space". There is another important factor that gets attention in cognitive model i.e: Wireless Security. One of the famous causes of security threat is malicious node in cognitive radio wireless sensor networks (CRWSN). The goal of this paper is to focus on security issues which are related to CRWSN as Fusion techniques, Co-operative Spectrum sensing along with two dangerous attacks in CR: Primary User Emulation (PUE) and Spectrum Sensing Data Falsification (SSDF).

Guang, Xuan, Yeung, Raymond w..  2019.  Local-Encoding-Preserving Secure Network Coding for Fixed Dimension. 2019 IEEE International Symposium on Information Theory (ISIT). :201-205.

In the paradigm of network coding, information-theoretic security is considered in the presence of wiretappers, who can access one arbitrary edge subset up to a certain size, referred to as the security level. Secure network coding is applied to prevent the leakage of the source information to the wiretappers. In this paper, we consider the problem of secure network coding for flexible pairs of information rate and security level with any fixed dimension (equal to the sum of rate and security level). We present a novel approach for designing a secure linear network code (SLNC) such that the same SLNC can be applied for all the rate and security-level pairs with the fixed dimension. We further develop a polynomial-time algorithm for efficient implementation and prove that there is no penalty on the required field size for the existence of SLNCs in terms of the best known lower bound by Guang and Yeung. Finally, by applying our approach as a crucial building block, we can construct a family of SLNCs that not only can be applied to all possible pairs of rate and security level but also share a common local encoding kernel at each intermediate node in the network.

Hayashi, Masahito.  2018.  Secure Physical Layer Network Coding versus Secure Network Coding. 2018 IEEE Information Theory Workshop (ITW). :1-5.

Secure network coding realizes the secrecy of the message when the message is transmitted via noiseless network and a part of edges or a part of intermediate nodes are eavesdropped. In this framework, if the channels of the network has noise, we apply the error correction to noisy channel before applying the secure network coding. In contrast, secure physical layer network coding is a method to securely transmit a message by a combination of coding operation on nodes when the network is given as a set of noisy channels. In this paper, we give several examples of network, in which, secure physical layer network coding realizes a performance that cannot be realized by secure network coding.

2019-12-02
Chi, Po-Wen, Wang, Ming-Hung.  2018.  A Lightweight Compound Defense Framework Against Injection Attacks in IIoT. 2018 IEEE Conference on Dependable and Secure Computing (DSC). :1–8.
Industrial Internet of Things (IIoT) is a trend of the smart industry. By collecting field data from sensors, the industry can make decisions dynamically in time for better performance. In most cases, IIoT is built on private networks and cannot be reached from the Internet. Currently, data transmission in most of IIoT network protocols is in plaintext without encryption protection. Once an attacker breaks into the field, the attacker can intercept data and injects malicious commands to field agents. In this paper, we propose a compound approach for defending command injection attacks in IIOT. First, we leverage the power of Software Defined Networking (SDN) to detect the injection attack. When the injection attack event is detected, the system owner is alarmed that someone tries to pretend a controller or a field agent to deceive the other entity. Second, we develop a lightweight authentication scheme to ensure the identity of the command sender. Command receiver can verify commands first before processing commands.
2019-11-27
Sun, Xiaoli, Yang, Weiwei, Cai, Yueming, Tao, Liwei, Cai, Chunxiao.  2018.  Physical Layer Security in Wireless Information and Power Transfer Millimeter Wave Systems. 2018 24th Asia-Pacific Conference on Communications (APCC). :83–87.

This paper studies the physical layer security performance of a Simultaneous Wireless Information and Power Transfer (SWIPT) millimeter wave (mmWave) ultra-dense network under a stochastic geometry framework. Specifically, we first derive the energy-information coverage probability and secrecy probability in the considered system under time switching policies. Then the effective secrecy throughput (EST) which can characterize the trade-off between the energy coverage, secure and reliable transmission performance is derived. Theoretical analyses and simulation results reveal the design insights into the effects of various network parameters like, transmit power, time switching factor, transmission rate, confidential information rate, etc, on the secrecy performance. Specifically, it is impossible to realize the effective secrecy throughput improvement just by increasing the transmit power.

Cao, Huan, Johnston, Martin, le Goff, Stéphane.  2019.  Frozen Bit Selection Scheme for Polar Coding Combined with Physical Layer Security. 2019 UK/ China Emerging Technologies (UCET). :1–4.

