Blockchain-based TLS Notary Service

by   Pawel Szalachowski, et al.

The Transport Layer Security (TLS) protocol is a de facto standard of secure client-server communication on the Internet. Its security can be diminished by a variety of attacks that leverage on weaknesses in its design and implementations. An example of a major weakness is the public-key infrastructure (PKI) that TLS deploys, which is a weakest-link system and introduces hundreds of links (i.e., trusted entities). Consequently, an adversary compromising a single trusted entity can impersonate any website. Notary systems, based on multi-path probing, were early and promising proposals to detect and prevent such attacks. Unfortunately, despite their benefits, they are not widely deployed, mainly due to their long-standing unresolved problems. In this paper, we present Persistent and Accountable Domain Validation (PADVA), which is a next-generation TLS notary service. PADVA combines the advantages of previous proposals, enhancing them, introducing novel mechanisms, and leveraging a blockchain platform which provides new features. PADVA keeps notaries auditable and accountable, introduces service-level agreements and mechanisms to enforce them, relaxes availability requirements for notaries, and works with the legacy TLS ecosystem. We implemented and evaluated PADVA, and our experiments indicate its efficiency and deployability.


page 1

page 2

page 3

page 4


CertLedger: A New PKI Model with Certificate Transparency Based on Blockchain

In conventional PKI, CAs are assumed to be fully trusted. However, in pr...

Pitfalls of Provably Secure Systems in Internet The Case of Chronos-NTP

The critical role that Network Time Protocol (NTP) plays in the Internet...

HTTPA/2: a Trusted End-to-End Protocol for Web Services

We received positive feedback and inquiries on the previous work of HTTP...

Securing Optical Networks using Quantum-secured Blockchain: An Overview

Deployment of optical network infrastructure and network services is gro...

It Takes Two to #MeToo - Using Enclaves to Build Autonomous Trusted Systems

We provide enhanced security against insider attacks in services that ma...

Please sign up or login with your details

Forgot password? Click here to reset