| In the current network,the establishment of a secure connection largely depends on secure identity authentication.PKI system determines the validity of the identity of the entity through verifying the digital certificate of the entity in the network connection and solves the problem of identity authentication in the network.The PKI system is faced with the following problems:Single CA system depends on the trust of CA,but in the real society,CA is attacked repeatedly,its security cannot be guaranteed,there is the possibility of single point of failure.In the multi-CA synergy scheme,the interest groups represented by each CA are different in scale and service,so malicious behaviors such as free-riding will occur due to the imbalance of CA rights and interests.With the rapid increase of network users,the demand for SSL certificates explodes.In recent years,due to security concerns,the validity period of certificates is constantly shortened,which poses massive certificate management challenges for security operation and maintenance personnel.To solve these problems in PKI system,we design an automated certificate management system based on credit incentive RBI-ACMS,which is composed of multiple CAs to process certificate requests in blockchain system.MSP signature algorithm is used to construct multiple signatures to improve the security of certificate management and avoid CA node single point failure.In RBI-ACMS,we designed consensus and incentive mechanism based on reputation value to solve the problem of CA’s low participation enthusiasm and unbalanced rights and interests distribution,and encourage CA to actively participate in legal behavior.In addition,RBI-ACMS can realize automatic certificate management and solve the difficult problem of SSL/TLS certificate management in combination with the research of distributed ACME protocol while supporting conventional certificate operation. |
PDF Full Text Request