Application of public ledgers to revocation in distributed access control

From MaRDI portal
Publication:2218993

DOI10.1007/978-3-030-01950-1_48zbMATH Open1458.94219arXiv1608.06592OpenAlexW2963495034MaRDI QIDQ2218993FDOQ2218993


Authors: Yanyan Li Edit this on Wikidata


Publication date: 18 January 2021

Abstract: There has recently been a flood of interest in potential new applications of blockchains, as well as proposals for more generic designs called public ledgers. Most of the novel proposals have been in the financial sector. However, the public ledger is an abstraction that solves several of the fundamental problems in the design of secure distributed systems: global time in the form of a strict linear order of past events, globally consistent and immutable view of the history, and enforcement of some application-specific safety properties. This paper investigates the applications of public ledgers to access control and, more specifically, to group management in distributed systems where entities are represented by their public keys and authorization is encoded into signed certificates. It is particularly difficult to handle negative information, such as revocation of certificates or group membership, in the distributed setting. The linear order of events and global consistency simplify these problems, but the enforcement of internal constraints in the ledger implementation often presents problems. We show that different types of revocation require slightly different properties from the ledger. We compare the requirements with Bitcoin, the best known blockchain, and describe an efficient ledger design for membership revocation that combines ideas from blockchains and from web-PKI monitoring. While we use certificate-based group-membership management as the case study, the same ideas can be applied more widely to rights revocation in distributed systems.


Full work available at URL: https://arxiv.org/abs/1608.06592




Recommendations


zbMATH Keywords

distributed group membership managementledger design for membership revocation


Mathematics Subject Classification ID

Cryptography (94A60) Distributed systems (68M14) Networked control (93B70)



Cited In (4)





This page was built for publication: Application of public ledgers to revocation in distributed access control

Report a bug (only for logged in users!)Click here to report a bug for this page (MaRDI item Q2218993)

Retrieved from "https://portal.mardi4nfdi.de/w/index.php?title=Publication:2218993&oldid=14758897"
Powered by MediaWiki