Decentralized PKI Framework for Data Integrity in Spatial Crowdsourcing Drone Services

Junaid Akram1, Ali Anaissi12 1School of Computer Science, The University of Sydney, Camperdown NSW 2008, Australia
2TD School, University of Technology Sydney, Ultimo NSW 2007, Australia
Email: jakr7229@uni.sydney.edu.au, ali.anaissi@sydney.edu.au

Abstract

In the domain of spatial crowdsourcing drone services, which includes tasks like delivery, surveillance, and data collection, secure communication is paramount. The Public Key Infrastructure (PKI) ensures this by providing a system for digital certificates that authenticate the identities of entities involved, securing data and command transmissions between drones and their operators. However, the centralized trust model of traditional PKI, dependent on Certificate Authorities (CAs), presents a vulnerability due to its single point of failure, risking security breaches. To counteract this, the paper presents D2XChain, a blockchain-based PKI framework designed for the Internet of Drone Things (IoDT). By decentralizing the CA infrastructure, D2XChain eliminates this single point of failure, thereby enhancing the security and reliability of drone communications. Fully compatible with the X.509 standard, it integrates seamlessly with existing PKI systems, supporting all key operations such as certificate registration, validation, verification, and revocation in a distributed manner. This innovative approach not only strengthens the defense of drone services against various security threats but also showcases its practical application through deployment on a private Ethereum testbed, representing a significant advancement in addressing the unique security challenges of drone-based services and ensuring their trustworthy operation in critical tasks.

Index Terms:

Data Integrity, Decentralized Trust, Public Key Infrastructure, Spatial Crowdsourcing, Certificate Authority

I Introduction

In the contemporary digital era, the fusion of spatial crowdsourcing with the Internet of Drone Things (IoDT)[1, 2] marks a transformative approach to environmental monitoring[3, 4], specifically in the context of Australian bushfire management[5]. This innovative strategy employs drones and unmanned ground vehicles (UGVs), transcending traditional human-operated spatial crowdsourcing by offering expansive and real-time data collection in areas that are typically hazardous or unreachable.

Equipped with advanced communication technologies like WiFi/5G, drones and UGVs extend the capabilities of spatial crowdsourcing significantly. They excel in collecting vital sensory data from Points-of-Interest (PoIs), such as CCTV cameras and alarm sensors, covering larger areas with greater efficiency than human counterparts. To optimize data transmission and ensure high quality-of-service (QoS), the integration of the air-ground non-orthogonal multiple access (AG-NOMA) technique is proposed[6, 7]. In this system, drones are pivotal in gathering uplink data and subsequently relaying it to UGVs. These UGVs serve a dual role: as mobile base stations for data decoding and as collectors of additional data from PoIs.

The application of IoDT, especially drones, in managing Australian bushfires, is not just about enhanced data collection[8, 9]. It represents the creation of a dynamic, real-time response system capable of adapting to the rapidly changing conditions of bushfires. Drones quickly detect and monitor bushfire developments, relaying critical information to UGVs and command centers, facilitating timely and effective decision-making and resource deployment.

Given the critical nature of the data involved in such emergency responses, ensuring its security and integrity is of utmost importance. Traditional digital security methods, centered around protocols like Transport Layer Security (TLS)[10] and PKI[11], have exhibited certain vulnerabilities[12, 13, 14], as evidenced by breaches in entities like DigiNotar, StartCom, Comodo, and GoDaddy [15, 16, 17], exposing risks in centralized PKI. To address these concerns, we introduce D2XChain, a novel decentralized PKI framework specifically designed for IoDT. Incorporating blockchain technology, D2XChain distributes trust among Certificate Authorities (CAs), thereby reducing the single-point failure risks inherent in traditional PKI systems and enhancing the security of data transmission within the IoDT network[18, 19, 20].

