{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,17]],"date-time":"2026-03-17T02:49:13Z","timestamp":1773715753428,"version":"3.50.1"},"reference-count":31,"publisher":"Oxford University Press (OUP)","issue":"4","license":[{"start":{"date-parts":[[2020,8,12]],"date-time":"2020-08-12T00:00:00Z","timestamp":1597190400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/academic.oup.com\/journals\/pages\/open_access\/funder_policies\/chorus\/standard_publication_model"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2021,4,19]]},"abstract":"<jats:title>Abstract<\/jats:title><jats:p>During the past decade, several misbehaving certificate authorities (CAs) have issued fraudulent TLS certificates allowing man-in-the-middle (MITM) kinds of attacks that result in serious security incidents. In order to avoid such incidents, Yakubov et al. ((2018) A blockchain-based PKI management framework. NOMS 2018 - 2018 IEEE\/IFIP Network Operations and Management Symposium, Taipei, Taiwan, April, pp. 16. IEEE) recently proposed a new public key infrastructure (PKI) architecture where CAs issue, revoke and validate X.509 certificates on a public blockchain. However, in their proposal TLS clients are subject to MITM kinds of attacks, and certificate transparency is not fully provided. In this paper, we eliminate the issues of the Yakubov et al.\u2019s scheme and propose a new PKI architecture based on permissioned blockchain with PBFT consensus mechanism where the consensus nodes utilize a dynamic threshold signature scheme to generate signed blocks. In this way, the trust to the intermediary entities can be completely eliminated during certificate validation. Our scheme enjoys the dynamic property of the threshold signature because TLS clients do not have to change the verification key even if the validator set is dynamic. We implement our proposal on private Ethereum network to demonstrate the experimental results. The results show that our proposal has negligible overhead during TLS handshake. The certificate validation duration is less than the duration in the conventional PKI and Yakubov et al.\u2019s scheme.<\/jats:p>","DOI":"10.1093\/comjnl\/bxaa081","type":"journal-article","created":{"date-parts":[[2020,6,9]],"date-time":"2020-06-09T03:27:58Z","timestamp":1591673278000},"page":"564-574","source":"Crossref","is-referenced-by-count":9,"title":["KORGAN: An Efficient PKI Architecture Based on PBFT Through Dynamic Threshold Signatures"],"prefix":"10.1093","volume":"64","author":[{"given":"Murat","family":"Yasin Kubilay","sequence":"first","affiliation":[{"name":"Department of Computer Engineering, Gebze Technical University, 41400 Kocaeli, Turkey"},{"name":"Deutsche Bank, Eschborn 65760, Germany"}]},{"given":"Mehmet","family":"Sabir Kiraz","sequence":"additional","affiliation":[{"name":"School of Computer Science and Informatics, De Montfort University, LE1 9BH Leicester, UK"},{"name":"NChain, London W1W 8AP, UK"}]},{"given":"Haci","family":"Ali Mantar","sequence":"additional","affiliation":[{"name":"Department of Computer Engineering, Gebze Technical University, 41400 Kocaeli, Turkey"}]}],"member":"286","published-online":{"date-parts":[[2020,8,12]]},"reference":[{"key":"2021041913135000900_ref1","article-title":"The Transport Layer Security (TLS) Protocol Version 1.3. RFC 8446 (Proposed Standard)","author":"Dierks","year":"2018"},{"key":"2021041913135000900_ref2","doi-asserted-by":"crossref","first-page":"2027","DOI":"10.1109\/COMST.2016.2548426","article-title":"A survey of man in the middle attacks","volume":"18","author":"Conti","year":"2016","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"2021041913135000900_ref3","article-title":"Black tulip report of the investigation into the DigiNotar certificate authority breach","author":"DigiNotar Public Report","year":"2012"},{"key":"2021041913135000900_ref4","author":"Langley","year":"2015"},{"key":"2021041913135000900_ref5","doi-asserted-by":"crossref","first-page":"333","DOI":"10.1016\/j.cose.2019.05.013","article-title":"CertLedger: a new PKI model with certificate transparency based on blockchain","volume":"85","author":"Kubilay","year":"2019","journal-title":"Comput. Secur."},{"key":"2021041913135000900_ref6","article-title":"Certificate Transparency. RFC 6962 (Experimental)","author":"Laurie","year":"2013"},{"key":"2021041913135000900_ref7","volume-title":"Information Technology\u2013Open Systems Interconnection\u2013the Directory: Public-Key and Attribute Certificate Frameworks","year":"2012"},{"key":"2021041913135000900_ref8","article-title":"X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP. RFC 6960 (Standard)","author":"Santesson","year":"2019"},{"key":"2021041913135000900_ref9","first-page":"679","article-title":"Accountable Key Infrastructure (AKI): A Proposal for a Public-Key Validation Infrastructure","volume-title":"Proc. of the 22nd Int. Conf. on World Wide Web","author":"Hyun-Jin Kim","year":"2013"},{"key":"2021041913135000900_ref10","doi-asserted-by":"crossref","first-page":"1695","DOI":"10.1093\/comjnl\/bxw039","article-title":"DTKI: a new formalized PKI with verifiable trusted parties","volume":"59","author":"Yu","year":"2016","journal-title":"Comput. J."