The Foundation of Decentralized
Trust for PKI Infrastructures

A New PKI Model with Certificate Transparency Based on Blockchain

CERTLEDGER
CERTLEDGER

Pain Points of Current PKI Environment

TLS protocol is used as a de facto standard for providing cryptographic services such as authenticity and integrity. Certificates (X.509), which are used during TLS, are issued by Certificate Authorities (CAs). However,

  • CAs are assumed to be ultimately trusted organizations.
  • CAs have the full responsibility to issue a correct certificate to a designated subject.
  • CAs have the full responsibility to revoke a certificate upon request.
Slider Icon

What if CAs are Corrupted?

Trust
  • There are more than 100 CAs trusted in browser certificate stores.
    • Users blindly trust all certificates issued by them.
  • CAs root certificates are delivered within browsers.
    • CAs play a critical role for web security.
Security
  • Some CAs have inability to keep their private keys secure.
  • Some CAs do not have secure processes, and even do not have CP and CPS.
CAs fail to be an ultimate source of trust!
  • Vulnerability against MITM types of attacks.
  • Problems in certificate revocation and validation processes.
  • Necessity of trusted key management in TLS clients (Trusted Key Store).
  • Recent Public Certificate Authority &. Counterfeit Certificate Incidents.
Slider Icon

Recent Incidents

  • Comodo CA, March 2011
    • Attacked RA, 9 fraudulent certificates to mail.google.com, login.skype.com, login.live.com etc.
    • Largely used for intercepting traffic in Iran
  • Dutch CA DigiNotar, July 2011,
    • 531 fraudulent certificates to *.google.com, *.windowsupdate.com, *.mozilla.com etc. Iranian government used them to spy on citizens.
  • 2 Taiwanese CAs compromised, 2011,
    • To sign Stuxnet Malware
  • Turkish CA TurkTrust, Dec 2012.
    • Mistakenly issued a subCA certificate as a TLS certificate. Used for MITM traffic inspection.
  • Lenovo Superfish, 2015,
    • Deployed local CA in notebooks to inject ads to TLS protected sites.
Slider Icon

Why CertLedger?

  • CertLedger is a new PKI architecture
    • to validate, store, and revoke TLS certificates
    • to manage Trusted CA certificates on a public blockchain.
  • Prevents Split-World Attacks (which is still an issue of Chrome Certificate Transparency architecture)
    • By eliminating trust to a single log operator
    • No single entity can control the log
  • Carries out Certificate Validation & More Transparent Revocation
    • Trusted path validation can only be done while adding to the blockchain
    • More transparent revocation process: Revocation status is stored on blockchain
    • Trusted path validation requires Trusted CA Certificate management on blockchain.
  • Preserves privacy
  • Eliminates Trusted Key Store in TLS clients.
    • Trusted path validation requires Trusted CA certificate management on blockchain.
    • Transparency in Trusted CA management
Slider Icon

CertLedger Revenue Stream

The CertLedger platform consists of CertLedger token called "CERT" which is the medium of exchange. The CERT token is required to be bought and spent in order to add/revoke digital certificates on the CertLedger platform. Network participants of CertLedger platform will share entire revenue based on reward schema.

Slider Icon
CERTLEDGER
TECHNOLOGY

Digital certificates issued by Certificate Authorities (CA) are targeting to provide secure authentication on internet for individuals and companies. CertLedger wants to create a new transparent, reliable, and efficient Public Key Infrastructure (PKI) with certificate transparency based on blockchain. In the current trust model, there are a large number of Certificate Authorities (CAs) that sit at the apex of the root of trust and are responsible to issue valid certificates for the designated subject, and users have to trust them. Recent security breaches (e.g., Stuxnet, Comodo, Diginotar, Trustware, Turktrust, Lenovo Superfish, Symantec) show that CAs can be compromised and fake (but valid) certificates can be issued, implying serious security and privacy issues. All of the recently proposed solutions (including the Chrome Certificate Transparency) are still vulnerable to split-world attack where an adversary can perform an impersonation/ man-in-the-middle (MITM) attack to the targeted victims.

CertLedger is well positioned to become a disruptor in the PKI environment by eliminating the monopoly of CAs like Symantec, Comodo, and DigiCert. It is the only blockchain project globally to tackle security and privacy issues with PKI through proven academic research results. CertLedger will handle all TLS certificates' validation, storage, and entire revocation processes, so that any fraudulent certificates will be detected immediately

SECURITY

Security is assured through unique and publicly verifiable public ledger.

Cert Icon

Transparency

Each step of certificate issuance and revocation process is publicly available. All records are verifiable and auditable.

Cert Icon

ISSUANCE & REVOCATION

Only eligible CAs are allowed to issue certificates, only domain owners and CAs can revoke their own certificates.

Cert Icon

Accessıbılıty

Adding or revoking a certificate is accessible by CAs and Domain Owners in order to maintain sovereignty.

Cert Icon

Usabılıty

Anyone can use CertLedger through any browser or any application (including mobile platforms).

Cert Icon

Prıvacy

Certledger provides privacy preserving revocation checking by eliminating the current PKI functionalities CRL/OCSP. Your privacy is completely protected.

Cert Icon
SECURITY
ARCHITECTURE

HOW IT WORKS?

Now we all have a more transparent decentralized model for internet security. Certledger is a PKI architecture to validate, store and revoke TLS certificates and manages Trusted CA certificates on a public blockchain.

THE TEAM
CORE TEAM
Team Member

MEHMET SABIR KİRAZ

CO-FOUNDER

Team Member

MEHMET NİZAMOĞLU

CO-FOUNDER and CEO

Team Member

ÖZER KORAY AKDEMİR

BLOCKCHAIN DEVELOPER

Team Member

HAKAN NİZAMOĞLU

BLOCKCHAIN DEVELOPER

THE TEAM
ADVISOR
Team Member

MURAT YASİN KUBİLAY

RESEARCH

Team Member

RAMAZAN GİRGİN

PKI DEVELOPMENT

Team Member

ASST. PROF. ALPTEKİN KÜPÇÜ

ROADMAP
OUR MILESTONE
UPDATES
RECENT NEWS
Blog Image
MAY 28, 2019
BY CERTLEDGER
IN MEDIUM

A New Landscape for PKI Infrastructure

MAY 28, 2019
BY CERTLEDGER
IN MEDIUM

A New Security Solutionre

MAY 15, 2019
BY CERTLEDGER
IN MEDIUM

Never Trust Certificate Authorities without This Solution

MAY 28, 2018
BY CERTLEDGER
IN MEDIUM

DOWNLOAD WHITEPAPER

A New PKI Model with Certificate Transparency Based on Blockchain