In this paper, we propose a frozen bit selection scheme for polar coding scheme combined with physical layer security that enhances the security of two legitimate users on a wiretap channel. By flipping certain frozen bits, the bit-error rate (BER) of an eavesdropper is maximized while the BER of the legitimate receiver is unaffected. An ARQ protocol is proposed that only feeds back a small proportion of the frozen bits to the transmitter, which increases the secrecy rate. The scheme is evaluated on a wiretap channel affected by impulsive noise and we consider cases where the eavesdropper's channel is actually more impulsive than the main channel. Simulation results show that the proposed scheme ensures the eavesdropper's BER is high even when only one frozen bit is flipped and this is achieved even when their channel is more impulsive than the main channel.

2019-11-25
Jawad, Ameer K., Abdullah, Hikmat N., Hreshee, Saad S..  2018.  Secure speech communication system based on scrambling and masking by chaotic maps. 2018 International Conference on Advance of Sustainable Engineering and its Application (ICASEA). :7–12.
As a result of increasing the interest in developing the communication systems that use public channels for transmitting information, many channel problems are raised up. Among these problems, the important one should be addressed is the information security. This paper presents a proposed communication system with high security uses two encryption levels based on chaotic systems. The first level is chaotic scrambling, while the second one is chaotic masking. This configuration increases the information security since the key space becomes too large. The MATLAB simulation results showed that the Segmental Spectral Signal to Noise Ratio (SSSNR) of the first level (chaotic scrambling) is reduced by -5.195 dB comparing to time domain scrambling. Furthermore, in the second level (chaotic masking), the SSSNR is reduced by -20.679 dB. It is also showed that when the two levels are combined, the overall reduction obtained is -21.755 dB.
Riyadi, Munawar A., Khafid, M. Reza Aulia, Pandapotan, Natanael, Prakoso, Teguh.  2018.  A Secure Voice Channel using Chaotic Cryptography Algorithm. 2018 International Conference on Electrical Engineering and Computer Science (ICECOS). :141–146.
A secure voice communications channel is on demand to avoid unwanted eavesdropping of voice messages. This paper reports the development of communicaiton channel prototype equipped with Chaotic cryptographic algorithm with Cipher Feedback mode, implemented on FPGA due to its high processing speed and low delay required for voice channel. Two Spartan-3 FPGA board was used for the purpose, one as transmitter in encryption process and the other as receiver of decryption process. The experimental tests reveal that the voice channel is successfully secured using the encryption-decription cycle for asynchronous communication. In the non-ecrypted channel, the average values of MSE, delay, and THD-N parameters are 0.3513 V2, 202 μs, and 17.52%, respectively, while the secured channel produce MSE of 0.3794 V2, delay 202 μs, and THD-N 20.45%. Therefore, the original information sent in the encrypted channel can be restored with similar quality compared to the non-encrypted channel.
2019-11-18
Lu, Zhaojun, Wang, Qian, Qu, Gang, Liu, Zhenglin.  2018.  BARS: A Blockchain-Based Anonymous Reputation System for Trust Management in VANETs. 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE). :98–103.
The public key infrastructure (PKI) based authentication protocol provides the basic security services for vehicular ad-hoc networks (VANETs). However, trust and privacy are still open issues due to the unique characteristics of vehicles. It is crucial for VANETs to prevent internal vehicles from broadcasting forged messages while simultaneously protecting the privacy of each vehicle against tracking attacks. In this paper, we propose a blockchain-based anonymous reputation system (BARS) to break the linkability between real identities and public keys to preserve privacy. The certificate and revocation transparency is implemented efficiently using two blockchains. We design a trust model to improve the trustworthiness of messages relying on the reputation of the sender based on both direct historical interactions and indirect opinions about the sender. Experiments are conducted to evaluate BARS in terms of security and performance and the results show that BARS is able to establish distributed trust management, while protecting the privacy of vehicles.
2019-10-30
Ghose, Nirnimesh, Lazos, Loukas, Li, Ming.  2018.  Secure Device Bootstrapping Without Secrets Resistant to Signal Manipulation Attacks. 2018 IEEE Symposium on Security and Privacy (SP). :819-835.
In this paper, we address the fundamental problem of securely bootstrapping a group of wireless devices to a hub, when none of the devices share prior associations (secrets) with the hub or between them. This scenario aligns with the secure deployment of body area networks, IoT, medical devices, industrial automation sensors, autonomous vehicles, and others. We develop VERSE, a physical-layer group message integrity verification primitive that effectively detects advanced wireless signal manipulations that can be used to launch man-in-the-middle (MitM) attacks over wireless. Without using shared secrets to establish authenticated channels, such attacks are notoriously difficult to thwart and can undermine the authentication and key establishment processes. VERSE exploits the existence of multiple devices to verify the integrity of the messages exchanged within the group. We then use VERSE to build a bootstrapping protocol, which securely introduces new devices to the network. Compared to the state-of-the-art, VERSE achieves in-band message integrity verification during secure pairing using only the RF modality without relying on out-of-band channels or extensive human involvement. It guarantees security even when the adversary is capable of fully controlling the wireless channel by annihilating and injecting wireless signals. We study the limits of such advanced wireless attacks and prove that the introduction of multiple legitimate devices can be leveraged to increase the security of the pairing process. We validate our claims via theoretical analysis and extensive experimentations on the USRP platform. We further discuss various implementation aspects such as the effect of time synchronization between devices and the effects of multipath and interference. Note that the elimination of shared secrets, default passwords, and public key infrastructures effectively addresses the related key management challenges when these are considered at scale.
Bugeja, Joseph, Vogel, Bahtijar, Jacobsson, Andreas, Varshney, Rimpu.  2019.  IoTSM: An End-to-End Security Model for IoT Ecosystems. 2019 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops). :267-272.

