Decentralized PKI based on blockchain

In the last years, role of technology is becoming more and more important, and an increasing number of IoT (Internet of Things) devices are spread all over the world. The presence of this large number of devices creates an IT security problem, thus communication between them traditionally occurs through the use of asymmetric cryptography, whose keys are distributed by means of a Public Key Infrastructure (PKI). However, traditional PKIs have some downsides as they are defined by a centralized structure, which intrinsically leads to single-point-of-failures and complex revocation mechanisms. The purpose of this thesis is therefore to create a Proof of Concept of a Public Key Infrastructure that is no longer centralized, but distributed by means of the innovative blockchain technology. The project was carried out with the collaboration of a cybersecurity team of Security Reply S.r.l., by starting from scouting the state-of-the-art of PKI and blockchain and, in particular, from the research carried out by M. Toorani and C. Gehrmann at the Swedish Lund University, who proposed a general model to create a distributed PKI based on blockchain. The developed and described framework has been designed for a set of nodes that could represent IoT devices, vehicles using V2X (Vehicle to Everything) technology or elements of a smart city. It demonstrates how a decentralized structure can offer advanced security, as it eliminates the weakness of single point of failure and avoids the issuance of fraudulent certificates by centralized Certificate Authorities (CAs). The proposed model has been built following Web of Trust concepts and integrating Hardware Secure Module devices as Roots of Trust.