Blog
About

  • Record: found
  • Abstract: found
  • Article: found
Is Open Access

Application of Public Ledgers to Revocation in Distributed Access Control

Preprint

Read this article at

Bookmark
      There is no author summary for this article yet. Authors can add summaries to their articles on ScienceOpen to make them more accessible to a non-specialist audience.

      Abstract

      There has recently been a flood of interest in potential new applications of blockchains, as well as proposals for more generic designs called public ledgers. Most of the novel proposals have been in the financial sector. However, the public ledger is an abstraction that solves several of the fundamental problems in the design of secure distributed systems: global time in the form of a strict linear order of past events, globally consistent and immutable view of the history, and enforcement of some application-specific safety properties. This paper investigates the applications of public ledgers to access control and, more specifically, to group management in distributed systems where entities are represented by their public keys and authorization is encoded into signed certificates. It is particularly difficult to handle negative information, such as revocation of certificates or group membership, in the distributed setting. The linear order of events and global consistency simplify these problems, but the enforcement of internal constraints in the ledger implementation often presents problems. We show that different types of revocation require slightly different properties from the ledger. We compare the requirements with Bitcoin, the best known blockchain, and describe an efficient ledger design for membership revocation that combines ideas from blockchains and from web-PKI monitoring. While we use certificate-based group-membership management as the case study, the same ideas can be applied more widely to rights revocation in distributed systems.

      Related collections

      Most cited references 4

      • Record: found
      • Abstract: not found
      • Article: not found

      Sequential consistency versus linearizability

        Bookmark
        • Record: found
        • Abstract: not found
        • Article: not found

        Protection

          Bookmark
          • Record: found
          • Abstract: not found
          • Article: not found

          Accountable key infrastructure (AKI)

            Bookmark

            Author and article information

            Journal
            2016-08-23
            1608.06592

            http://arxiv.org/licenses/nonexclusive-distrib/1.0/

            Custom metadata
            cs.CR

            Security & Cryptology

            Comments

            Comment on this article