Distributed Public Key Infrastructure and PSK Exchange Based on Blockchain Technology

摘要

Public key distribution and device authentication remain the main security challenges in many systems and applications. Existing solutions are based on Public Key Infrastructures (PKI) backed by Certificate Authorities (CA) to validate the authenticity of the devices. However, distributing and provisioning certificates for each client showed to be impractical especially for Internet of Things (IoT) devices. In this paper we propose a distributed PKI (Public Key Infrastructure) platform based on the Ethereum Blockchain. It contains a decentralized key-store that holds the public keys of all devices, and includes a generic protocol for PSK (Pre-Shared Keys) distribution. PSK keys can then be used by PSK-based security protocols (TLS-PSK, DTLS-PSK, SRTP...) for securing the communication channel between two devices. This platform includes a client-side module, a public key management module configured on the server, and a smart contract software deployed on the Ethereum Blockchain network. This generic platform can be used by many applications for client and server authentication, data integrity, and secure peer to peer communications. Moreover, this promising system may potentially eliminate the trust requirement imposed by the existing PKI/CAs infrastructure on clients.