Enhanced TLS Handshake Authentication with Blockchain and Smart Contract (Short Paper)

  • Bingqing Xia
  • Dongyao JiEmail author
  • Gang Yao
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10418)


Transport Layer Security (TLS) is the main standard designed for secure connections over the Internet. Security of TLS connections against active Man-in-the-Middle attacks relies on correctly validating public-key certificates during TLS handshake authentication. Although Certificate Transparency (CT) and further improved CT system—IKP mitigated the certificate authentication issues from the perspective of monitoring CA misbehavior, less attentions have been paid to consider the misbehavior of domain in using certificates during TLS handshake authentication. One misusing case is that domains refuse to use the certificates in Certificate Transparency Log for their own profits, the other is that a malicious domain impersonates the real one to deceive clients. In order to defend against domain’s misbehaviors in using certificates, we propose ETDA system based on IKP and CT aiming to enhance the security of TLS protocol from a novel perspective. ETDA is a blockchain-based system enforcing the automatic punishments in response to domain misbehavior and compensations to the client during TLS handshake authentication. The decentralized nature and incentives mechanism of ETDA provide an effective approach to prevent domains from sending invalid certificates to clients. We implement this system through Ethereum platform and Game Theory, which proved to be both technically and economically feasible.


TLS Handshake Protocol Certificate transparency Ethereum blockchain Smart contract Game Theory 


  1. 1.
    Rescorla, E.: The Transport Layer Security (TLS) Protocol Version 1.3-draft-ietf-tls-tls13-20, April 2017.
  2. 2.
    Laurie, B., Langley, A., Kasper, E. Certificate Transparency, June 2013., IETF RFC 6962
  3. 3.
    Laurie, B., Kasper, E.: Revocation Transparency (2012).
  4. 4.
    Matsumoto, S., Reischuk, R.: IKP: Turning a PKI Around with Blockchains. Cryptology ePrint Archive: Report 2016/1018Google Scholar
  5. 5.
    Aura, T., Nikander, P., Leiwo, J.: DOS-resistant authentication with client puzzles. In: Christianson, B., Malcolm, J.A., Crispo, B., Roe, M. (eds.) Security Protocols 2000. LNCS, vol. 2133, pp. 170–177. Springer, Heidelberg (2001). doi: 10.1007/3-540-44810-1_22 CrossRefGoogle Scholar
  6. 6.
    Luu, L., Chu, D., Olickel, H., Saxena, P., Hober, A.: Making smart contracts smarter. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 254–269, October 2016Google Scholar
  7. 7.
    Bhargavan, K., Lavaud, A., Fournet, C., Pironti, A., Strub, P.: Triple handshakes and cookie cutters: breaking and fixing authentication over TLS. In: IEEE Symposium on Security and Privacy (SP), pp. 98–113 (2014)Google Scholar
  8. 8.
    Nakamoto, S.: Bitcoin: A pee-to-peer electronic cash system (2008)Google Scholar
  9. 9.
    Delmolino, K., Arnett, M., Kosba, A., Miller, A., Shi, E.: Step by step towards creating a safe smart contract: lessons and insights from a cryptocurrency lab. In: Clark, J., Meiklejohn, S., Ryan, P.Y.A., Wallach, D., Brenner, M., Rohloff, K. (eds.) FC 2016. LNCS, vol. 9604, pp. 79–94. Springer, Heidelberg (2016). doi: 10.1007/978-3-662-53357-4_6 CrossRefGoogle Scholar
  10. 10.
    Ethereum Foundation. Ethereum’s white paper (2014).
  11. 11.
    Bonneau, J.: EthIKS: using ethereum to audit a CONIKS key transparency log. In: Clark, J., Meiklejohn, S., Ryan, P.Y.A., Wallach, D., Brenner, M., Rohloff, K. (eds.) FC 2016. LNCS, vol. 9604, pp. 95–105. Springer, Heidelberg (2016). doi: 10.1007/978-3-662-53357-4_7 CrossRefGoogle Scholar
  12. 12.
    Weibull, J.: Evolutionary Game Theory. MIT Press, Cambridge (1995)zbMATHGoogle Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  1. 1.State Key Lab of Information SecurityInstitute of Information Engineering of Chinese Academy of SciencesBeijingChina
  2. 2.School of Cyber SecurityUniversity of Chinese Academy of SciencesBeijingChina

Personalised recommendations