D2XChain revolutionizes certificate management in the IoDT sphere, particularly for drone operations. It employs a unique consensus protocol, Proof-of-Service (PoSv), crafted for CA operations within IoDT networks. This approach not only fortifies the transmission and storage of data but also comprehensively manages all X.509 certificate tasks—registration, validation, revocation, and verification[21, 22, 23, 24, 25, 26]. By aligning with existing PKI standards, D2XChain ensures adaptability and robust security for diverse IoDT applications, including the critical function of monitoring and managing bushfires in Australia.

This integration of spatial crowdsourcing, IoDT, and secure data frameworks like D2XChain exemplifies how advanced technology can be harnessed to confront and manage environmental challenges. It highlights the potential of modern technological solutions in protecting natural landscapes and effectively responding to the increasing frequency and severity of bushfires in Australia.

In summary, our contributions are as follows:

•

We introduce D2XChain, a resilient blockchain-based PKI framework that decentralizes trust management for the IoDT, supported by a network of CA nodes.
•

We introduce PoSv, an innovative consensus mechanism that D2XChain utilizes to facilitate all fundamental X.509 PKI operations within the IoDT sphere.
•

D2XChain guarantees full adherence to the X.509 standard, managing certificates in their native format to ensure seamless integration with extant PKI systems.
•

We conduct an exhaustive security analysis of D2XChain, evaluating it against the CIA triad—confidentiality, integrity, and availability—and perform a detailed threat analysis to mitigate PKI-related security challenges. The cryptographic rigor of our Drone Operator validation process is formally verified using the Verifpal tool.
•

A meticulous security audit of the D2XChain smart contracts is carried out to affirm the framework’s defenses against potential vulnerabilities.
•

The performance of D2XChain is thoroughly assessed, with a focus on scalability, latency, throughput, and operational costs. We deploy D2XChain on a private Ethereum testbed, simulating various IoDT service scenarios to demonstrate its practicality and effectiveness.

This paper outlines the D2XChain framework, starting with PKI fundamentals and security issues in Section II, introducing D2XChain’s design and architecture in Section III, detailing its operations in Section IV, evaluating resilience and performance in Section VI, and concluding with reflections and future directions in Section VII.

II Related Work

In the evolving landscape of PKI, researchers and developers are continually seeking solutions to enhance the system’s security, trust, and efficiency. The focus has significantly shifted towards decentralizing the authority of CAs, incorporating logging mechanisms for transparent certificate verification, and leveraging blockchain technology for its immutability and distributed nature.

In the realm of CA-based trust models, innovations like the Web of Trust (WOT) have decentralized the trust by allowing network entities to authenticate each other, reducing the reliance on centralized CAs. ARPKI [27] extends this concept by necessitating the joint action of multiple CAs for certificate signing, thus heightening security at the expense of efficiency and increasing vulnerability to Denial of Service (DoS) attacks. Toorani et al. [28] introduced a blockchain-based PKI model, DBPKI, which eliminates traditional CA structures in favor of a decentralized approach using PKI nodes for key registration and revocation, supported by the Practical Byzantine Fault Tolerance (PBFT) protocol for consensus. Similarly, SCPKI [29] combines WOT with smart contracts, allowing entities to authenticate or endorse identity attributes via Ethereum addresses, bypassing traditional CA issuance processes.

Log-based PKI systems, exemplified by Google’s Certificate Transparency (CT) [30], employ immutable, append-only public ledgers to record certificate operations, ensuring validity through public log verification. This model aims for openness in CA certificate issuance, with systems like ARPKI, AKI [31], PoliCert [32], and CIRT [33] building upon CT’s framework to enhance system integrity and traceability. However, these systems face challenges such as the centralization of log storage and the susceptibility to split-world attacks, where attackers present falsified versions of the log.

