The academic paper based on my masters thesis and research made during my work with the OSwinds research team of the Aristotle Unicersity of Thessaloniki got published in Springers’ Internationa Journal of Information Security by the name “DeTRACT a decentralized, transparent, immutable and open PKI certificate framework”.
Thanks to the team, George Vlahavas, Konstantinos Karasavvas & Athena Vakali.
Public key infrastructure (PKI) is widely used over the Internet to secure and to encrypt communication among parties. PKI involves digital certificates which are managed by certificate authorities (CAs) that authenticate users identity, in order to establish encrypted communication channels. The centralized operation model of CAs has already caused several targeted attacks due to the distribution of rogue certificates. Users remain vulnerable since it is too challenging to detect and revoke such certificates, but also to speed up the user update process when a certificate is revoked. To address such issues, a decentralized PKI alternative approach, targeting Domain Validated certificates, is proposed. In the proposed approach, which is based on blockchain technologies (such as Bitcoin and Ethereum), the transparency, immutability and decentralization aspects of these technologies have been leveraged. Comparisons among the proposed approach, the conventional PKI and other decentralized approaches have been implemented to showcase the impact and the potential of the proposed approach.