Browsing by Author "Hyötyläinen, Annamaria"

Security of web communication is crucial. When accessing an online bank, for example, one of the key issues is that the user can be assured they are communicating with the bank as they intended to. This assurance is achieved with the public key infrastructure for the Web, Web PKI. Its purpose is to manage digital certificates on the Web. Certificates are used to prove one’s identity with the help of public-key cryptography. Certificate authorities and software vendors that operate certificate root stores have key roles in the Web PKI. The first issue certificates and the latter choose which CAs are trusted. The Web PKI has multiple challenges and it is a highly researched topic. Numerous countermeasures and enhancements to the Web PKI have been developed over the years. This thesis investigates challenges in the Web PKI and proposed countermeasures, some of which are based on blockchain technology. Of the non-blockchain-based solutions, we introduce Certificate Transparency, CAA and DANE. Of the blockchain-based solutions, CertLedger, IKP and a solution for decentralising ACME protocol are described. We find that the challenges are mainly related to certificate authorities, revocation and root stores. From the numerous solutions, Certificate Transparency and CAA are utilised in the Web PKI. Shortening the validity period of certificates can resolve some of the challenges. Blockchain-based solutions are numerous but none has yet seen wide deployment.