@inproceedings{b4fa507b80ba423f8607d41d923b8437,
title = "Hardening X.509 Certificate Issuance using Distributed Ledger Technology",
abstract = "The security of cryptographic communication protocols that use X.509 certificates depends on the correctness of those certificates. This paper proposes a system that helps to ensure the correct operation of an X.509 certification authority and its registration authorities. We achieve this goal by enforcing a policy-defined, multi-party validation and authorization workflow of certificate signing requests. Besides, our system offers full accountability for this workflow for forensic purposes. As a foundation for our implementation, we leverage the distributed ledger and smart contract framework Hyperledger Fabric. Our implementation inherits the strong tamper-resistance of Fabric which strengthens the integrity of the computer processes that enforce the validation and authorization of the certificate signing request, and of the metadata collected during certificate issuance.",
keywords = "Identity management, X.509, distributed ledger, policy-based security",
author = "Holger Kinkelin and {Von Seck}, Richard and Christoph Rudolf and Georg Carle",
note = "Publisher Copyright: {\textcopyright} 2020 IEEE.; 2020 IEEE/IFIP Network Operations and Management Symposium, NOMS 2020 ; Conference date: 20-04-2020 Through 24-04-2020",
year = "2020",
month = apr,
doi = "10.1109/NOMS47738.2020.9110311",
language = "English",
series = "Proceedings of IEEE/IFIP Network Operations and Management Symposium 2020: Management in the Age of Softwarization and Artificial Intelligence, NOMS 2020",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
booktitle = "Proceedings of IEEE/IFIP Network Operations and Management Symposium 2020",
}