Steve Matsumoto, ETH Zurich
From 12.00 until 13.30
At ETH Zurich, CNB/F/110
Universitätstrasse 6, 8092 Zurich
Abstract
Man-in-the-middle attacks in TLS due to compromised CAs have been mitigated by log-based PKI enhancements such as Certificate Transparency. However, these log-based schemes do not offer sufficient incentives to logs and monitors, and do not offer any automatic actions that domains can take in response to CA misbehavior. We propose REACT, an Ethereum-based PKI enhancement that offers automatic responses to CA misbehavior and incentives for those who help detect misbehavior. REACT’s decentralized nature and smart contract system allows open participation, offers incentives for vigilance over CAs, and enables financial recourse against misbehavior. We demonstrate through a financial ROI-based model and through an Ethereum prototype implementation that the incentives and increased deterrence offered by REACT are technically and economically viable.