• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文会议>International Conference on Malicious and Unwanted Software >SCRaaPS: X.509 Certificate Revocation Using the Blockchain-based Scrybe Secure Provenance System
【24h】

SCRaaPS: X.509 Certificate Revocation Using the Blockchain-based Scrybe Secure Provenance System

机译:SCRaaPS:使用基于区块链的Scrybe安全出处系统撤销X.509证书

获取原文
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

X.509 certificates underpin the security of the Internet economy, notably secure web servers, and they need to be revoked promptly and reliably once they are compromised. The original revocation method specified in the X.509 standard, to distribute certificate revocation lists (CRLs), is both old and untrustworthy. CRLs are susceptible to attacks such as Man-in-the-Middle and Denial of Service. The newer Online Certificate Status Protocol (OCSP) and OCSP-stapling approaches have well-known drawbacks as well. The primary contribution of this paper is Secure Revocation as a Peer Service (SCRaaPS). SCRaaPS is an alternative, reliable way to support X.509 certificate revocation via the Scrybe secure provenance system. The blockchain support of Scrybe enables the creation of a durable, reliable revocation service that can withstand Denial-of-Service attacks and ensures non-repudiation of certificates revoked. We provide cross-CA-revocation information and address the additional problem of intermediate-certificate revocation with the knock-on effects on certificates derived thereof. A Cuckoo filter provides quick, communication-free testing by servers and browsers against our current revocation list (with no false negatives). A further contribution of this work is that the revocation service can fit in as a drop-in replacement for OCSP-stapling with superior performance and coverage both for servers and browsers. Potential revocation indicated by our Cuckoo filter is backed up by rigorous service query to eliminate false positives. Cuckoo filter parameters are also stored in our blockchain to provide open access to this algorithmic option for detection. We describe the advantages of using a blockchain-based system and, in particular, the approach to distributed ledger technology and lightweight mining enabled by Scrybe, which was designed with secure provenance in mind.
机译:X.509证书巩固了Internet经济的安全性,尤其是安全的Web服务器,一旦受到威胁,就必须立即可靠地将其吊销。 X.509标准中指定的用于分发证书吊销列表(CRL)的原始吊销方法既旧又不可信。 CRL容易受到中间人和拒绝服务之类的攻击。较新的在线证书状态协议(OCSP)和OCSP装订方法也具有众所周知的缺点。本文的主要贡献是作为对等服务的安全吊销(SCRaaPS)。 SCRaaPS是通过Scrybe安全出处系统支持X.509证书吊销的一种可靠的替代方法。 Scrybe的区块链支持可创建持久,可靠的吊销服务,该服务可抵御拒绝服务攻击,并确保不会否认已吊销的证书。我们提供跨CA撤销的信息,并解决中间证书撤销的附加问题,并对由此获得的证书产生连锁反应。 Cuckoo筛选器可针对当前的吊销列表(无误报)由服务器和浏览器进行快速,无通信的测试。这项工作的进一步贡献是,吊销服务可以替代OCSP装订,从而具有卓越的性能,并覆盖服务器和浏览器。通过严格的服务查询来备份由我们的Cuckoo过滤器指示的潜在吊销,以消除误报。布谷鸟过滤器参数也存储在我们的区块链中,以提供对该算法选项的开放访问以进行检测。我们描述了使用基于区块链的系统的优势,特别是Scrybe支持分布式账本技术和轻量级挖掘的方法,该方法在设计时就考虑到了安全的出处。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号