A Decentralized Public Key Infrastructure for Trust Management in X-Road

Kin Long Leung
Today, Public Key Infrastructure with X.509 (PKIX) is the building block for establishing secure connections over the Internet and creating digital signatures. In PKIX, Certificate Authority (CA) is responsible for the creation of certificates and the resolution of certificate statuses. Due to the centralized architecture, CA becomes a single-point-of-failure to any network that relies on it to establish trust. By utilizing distributed ledger technology (DLT), decentralized identifiers and verifiable credentials can be verified without intermediates like CAs. They can be used to construct a Decentralized Public Key Infrastructure (DPKI) which eliminates the shortcomings of PKIX. In this thesis, we studied X-Road, a centrally managed distributed data exchange system depending on PKIX, and presented an alternate DPKI architecture that uses DLT-based decentralized identifiers and verifiable credentials to build up trust between information systems. A proof-of-concept was implemented and evaluated. The findings demonstrate that the alternative DPKI architecture enhances the trustworthiness of the data exchange system, particularly in terms of security and reliability.

Funded by the European Union under Grant Agreement No. 101087529. Views and opinions expressed are however those of the author(s) only and do not necessarily reflect those of the European Union or European Research Executive Agency. Neither the European Union nor the granting authority can be held responsible for them.
Graduation Thesis language
Graduation Thesis type
Master - Software Engineering
Mariia Bakhtina, Ahmed Awad, Raimundas Matulevičius
Defence year