Smart contract assisted blockchain based public key infrastructure system

Public key infrastructure (PKI) is a reliable solution for Internet communication. PKI finds applications in secure email, virtual private network (VPN), e-commerce, e-governance, and so on. It provides a secure mechanism to authenticate users and communications. The conventional PKI system is centralized, which exposes the infrastructure to many security issues. The digital certificate generation and validation processes in PKI suffer from high latency and inadequate authentication processes. Moreover, it needs enormous time and effort to mitigate the malfeasance of the certificate authority (CA). The complexity of employing the traditional key and certificate management increases by enforcing the centralized CA$$ CA $$, which can compromise the transaction security. To overcome the aforementioned issues of PKI, three different solutions have been reported in the literature: Log based PKI (LBPKI), Web of Trust (WoT), and blockchain based PKI. The blockchain based PKI achieves more attention as it is the combination of LBPKI and WoT, which serves distributed trust, log of transactions, and constant sized data to verify the identity of users. Motivated by these facts, this article reports a blockchain-based PKI system which has a lighter smart contract and less storage capacity and is also suitable for lightweight applications. The lighter smart contract in our infrastructure uses a thresholdvalue$$ threshold\kern0.3em value $$, which validates the limit of one participating node for becoming the CA$$ CA $$ of any transaction inside the network. This approach can prevent distributed denial of service (DDoS) attacks. This smart contract also checks the signer node address. The proposed smart contract can prevent seven cyber attacks, such as Denial of Service (DoS), Man in the Middle Attack (MITM), Distributed Denial of Service (DDoS), 51%, Injection attacks, Routing Attack, and Eclipse attack. The Delegated Proof of Stake (DPoS) consensus algorithm used in this model reduces the number of validators for each transaction which makes it suitable for lightweight applications. The timing complexity of key/certificate validation and signature/certificate revocation processes do not depend on the number of transactions. The comparisons of various timing parameters with existing solutions show that the proposed PKI is competitively better.