Introduction: Blockchain and Certificate Transparency
Blockchain technology is revolutionizing most of the industries, such as financial services, banking, and real estate, among others. This modern-day cryptography is powerful enough to expose malicious websites that rely on fake SSL certificates. certificate Transparency.
Most of the dubious SSL or TLS certificates are used for man in the middle attacks (MITM) with the intent to cause damage to the websites and harm their business reputation. Certificate transparency is targeted in reducing such SSL certificate threats and protecting users from being tricked by companies issuing such malicious certificates.
See also: 15 Real World Use Cases and Applications of Blockchain Technology
What do you need to know about Certificate Transparency?
Certificate Transparency or CT refers to Internet Security Standard widely used for monitoring and auditing digital certificates while exposing malicious certificates in a specific time frame. A few years ago, Google made CT a requirement for all EV certificates issued after 1st January 2015.
This requirement was extended to all the SSL certificates without which they would not be trusted on Chrome. This framework allows for misused certificates to be detected easily with higher efficiency as compared to the old system, which remains unexposed for weeks or months together.
Domain owners can quickly identify dubious and suspect certificates and take the necessary action to revoke such certificates. The critical components of Certificate Transparency:
1. Certificate Log
The Certificate Log maintains the record of all the SSL certificates which have been issued. The entries cannot be deleted or changed in any way once they have been added to the log.
SSL certificates and pre certificates can be posted to the logs, and as soon as they are received, the log will issue the users with a Signed Certificate Timestamp.
A cryptographic mechanism, Merkle Tree Hash disables users from deleting or modifying the log entries, which is always visible to the public. Signed Certificate Timestamp (SCT) may have to be used by browsers for processing the SSL certificates.
2. Certificate Monitors
Certificate Monitors are used to keeping a check on the logs to see. If there are any inconsistencies in the system and if they are behaving correctly. They keep a check on all log servers and monitor the certificates.
The primary goal of monitors is to ensure if all the certificates are visible in the log, and they have the right extensions. There are many third-party services, including Facebook, which have their Certificate Transparency Monitoring tools.
See also: APPLICATIONS OF BLOCKCHAIN IN IoT
Can blockchain provide the right solution for Certificate Transparency?
Cybercrimes is one of the biggest threats facing the companies today, and as per reports from Cybersecurity Ventures, cybercrime damages will cost a whopping $6 trillion by 2021 to the world. This indicates how much data security and protection is critical for companies with the growing threat of cyber attacks with more online companies relying on data encryption methods using SSL.
Organizations implementing SSL standards along with governing bodies such as CAs follow the stringent process while offering SSL certificates. However, there might be cases of false certificates that might be used to trick users by luring them to share sensitive information and made to believe as if they are dealing with a legal system.
For example-In March 2011, the Comodo CA hack by Iranian hacker resulted in 9 fake certificates. Lenovo Superfish used local CA to inject ads across TLS protected sites.
Blockchain technology may be able to deal with such issues related to SSL certificates by using a decentralized ledger that may be used for the creation of unique cryptographic keys to verify and secure information.
Also, blockchain is remarkable in the sense that it is decentralized, and the transaction records are reliable as they cannot be altered without consensus. Besides, they help to eliminate all the possible points of failure using decentralized PKI.
CertChain uses blockchain technology and is a web certification platform that offers certificate protection, authentication, and fraud protection. It allows you to create your unique crypto signature for issuing certificates, making confirmations across a decentralized blockchain database.
REMME offers innovative blockchain-based identity and access management solutions to its customers for the identification of users and devices using SSL certificates. It works by assigning an SSL certificate to a smartphone device, where the certificate information is stored securely across a secure blockchain database. This eliminates dependency on the password database or the authentication server, which may be prime targets for cyber-attacks.
See also: What is Cyber terrorism? How can we stop it?
Conclusion
Blockchain offers new hope and possibilities ushering in a new era in certificate transparency by solving some of the problems associated with conventional models, including certificate revocation, split world attacks along with certificate management problems.
It offers greater privacy and authentication that allows for greater transparency of all the data and processes across the blockchain. Also, submission, tracking, storage, and control of information becomes convenient and accessible using blockchain certification systems.
Let us know what you think of the ‘Certificate Transparency’ using blockchain in the comment section below.
If you like this post subscribe to our YouTube Channel for IoT video Tutorials. You can also find us on Twitter, Facebook, and Instagram for more updates.
and If you have a smart product or service and looking for a perfect audience then submit a guest post at IoTDunia and get to know in the IoT world.
ABOUT AUTHOR:
Dan Radak
He is a web hosting security professional with ten years of experience. He is currently working with a number of companies in the field of online security, closely collaborating with a couple of e-commerce companies.
