Conifer: Centrally-Managed PKI with Blockchain-Rooted Trust

  title={Conifer: Centrally-Managed PKI with Blockchain-Rooted Trust},
  author={Yuhao Dong and Woojung Kim and R. Boutaba},
  journal={2018 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData)},
  • Yuhao Dong, Woojung Kim, R. Boutaba
  • Published 2018
  • Computer Science
  • 2018 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData)
Secure naming systems, or more narrowly public key infrastructures (PKIs), form the basis of secure communications over insecure networks. [...] Key Result Finally, we use experiments to evaluate the performance of Conifer compared with other naming systems, both centralized and blockchain-based, demonstrating that it incurs only a modest overhead compared to traditional centralized-trust systems while being far more scalable and performant than purely blockchain-based solutions.Expand
On the Practicality of a Smart Contract PKI
This work implements and evaluates the only provably secure, smart contract based PKI of Patsonakis et al. on top of Ethereum, and proposes several modifications for fine tuning the model, which would be useful to be considered for any smart contract platform like Ethereum so that it reaches its full potential to support arbitrary distributed applications. Expand
Implementing a Smart Contract PKI
This article implements, evaluates, and provides a complete security proof for the smart contract-based PKI of (Patsonakis et al.) on Ethereum, and proposes several modifications for fine tuning the model, which should be considered for any smart contract platform like Ethereum so that it may support arbitrary distributed applications. Expand
SURF: Software Update Registration Framework
By introducing a partially trusted entity which serves client requests and handles blockchainrelated business logic, SURF successfully decouples clients from an underlying blockchain, making the system blockchain-agnostic. Expand
Blockchain-based Distributed Banking for Permissioned and Accountable Financial Transaction Processing
A blockchain-based distributed banking (BDB) scheme is proposed, which uses blockchain technology to leverage its built-in properties to record and track immutable transactions and compares with the Ethereum cryptocurrency to highlight the fundamental differences and demonstrate the BDB’s superior computational efficiency. Expand
Blockchain based access control systems: State of the art and challenges
  • Sara Rouhani, R. Deters
  • Computer Science
  • 2019 IEEE/WIC/ACM International Conference on Web Intelligence (WI)
  • 2019
This paper presents the state of the art and the challenges of blockchain-based access control systems, and explains how blockchain can help to solve them. Expand
Is the blockchain a relevant technology for the industry 4.0?
  • C. Hennebert, Florian Barrois
  • Computer Science
  • 2020 2nd Conference on Blockchain Research & Applications for Innovative Networks and Services (BRAINS)
  • 2020
This paper explores through the implementation of two proofs of concept the advantages of each of the technologies and shows that they could complement each other advantageously. Expand


Blockstack: A Global Naming and Storage System Secured by Blockchains
This paper describes the experiences operating a large deployment of a decentralized PKI service built on top of the Namecoin blockchain, and presents various challenges pertaining to network reliability, throughput, and security that were needed to overcome while registering and updating over 33,000 entries and 200,000 transactions on the Namecoins blockchain. Expand
A Decentralized Public Key Infrastructure with Identity Retention
This paper leverages the consistency guarantees provided by cryptocurrencies such as Bitcoin and Namecoin to build a PKI that ensures identity retention, which has no central authority and thus requires the use of secure distributed dictionary data structures to provide efficient support for key lookup. Expand
CONIKS: Bringing Key Transparency to End Users
CONIKS builds on transparency log proposals for web server certificates but solves several new challenges specific to key verification for end users, and obviates the need for global third-party monitors and enables users to efficiently monitor their own key bindings for consistency. Expand
An Empirical Study of Namecoin and Lessons for Decentralized Namespace Design
This work proposes a model of utility of different names to different participants, and articulate desiderata of a decentralized namespace in terms of this utility function, and uses this model to explore the design space of mechanisms and analyze the trade-offs. Expand
Catena: Efficient Non-equivocation via Bitcoin
Catena enables any number of thin clients, such as mobile phones, to efficiently agree on a log of application-specific statements managed by an adversarial server, and increases the bandwidth requirements of log auditors from 90GB to only tens of megabytes. Expand
Web PKI: Closing the Gap between Guidelines and Practices
This work evaluates the actual level of adherence to the CA/Browser Forum guidelines over time, as well as the impact of each violation, by inspecting a large collection of certificates gathered from Web crawls and automatically deriving profile templates that characterize the makeup of certificates per issuer. Expand
Certificate Transparency
In diesem Text sollen die Konzepte und der Aufbau Certificate Transparenc erklärt und die Auswirkungen auf die bisherigen Akteure des SSL / TLS-Ökosystems diskutiert werden. Expand
High-speed high-security signatures
This paper shows that a $390 mass-market quad-core 2.4GHz Intel Westmere (Xeon E5620) CPU can create 109000 signatures per second and verify 71000 signatures per second on an elliptic curve at a 2128Expand
Bitcoin : A Peer-to-Peer Electronic Cash System
A survey on ca compromises.
  • [Online]. Available: upload/Group_CDC/Documents/Lehre/SS13/Seminar/CPS/cps2014_
  • 2014