We wanted to use blockchain technology as a way to remove unnecessary third parties. After a member learned about TLS and certificate authorities in a cyber security class, the connection was made.
What it does
CertChain holds companies' certificate information and provides an interface for the browser to verify the certificate. This cuts out the need for a certificate authority's signature, as the blockchain technology provides a man-in-the-middle proof way to verify a certificate.
How We built it
Our implementation is split into three parts:
This provides a key/value store type layer of abstraction on top of the blockchain. This allows us to insert and get values as if the blockchain was just a database.
This is a tool that generates the required certificates, places the what is needed on the blockchain, and downloads a certificate for the user to place on their server.
Due to the limitations of current browser security (discussed more below), we were forced to work within the certificate authority system. This piece periodically syncs the certificates with the trusted certificates in the browser (currently Firefox). This is the part that in a full implementation, we would like to see be swapped out for a simple key check.
Challenges We ran into
NEO has sparse documentation, and we encountered challenges in accessing the API. Their custom build of Python (neo-python) lacked functionality common to regular Python (i.e.: appending to lists). We also did not have any experience deploying to or working with blockchains.
- Existing Browser Security
- Updating Firefox's Local Certificate Authority Database
Firefox stores its local certificate authority database in a user's local app data in a database file. The most supported way of reading from and writing to this database file is to use certutil. However, Firefox 58's certificate settings did not seem to match up with the database file; we were able to manually use Firefox's UI to add certificates, but updating the database file seemed to have no effect. In order to get something working, we used Firefox 48 instead, which did not seem to have this bug.
Accomplishments that we're proud of
-We managed to setup and interface with a private blockchain. -We managed to create a user-friendly interface to generate and deploy keys. -We managed to work with the security constraints that modern browsers impose on us. -We managed to deploy and integrate this group of applications efficiently.
What we learned
-We learned more about how blockchain operates. -We learned a lot about how certificates are distributed as well as how to generate and sign our own with OpenSSL.
What's next for CertChain
As CertChain is meant as a proof of concept, we would like to see an open source community take over and provide a more thorough analysis to using block chain as a