Blockchain-based PKI systems have emerged as a promising alternative, leveraging the decentralization and immutability of blockchain to address traditional PKI’s limitations. Systems like CertCoin [34] and BlockStack [35] base their PKI on Namecoin, linking users’ public keys to their identities on the blockchain. However, these solutions primarily focus on DNS architecture, leaving broader PKI aspects less addressed. PB-PKI [36] adds privacy considerations, crucial for applications in the Internet of Things (IoT) and the Internet of Vehicles (IoV). Cecoin [37], a distributed certificate scheme inspired by Bitcoin, and CertChain [38], a publicly auditable blockchain-based TLS model, represent further advancements, though they also encounter challenges like managing certificate revocation and privacy concerns.

To address the scalability and efficiency challenges in blockchain-based PKI, researchers are exploring more efficient storage solutions and scalable blockchain architectures. The integration of off-chain storage mechanisms for certificate data and advancements in consensus mechanisms are among the solutions considered to reduce blockchain size and enhance performance.

The InterPlanetary File System (IPFS) has also been explored for certificate storage in PKI systems, offering a decentralized approach to improve privacy and cross-domain authentication. Systems like XAuth [39] and SCPKI use IPFS to store attribute data securely, while blockchain-based identity management and authentication architectures for VANETs utilize IPFS for direct certificate retrieval. However, these IPFS-based systems still face challenges in protecting the privacy of issuing CAs and preventing the distribution of certificates by dishonest CAs.

As the PKI landscape continues to evolve, the integration of blockchain technology, decentralized storage solutions like IPFS, and innovative trust models promise to address the existing challenges while introducing new opportunities for secure and efficient digital certificate management.

Notwithstanding these advancements, the current IPFS certificate storage systems fall short in protecting the issuing CAs’ privacy. This error exposes them to focused attacks and does not stop dishonest CAs from distributing certificates in the network incorrectly.

III D2XChain: A Blockchain-based PKI Framework for IoDT

This section outlines D2XChain’s design objectives, system and adversary models, and operational components.

III-A Design Goals

D2XChain aims to create a robust, decentralized PKI framework for IoDT, compliant with the X.509 standard. Its design goals are:

•

X.509 Compatibility: Ensuring all key PKI functions for IoDT, leveraging blockchain for certificate management.
•

Decentralized Trust: Distributing trust to avoid single points of failure and enhancing overall security.
•

MITM Attack Mitigation: Implementing stringent security protocols during certificate validation.
•

Automation: Utilizing smart contracts and consensus protocols for automated certificate lifecycle management.
•

Transparency: Maintaining a transparent and immutable record of certificate histories.

III-B System Model

D2XChain integrates blockchain’s architectural and consensus features for IoDT PKI, comprising four main operations:

•

Registration: Requesting new certificates for IoDT network entities.
•

Validation: Verifying certificate requests to ensure legitimacy and origin.
•

Revocation: Invalidating certificates upon security compromise or end of service.
•

Verification: Ensuring certificates are valid, unexpired, and unrevoked.

III-B1 D2XChain Entities

D2XChain includes three main entities, each integral to the IoDT ecosystem:

•

Drone Operators: Registered members managing drones and associated TLS certificates, with unique key pairs.
•

Service Validators: Nodes responsible for maintaining the blockchain ledger state and validating service requests.
•

IoDT Users: Individuals interacting with drone services, involved in verifying communication security.

III-B2 D2XChain Transactions

D2XChain enables operations like certificate requests (CRTs) through transactions, including initial registration and revocation requests. Transactions comprise a header, indicating the transaction type (CRT initial or CRT revoke), and a body containing the drone’s details. Validated transactions are added as blocks to the D2XChain, each block holding a single transaction for clear drone certificate status recording.

III-B3 D2XChain Components

Key components of D2XChain in the IoDT ecosystem are:

•

Pending Transactions Pool: Holds unvalidated transactions from drone operators.
•

D2XChain Ledger: Stores validated transactions as blocks in chronological order, maintaining two states: global (all drone certificates) and individual (each drone).
•

D2XChain Client Plugin: Integrated into the drone operator’s interface for certificate verification, ensuring real-time ledger connectivity.

