Hardening X.509 Certificate Issuance using Distributed Ledger Technology

Holger Kinkelin, Richard Von Seck, Christoph Rudolf, Georg Carle

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

6 Scopus citations

Abstract

The security of cryptographic communication protocols that use X.509 certificates depends on the correctness of those certificates. This paper proposes a system that helps to ensure the correct operation of an X.509 certification authority and its registration authorities. We achieve this goal by enforcing a policy-defined, multi-party validation and authorization workflow of certificate signing requests. Besides, our system offers full accountability for this workflow for forensic purposes. As a foundation for our implementation, we leverage the distributed ledger and smart contract framework Hyperledger Fabric. Our implementation inherits the strong tamper-resistance of Fabric which strengthens the integrity of the computer processes that enforce the validation and authorization of the certificate signing request, and of the metadata collected during certificate issuance.

Original languageEnglish
Title of host publicationProceedings of IEEE/IFIP Network Operations and Management Symposium 2020
Subtitle of host publicationManagement in the Age of Softwarization and Artificial Intelligence, NOMS 2020
PublisherInstitute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)9781728149738
DOIs
StatePublished - Apr 2020
Event2020 IEEE/IFIP Network Operations and Management Symposium, NOMS 2020 - Budapest, Hungary
Duration: 20 Apr 202024 Apr 2020

Publication series

NameProceedings of IEEE/IFIP Network Operations and Management Symposium 2020: Management in the Age of Softwarization and Artificial Intelligence, NOMS 2020

Conference

Conference2020 IEEE/IFIP Network Operations and Management Symposium, NOMS 2020
Country/TerritoryHungary
CityBudapest
Period20/04/2024/04/20

Keywords

  • Identity management
  • X.509
  • distributed ledger
  • policy-based security

Fingerprint

Dive into the research topics of 'Hardening X.509 Certificate Issuance using Distributed Ledger Technology'. Together they form a unique fingerprint.

Cite this