Digital Certificate Cybercrime Exploitation and Decentralizing using Blockchain (Mahsa Moosavi)
iSpeech
Understanding Digital Certificate Cybercrime Exploitation and Decentralizing the web using Ethereum Blockchain
Internet users have been using HTTPS (HTTP over TLS) to secure their web communications for years. Web servers use this protocol to ensures the server authentication, and to so do, they rely on the public key infrastructure (PKI) which uses a system of trusted third parties (TTPs) called the certificate authorities (CAs). Many cybercriminal exploitations and attacks on the CAs have been reported during the past years, representing major security drawbacks within the PKI. These attacks have each led to significant data leakages in the entire web. This is while there has been little quantitative analysis of the certificate authorities (CAs) and how they establish domain names validation. Thus, In this research study we take a complete look at the PKI and web certificate authorities and then implement an Ethereum-based system which can be used instead of the current centralized web PKI. We first perform a thorough empirical study on the CA ecosystem and evaluate the security issues with the domain verification techniques. We find out that a central problem with the certificate model is that CAs resort to indirection to issue certificate because they are not directly authoritative over who owns what domain. Therefore, we design and implement a new and useful paradigm for thinking about who is actually authoritative over PKI information in the web certificate model. We then consider what smart contracts could add to the web certificate model, if we move beyond using a blockchain as passive, immutable (subject to consensus) store of data. To illustrate the potential, we develop and experiment with an Ethereum-based web certificate model we call Ghazal, discuss different design decisions, and analyze deployment costs.
Biography
I’m a blockchain and security engineer/ PhD student at the Concordia University. With a demonstrated history of working in the information systems security, Im skilled in SSL Certificates, Bitcoin, Ethereum, Solidity, Blockchain and Fin-tech. I have Strong research professional with a Master’s Degree focused in information systems engineering from Concordia University. Currently I’m a summer intern at the Autorité des marchés financiers, Quebec’s regulator, working on decentralizing the exchange systems in Quebec.
source
0 Responses to Digital Certificate Cybercrime Exploitation and Decentralizing using Blockchain (Mahsa Moosavi)