IEEE Access (Jan 2020)

Cross-Certification Towards Distributed Authentication Infrastructure: A Case of Hyperledger Fabric

  • Shohei Kakei,
  • Yoshiaki Shiraishi,
  • Masami Mohri,
  • Toru Nakamura,
  • Masayuki Hashimoto,
  • Shoichi Saito

DOI
https://doi.org/10.1109/ACCESS.2020.3011137
Journal volume & issue
Vol. 8
pp. 135742 – 135757

Abstract

Read online

In Internet of Things ecosystems, where various entities trade data and data analysis results, public key infrastructure plays an important role in establishing trust relationships between these entities to specify who trusts whose private keys. The owner of a private key is provided with a public key certificate issued by a certificate authority (CA) representing a trusted third party. Although this certificate ensures the reliability of the ecosystem by verifying the data source and preventing the denial of trading, it often causes an overconcentration of trust in a particular CA. Consequently, if that CA is infringed, all the related trust relationships become compromised. The paper proposes a distributed authentication infrastructure called Meta-PKI that decentralizes such overconcentration via a cross-certification procedure performed by multiple CAs. Although cross-certification is capable of establishing mutual trust relationships, it does not evaluate the trustworthiness of other CAs in a standardized manner. Therefore, this paper also proposes a new cross-certification method using a distributed ledger technology for building trust relationships based on unified criteria. It also describes the implementation of a Meta-PKI system for Hyperledger Fabric as a proof of concept. Once trust relationships have been established, it takes approximately 65.7 ms to validate them using the proposed system, which is secure against CA takeover and spoofing by outsider attackers.

Keywords