III-B4 Adversary Model

The adversary model for D2XChain considers potential threats like malicious service validators and MITM attacks. It relies on a sufficient number of trustworthy validators adhering to the consensus protocol, ensuring system integrity despite potential risks from various participants, including drone operators and end-users.

IV D2XChain Architecture

This section describes D2XChain’s operational mechanics, covering the interplay between its operations, components, entities, and transactions, and the process of transforming transactions into blocks within the IoDT context.

IV-A D2XChain Workflow

As illustrated in Figure 1, D2XChain’s workflow involves a drone operator initiating a certificate request (CRT), processed by service validators and placed in the pending transactions pool. Validators authenticate transactions and add them to the D2XChain ledger as blocks upon majority approval. Transaction types include CRT initial (certificate issuance) and CRT revoke (certificate annulment). Validators receive rewards for their contribution, while the D2XChain client plugin verifies certificate validity during initial communications.

Refer to caption — Figure 1: D2XChain Workflow: a structured approach for D2XChain components, entities, and operations to communicate with one other inside the IoDT.

IV-B Blocks in D2XChain Ledger

A ratified transaction becomes a block in the D2XChain ledger upon consensus among service validators. This subsection explores the block structure and the D2XChain ledger’s design principles, emphasizing transparency, immutability, and traceability. Modifications in drone services are swiftly shared and traceable. Each D2XChain block consists of three parts: header, body, and a footer with validator signatures, ensuring secure and transparent record-keeping of drone service changes.

D2XChain blocks are composed of three sections: Header, Body, and Footer, each serving specific functions.

1.

Header: Integrates unique block identifiers in the D2XChain ledger, with fields for Serial Number, CRT Type, Global State (linking all drone services via hash pointers), and Service-Specific State (maintaining a chronological chain for each drone service).
2.

Body: Houses service-related data, including Drone Name, Public Key of the Drone Operator, Signature of the Drone Operator, and the Expiry Date of the certificate.
3.

Footer: Contains the Multi-Signature of service validators, signifying their consensus on the block’s validity.

The multi-signature block, denoted as $\psi_{i}$ , is authenticated by $n-1$ service validators, as expressed in Equation 1.

\psi_{i}\equiv Tx(C_{1}(sig_{1})+C_{2}(sig_{2})+\ldots+C_{n-1}(sig_{n-1}))

(1)

In addition, Figure 2 shows how blocks are arranged inside the D2XChain ledger.

V D2XChain and PKI Functionalities

The four main functions of D2XChain—registration, validation, revocation, and verification—are examined in this section. They are all framed under the PoSv model. PoSv is essential for upholding the integrity of PKI functioning and verifying the choice of service validators, as well as providing a means of compensation for their sincere involvement.

V-A Registration and Validation of Service Certificates

A Drone Operator initiates a certificate request via a CRT initial transaction for their IoDT service. The service validators perform independent sanity checks to authenticate these transactions, ensuring the integrity and legitimacy of the PKI functionalities within D2XChain.

Algorithm 1 Registration and Validation of Service Certificate

Input: CSR Hash, drone Name (DN), UserID

Output: Certificate issued to Drone Operator and transaction is added in D2XChain Ledger

Procedure Registration and Validation

T_{x}

= CreateTx(DN,CSR)

h_{1}\leftarrow

hash (

SV_{\text{pk}}+Tx

)

T\leftarrow\text{Sign}_{\text{SK}}^{\text{SV}}(h_{1})

\text{DO}\leftarrow\text{T}

T_{0}\leftarrow\text{Sign}_{\text{SK}}^{\text{DO}}(T)

PlaceToken

(T_{0})

T_{1},status\leftarrow

RetrieveToken()

if status == 1 then

Success, continue

T_{2}\leftarrow\text{Decrypt}_{\text{PK}}^{\text{DO}}(T_{1})

T_{2}

equals

T

then

Success, continue

\text{Sign}_{\text{Tx}}\leftarrow\text{Sign}_{\text{SK}}^{\text{SV}}(T_{x}).