},{"key":"2021041913135000900_ref11","doi-asserted-by":"crossref","first-page":"144","DOI":"10.1007\/978-3-662-58820-8_11","article-title":"Blockchain-Based Certificate Transparency and Revocation Transparency","volume-title":"Financial Cryptography and Data Security","author":"Wang","year":"2019"},{"key":"2021041913135000900_ref12","doi-asserted-by":"crossref","first-page":"2060","DOI":"10.1109\/INFOCOM.2018.8486344","article-title":"CertChain: Public and Efficient Certificate Audit Based on Blockchain for TLS Connections","volume-title":"IEEE INFOCOM 2018-IEEE Conference on Computer Communications","author":"Chen","year":"2018"},{"key":"2021041913135000900_ref13","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1109\/NOMS.2018.8406325","article-title":"A blockchain-based PKI management framework","volume-title":"NOMS 2018 - 2018 IEEE\/IFIP Network Operations and Management Symposium","author":"Yakubov","year":"2018"},{"key":"2021041913135000900_ref14","doi-asserted-by":"crossref","first-page":"398","DOI":"10.1145\/571637.571640","article-title":"Practical Byzantine fault tolerance and proactive recovery","volume":"20","author":"Castro","year":"2002","journal-title":"ACM Trans. Comput. Syst."},{"key":"2021041913135000900_ref15","first-page":"108","article-title":"Dynamic threshold cryptosystem without group manager","volume":"1","author":"Noack","year":"2009","journal-title":"Netw. Protocols Algorithms"},{"key":"2021041913135000900_ref16","article-title":"Bitcoin: a peer-to-peer electronic cash system","author":"Nakamoto","year":"2008"},{"key":"2021041913135000900_ref17","article-title":"Ethereum: a secure decentralised generalised transaction ledger","author":"Wood","year":"2014"},{"key":"2021041913135000900_ref18","doi-asserted-by":"crossref","first-page":"357","DOI":"10.1007\/978-3-319-63688-7_12","article-title":"Ouroboros: A Provably Secure Proof-of-Stake Blockchain Protocol","volume-title":"Advances in Cryptology \u2013 CRYPTO 2017","author":"Kiayias","year":"2017"},{"key":"2021041913135000900_ref19","doi-asserted-by":"crossref","first-page":"6117","DOI":"10.1109\/ACCESS.2018.2889898","article-title":"PBCert: privacy-preserving blockchain-based certificate status validation toward mass storage management","volume":"7","author":"Yao","year":"2019","journal-title":"IEEE Access"},{"key":"2021041913135000900_ref20","author":"Szabo","year":"1997"},{"key":"2021041913135000900_ref21","first-page":"45","article-title":"Do you Need a Blockchain? 2018 Crypto Valley Conf. on Blockchain Technology (CVCBT)","author":"W\u00fcst","year":"2018"},{"key":"2021041913135000900_ref22","doi-asserted-by":"crossref","first-page":"347","DOI":"10.1145\/3293611.3331591","article-title":"HotStuff: BFT Consensus with Linearity and Responsiveness","volume-title":"Proc. of the 2019 ACM Symposium on Principles of Distributed Computing","author":"Yin","year":"2019"},{"key":"2021041913135000900_ref23","doi-asserted-by":"crossref","first-page":"514","DOI":"10.1007\/3-540-45682-1_30","article-title":"Short Signatures from the Weil Pairing","volume-title":"Advances in Cryptology \u2014 ASIACRYPT 2001","author":"Boneh","year":"2001"},{"key":"2021041913135000900_ref24","doi-asserted-by":"crossref","first-page":"219","DOI":"10.1007\/s00145-005-0318-0","article-title":"Random oracles in Constantinople: practical asynchronous Byzantine agreement using cryptography","volume":"18","author":"Cachin","year":"2005","journal-title":"J. Cryptol."},{"key":"2021041913135000900_ref25","article-title":"Automatic Certificate Management Environment (ACME). RFC 8555 (Standard)","author":"Barnes","year":"2019"},{"key":"2021041913135000900_ref26","author":"Patricia Tree"},{"key":"2021041913135000900_ref27","author":"LibraBFT Consensus Performance"},{"key":"2021041913135000900_ref28","author":"Eth Proof 2.0.0"},{"key":"2021041913135000900_ref29","doi-asserted-by":"crossref","first-page":"183","DOI":"10.1145\/2815675.2815685","article-title":"An End-to-End Measurement of Certificate Revocation in the Web\u2019s PKI","volume-title":"Proc. of the 2015 Internet Measurement Conf.","author":"Liu","year":"2015"},{"key":"2021041913135000900_ref30","author":"NetCraft. OCSP Server Performance in September 2019"},{"key":"2021041913135000900_ref31","author":"NetCraft. CRL Sites in September 2019"}],"container-title":["The Computer Journal"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/academic.oup.com\/comjnl\/article-pdf\/64\/4\/564\/37161733\/bxaa081.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"http:\/\/academic.oup.com\/comjnl\/article-pdf\/64\/4\/564\/37161733\/bxaa081.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,10,27]],"date-time":"2022-10-27T06:45:20Z","timestamp":1666853120000},"score":1,"resource":{"primary":{"URL":"https:\/\/academic.oup.com\/comjnl\/article\/64\/4\/564\/5890396"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,8,12]]},"references-count":31,"journal-issue":{"issue":"4","published-online":{"date-parts":[[2020,8,12]]},"published-print":{"date-parts":[[2021,4,19]]}},"URL":"https:\/\/doi.org\/10.1093\/comjnl\/bxaa081","relation":{},"ISSN":["0010-4620","1460-2067"],"issn-type":[{"value":"0010-4620","type":"print"},{"value":"1460-2067","type":"electronic"}],"subject":[],"published-other":{"date-parts":[[2021,4]]},"published":{"date-parts":[[2020,8,12]]}}}