AuthLedger: A Novel Blockchain-based Domain Name Authentication Scheme

Abstract

Nowadays public key infrastructure authentication mainly rely on certificate authorities and have to be trusted by both domain operators and domain owners. Domain Name System Security Extensions (DNSSEC) using DNS-based Authentication Name Entities (DANE) DNS records types, offer additional security for authenticating data and integrity to domain name system (DNS). This method allow client via signed statements to specify which CAs are authorized to represent certificate of. domain. Another method is Certificate Authority Authorizations (CAA) developed by Internet Engineering Task Force (IETF) to provide security guarantee against rogue certificate authorities that offer fake certificate for the domain. However, all of these approaches are prone to single point of failure due to their trust attached to infrastructure like Internet Corporation for Assigned Names and Numbers (ICANN). In order to weaken the level of trust to the CAs over certificates, it is necessary to balance the distribution rights among the entities and improve the control of certificate issuance for the certificate owners. Recently with the emergence of Blockchain,. public and distributed ledger, several applications appeared taking advantage of this powerful technology. In this paper, we present an AuthLedger. domain authentication scheme based on blockchain technology. The proposed scheme is multi-fold. First, we proposed. domain authentication scheme to reduce the level of trust in CAs. second, we implement our system using Ethereum smart contract. Third, we evaluate security and performance of the proposed system.