区块链在PKI安全中的应用研究OA北大核心CSTPCD
Research on Application of Blockchain in PKI Security
重应用、轻防御的设计思想致使传输控制协议/网际协议(TCP/IP)体系结构设计之初就缺乏内生安全属性,使得公钥基础设施(PKI)作为实现互联网不同实体之间通信真实性、完整性、机密性和不可抵赖性的安全治理权威架构自提出以来就备受关注,同时PKI自身因其中心化机制带来的单点故障和单一信任等安全威胁也成为近年来研究者关注的热点.随着区块链技术逐渐应用于信息安全领域,利用区块链的去中心化、分布式账本、防篡改、公开透明等特点来解决原生PKI及其演进过程中出现的各类安全问题成为一个研究方向和重点.根据PKI技术的发展及区块链技术的应用,将解决原生PKI安全的方法分为以信任网络(WoT)技术和证书透明度(CT)机制为主的不依赖区块链的解决方案,保留认证机构(CA)核心功能的融入区块链技术的中心化PKI方案,以及用区块链完全替代CA功能的基于区块链的去中心化PKI方案.介绍了原生PKI的安全现状,讨论了分别利用WoT技术和CT机制对原生PKI的安全性进行改造的具体方法,重点分析了融入区块链技术的中心化PKI以及基于区块链的去中心化PKI的设计思想,并分别选择了部分典型应用场景就其实现方法和应用特点进行了有针对性的剖析,对区块链在PKI安全中的应用研究进行了展望.
The design idea of emphasizing application and neglecting defense leads to the lack of endogenous security attributes at the beginning of the design of transmission control protocol/Internet protocol(TCP/IP)architecture.Public key infrastructure(PKI),as an authoritative security governance framework to realize the authenticity,integrity,confidentiality and non-repudiation of communication between different entities on the Internet,has attracted much attention since it was proposed,which has also become the focus of researchers in recent years because of single point of failure and single trust and other security threats caused by the centralized mechanism of PKI.With the gradual application of blockchain technology in the field of information security,it has become a research direction and focus to use the characteristics of decentralization,distributed ledger,tamper-proof,openness and transparency of blockchain to solve various security problems arising in the native PKI and its evolution.According to the appli-cation and development of PKI and blockchain,the methods to solve PKI security are divided into the solutions based on Web of trust(WoT)technology and certificate transparency(CT)mechanism,which do not rely on block-chain,the centralized PKI solutions integrated with blockchain technology,which retain the core function of certifi-cate authority(CA),and the decentralized PKI schemes based on blockchain,which completely replace the CA func-tion with blockchain.Firstly,the security status of the original PKI is introduced,and the methods using WoT tech-nology and CT mechanism to transform the security of the original PKI are discussed respectively.Then,the design ideas of centralized PKI integrated with blockchain technology and decentralized PKI based on blockchain are ana-lyzed.Some typical application scenarios are selected to analyze their implementation methods and application char-acteristics.Finally,the application research of blockchain in PKI security is prospected.
夏玲玲;王群;马卓;梁广俊
江苏警官学院 计算机信息与网络安全系,南京 210031||江苏省电子数据取证分析工程研究中心,南京 210031
计算机与自动化
区块链公钥基础设施网络安全证书管理认证机构
blockchainpublic key infrastructurecybersecuritycertificate managementcertificate authority
《计算机科学与探索》 2024 (010)
2573-2593 / 21
国家自然科学基金(61802155,62272203);江苏省高校优秀科技创新团队项目;公安技术、网络空间安全"十四五"江苏省重点学科项目;公安部科技计划项目(2023JSZ09).This work was supported by the National Natural Science Foundation of China(61802155,62272203),the Project of Excellent Scientific and Technological Innovation Team of Jiangsu Universities,the Key Discipline Projects of Jiangsu Province in the 14th Five-Year Plan:Public Security Technology and Cyberspace Security,and the Science and Technology Project of Ministry of Public Security of China(2023JSZ09).
评论