Propose (

\text{Sign}_{\text{Tx}}

)

D2XChain employs a series of steps to validate certificate requests by Drone Operators:

1.

Key Verification: Confirms the match between the Drone Operator’s public key and signature, verifying private key possession.
2.

Domain Existence Check: Ensures the drone’s public key is not already present in the D2XChain ledger to avoid impersonation.
3.

Drone Operator Verification: Requires a signed token ‘ $t_{0}$ ‘ placed on the DNS to authenticate the Drone Operator’s legitimacy.

$t_{0}\equiv\text{Sign}_{\text{SK}}^{\text{SV}}\left(\text{hash}\left(\text{Tx}+SV_{\text{pk}}\right)\right)$ (2)
4.

Token Placement and Retrieval: Involves the Drone Operator signing and placing the token, and the service validator retrieving and validating it.

$\phi_{0}\equiv\text{Sign}_{\text{SK}}^{\text{DO}}(t_{0})$ (3)

Successful completion of these checks leads to the validation of the transaction by the service validator. The detailed process is outlined in Algorithm 1 and Figure 3.

D2XChain’s revocation process involves several steps to ensure the authenticity and integrity of the revocation request:

1.

Key Verification: Checks the alignment of the public key and signature to affirm the Drone Operator’s control over the corresponding private key.
2.

Drone Existence Check: Confirms the presence of the drone-public key binding in the ledger, which is essential for a revocation request.
3.

Revoke Request Validation: The Drone Operator generates a token combining the hash of the last transaction for the drone, the current request, and their public key.

$t_{1}\equiv\text{hash}\left(Tx_{\text{prev}}^{d}+Tx_{\text{cur}}^{d}+DO_{\text{pk}}\right)$ (4)
4.

Token Placement and Validation: The Drone Operator signs and places the token on the IoDT platform, after which the service validator retrieves and validates it.

$\phi_{1}\equiv\text{Sign}_{\text{SK}}^{\text{DO}}(t_{1})$ (5)
5.

Upon successful completion of these steps, the service validator officially endorses the revocation transaction.

The detailed procedure for token generation, placement, and validation is elaborated in Algorithm 2.

Algorithm 2 Revocation of Service Certificate

Input: Previous Transaction Hash, Current Transaction, drone Name (DN), UserID

Output: Certificate revocation and transaction update in D2XChain Ledger

Procedure Revocation of Certificate

T_{x}

= CreateTx(DN,UserID)

h_{2}\leftarrow

hash (

Tx_{\text{prev}}^{d}+Tx_{\text{cur}}^{d}+DO_{\text{pk}}

)

T\leftarrow\text{Sign}_{\text{SK}}^{\text{DO}}(h_{2})

PlaceToken

(T)

T_{1},status\leftarrow

RetrieveToken()

if status == 1 then

Success, continue

h_{3}\leftarrow

hash (

Tx_{\text{prev}}^{d}+Tx_{\text{cur}}^{d}+DO_{\text{pk}}

)

h_{3}

equals

T_{1}

then

Success, continue

\text{Sign}_{\text{Tx}}\leftarrow\text{Sign}_{\text{SK}}^{\text{SV}}(T_{x}).

Propose (

\text{Sign}_{\text{Tx}}

)

All Service Validators in the IoDT framework follow the same protocol to validate revocation requests. A consensus of more than 50% of SVs leads to the appending of a CRT revoke block to the D2XChain ledger, invalidating the certificate within IoDT. These protocols operate within a specialized Ethereum network sandbox tailored for IoDT services.

V-B Verification of Certificate

Certificate verification in D2XChain is managed by a client plugin within the IoDT ecosystem. It checks the validity of certificates against a synchronized storage array in the plugin, aligning with the D2XChain ledger:

•

A value of true indicates an active, valid certificate, as seen with ” $Drone_{1}$ ” in Fig. 4.
•

A value of false signifies an unregistered, revoked, or expired certificate, exemplified by ” $Drone_{2}$ ” in Fig. 4.

