2019 Summer Mentee Project Update: X.509 Certificate Transparency using Hyperledger Fabric Blockchain

Goal

The 2019 Hyperledger Summer Mentorship program for full-time interns has came to an end. During this program my project was x509 certificate transparency using Hyperledger Fabric. This project aimed at

  • developing the Hyperledger Fabric infrastructure for ensuring SSL certificate transparency using blockchain (a.k.a. CTB)
  • setting up CTB over cloud.
  • making a Firefox extension for browser client application. 
  • benchmarking CTB-assisted SSL/TLS handshake duration.

Project Progress

While working on this project, I focused on feature-driven development and completed one task at a time. Timeline:

  • The project started with the paper provided by my mentors on design and logic behind CTB. Based on the architecture described in the paper, I created the initial version of CTB. 
  • Then I added blockchain explorer to CTB for monitoring transactions and blocks.
  • Next came creating a CA interface and rest API for interacting with CTB.
  • At this point, we were ready to deploy CTB. We started with one server on DigitalOcean.
  • Initially, we had bash scripts for testing query and invocation of the chaincode. Later, we moved to automated testing using Hyperledger Caliper.
  • To match real-world scenarios where CAs would be progressively joining CTB, I worked on addition of new organisation across multiple Docker environments.
  • Next, I created another droplet on DigitalOcean and bootstrapped the process of new CA org (on this server) joining CTB.
  • Then it was on to creating a Firefox extension.
  • Finally, it was time to  issue a self-signed certificate for ctb-testing.ml and another for hfctb.ml signed by letsencrypt on CTB. These are for demonstration purposes.

By the end of this project, different pieces of CTB started coming together. The final architecture of CTB is explained through the below diagram:

Learning

This internship has been an informative and skill-driven learning experience for me. I learned a lot from the Hyperledger community and gained critical experience and expertise in a number of areas, including: 

  • Working with openssl tool and certificates and understanding how PKI works.
  • Hands-on learning of Docker and cloud orchestration while deploying CTB.
  • Understanding the way identities are maintained within Hyperledger Fabric, role of peers and orderers, structure of crypto-config.
  • Writing chaincode and developing application for interaction with Fabric.
  • Using Hyperledger Fabric, blockchain-explorer and Hyperledger Caliper. While I was focused on Fabric, I also looked into Composer.

Future Plans

This project is still in development stage. With more functionalities and scaling, it can be used in production. Some of the tasks that we have in this project’s timeline are:

  • Revocation of certificate improvements: Currently when a certificate is revoked, the browser uses an extension to get status of certificate. A better solution is to directly integrate OCSP or OCSP stapling with CTB.
  • Chrome extension: Currently, Google Chrome does not provide an API to retrieve the SSL information including the domain certificates that the extension needs. Once it is available, we plan to build a Chrome extension too.
  • Scaling: Test different configuration of CTB on bigger network of servers.

For the full details, see my complete project report here.

I will continue to work on CTB in the future (post internship) and be a part of this great community!

Credits

First of all, none of this would not have been possible without my mentors (Mahavir Jhawar and Deva Madala) and other members of the Hyperledger community. Min Yu provided quick response to my queries and regular updates on the internship program. Hyperledger chat and Jira proved to be useful. So, a huge shout-out to them for helping and guiding me when I was clueless on how to proceed. While I was busy coding, my mentor oversaw the direction in which this project was going and pointed changes/additions to me. This kept me busy throughout the summer and helped me complete my project. 

Last, but not the least, I would like to thank my fellow applicants who also worked on developing Hyperledger Fabric, blockchain explorer and Hyperledger Caliper, which can be used in the next iteration of CTB.