A Decentralized Public Key Infrastructure for Trust Management in X-Road

Abstract

Today, Public Key Infrastructure with X.509 (PKIX) is the building block for establishing secure connections over the Internet and creating digital signatures. In PKIX, Certificate Authority (CA) is responsible for the creation of certificates and the resolution of certificate statuses. Due to the centralized architecture, CA becomes a single-point-offailure to any network that relies on it to establish trust. By utilizing distributed ledger technology (DLT), decentralized identifiers and verifiable credentials can be verified without intermediates like CAs. They can be used to construct a Decentralized Public Key Infrastructure (DPKI) which eliminates the shortcomings of PKIX. In this thesis, we studied X-Road, a centrally managed distributed data exchange system depending on PKIX, and presented an alternate DPKI architecture that uses DLT-based decentralized identifiers and verifiable credentials to build up trust between information systems. A proof-of-concept was implemented and evaluated. The findings demonstrate that the alternative DPKI architecture enhances the trustworthiness of the data exchange system, particularly in terms of security and reliability.