The Internet of Things (IoT) market is growing rapidly, allowing continuous evolution of new technologies. Alongside this development, most IoT devices are easy to compromise, as security is often not a prioritized characteristic. This paper proposes a novel IoT Security Model (IoTSM) that can be used by organizations to formulate and implement a strategy for developing end-to-end IoT security. IoTSM is grounded by the Software Assurance Maturity Model (SAMM) framework, however it expands it with new security practices and empirical data gathered from IoT practitioners. Moreover, we generalize the model into a conceptual framework. This approach allows the formal analysis for security in general and evaluates an organization's security practices. Overall, our proposed approach can help researchers, practitioners, and IoT organizations, to discourse about IoT security from an end-to-end perspective.

2019-10-23
Madala, D S V, Jhanwar, Mahabir Prasad, Chattopadhyay, Anupam.  2018.  Certificate Transparency Using Blockchain. 2018 IEEE International Conference on Data Mining Workshops (ICDMW). :71-80.

The security of web communication via the SSL/TLS protocols relies on safe distributions of public keys associated with web domains in the form of X.509 certificates. Certificate authorities (CAs) are trusted third parties that issue these certificates. However, the CA ecosystem is fragile and prone to compromises. Starting with Google's Certificate Transparency project, a number of research works have recently looked at adding transparency for better CA accountability, effectively through public logs of all certificates issued by certification authorities, to augment the current X.509 certificate validation process into SSL/TLS. In this paper, leveraging recent progress in blockchain technology, we propose a novel system, called CTB, that makes it impossible for a CA to issue a certificate for a domain without obtaining consent from the domain owner. We further make progress to equip CTB with certificate revocation mechanism. We implement CTB using IBM's Hyperledger Fabric blockchain platform. CTB's smart contract, written in Go, is provided for complete reference.

Chen, Jing, Yao, Shixiong, Yuan, Quan, He, Kun, Ji, Shouling, Du, Ruiying.  2018.  CertChain: Public and Efficient Certificate Audit Based on Blockchain for TLS Connections. IEEE INFOCOM 2018 - IEEE Conference on Computer Communications. :2060-2068.

In recent years, real-world attacks against PKI take place frequently. For example, malicious domains' certificates issued by compromised CAs are widespread, and revoked certificates are still trusted by clients. In spite of a lot of research to improve the security of SSL/TLS connections, there are still some problems unsolved. On one hand, although log-based schemes provided certificate audit service to quickly detect CAs' misbehavior, the security and data consistency of log servers are ignored. On the other hand, revoked certificates checking is neglected due to the incomplete, insecure and inefficient certificate revocation mechanisms. Further, existing revoked certificates checking schemes are centralized which would bring safety bottlenecks. In this paper, we propose a blockchain-based public and efficient audit scheme for TLS connections, which is called Certchain. Specially, we propose a dependability-rank based consensus protocol in our blockchain system and a new data structure to support certificate forward traceability. Furthermore, we present a method that utilizes dual counting bloom filter (DCBF) with eliminating false positives to achieve economic space and efficient query for certificate revocation checking. The security analysis and experimental results demonstrate that CertChain is suitable in practice with moderate overhead.