This verification mechanism is pivotal for ensuring trusted and secure communication within the IoDT, allowing for the quick identification and invalidation of compromised or outdated certificates.

V-C Service Validator Selection and Incentivization

To enhance integrity in the IoDT framework, an incentive mechanism is introduced for Service Validators. Drone Operators (DOs) pay fees for certificate operations, which are then distributed to SVs as a reward for their validation efforts, promoting system integrity. The specifics of fee allocation are outside this paper’s scope.

D2XChain addresses the risk of centralized trust in conventional PKI by employing a decentralized consortium of SVs. The system’s trust relies on the majority of SVs being honest, reducing the risk associated with single CA compromises. The framework suggests enlisting established root CAs as SVs and adjusting their number for optimal scalability and performance. Details on SV registration and miner certificate issuance are reserved for future studies.

VI Evaluation and Discussion

We now assess the D2XChain framework against its security objectives and adversarial model, alongside a performance analysis within the IoDT context.

VI-A Security Assessment

D2XChain’s security is evaluated against the CIA triad model [40], focusing on confidentiality, integrity, and availability in the IoDT ecosystem. Detailed discussions of these security aspects will follow in subsequent subsections.

D2XChain’s security within the IoDT framework focuses on confidentiality, integrity, and availability:

•

Confidentiality: Ensured through asymmetric cryptography between SVs and DOs, with the safeguarding of private keys off-chain and transaction validation without knowledge of peers’ actions.
•

Integrity: Maintained in SV-DO communication via signed tokens in DNS records and accountable SVs under the consensus mechanism, compatible with both secure and traditional DNS implementations.
•

Availability: High availability achieved through a distributed ledger resistant to DoS attacks, bolstered by the geographical dispersion and redundancy of SV nodes.

VI-B Formal Modeling and Verification for IoDT

The cryptographic properties of D2XChain for IoDT were formally verified using Verifpal [41]. The detailed Verifpal model for certificate issuance is given in Figure 5. The tool’s proficiency in analyzing complex protocols and assessing post-compromise scenarios is particularly effective in the IoDT context. Verifpal’s symbolic formal verification approach ensures security in communication sequences between SVs and DOs, with a focus on confidentiality and authentication. The comprehensive model and verification process is depicted in Figure 8.

VI-B1 Modeling for IoDT

In formalizing the D2XChain service registration and Drone Operator verification for IoDT, several assumptions were made:

•

Both the Drone Operator (DO) and Service Validator (SV) are aware of each other’s public keys before service request initiation.
•

A mock service request, akin to a CSR in traditional PKI systems, is generated within Verifpal to represent an actual service request.
•

Token exchange between DO and SV is simplified to just signing and verification steps, assuming successful placement on the website or DNS records.
•

The model focuses on the cryptographic interactions between a single SV and a DO, abstracting from the blockchain’s consensus mechanism among multiple SVs.

The DO initiates the process with a signed service request, assuming successful token placement on the drone’s infrastructure. The focus is on cryptographic operations rather than the actual mechanics of the blockchain system.

Figure 5: Verifpal model for certificate issuance.

principal Drone_Owner[
    generates csr
    generates dronename
    certreq = CONCAT(csr, dronename)
    encreq = PKE_ENC(gb, certreq)
    signature = SIGN(a, encreq)
]

The process of handling requests by Service Validators in D2XChain is as follows:

1.

The Service Validator receives an encrypted request and signature from the Drone Operator.
2.

The Validator verifies the signature and decrypts the request.
3.

The Validator creates a token (’tokentx’) and appends its public key to it after a successful verification.
4.

The encrypted token, along with the Validator’s signature, is then sent back to the Drone Operator.

This process ensures secure communication and authentication between the Service Validator and the Drone Operator in the D2XChain framework.

principal Service_Validator[
    vrf = SIGNVERIF(ga, encreq, signature)?
    d = PKE_DEC(b, encreq)
    generates tokentx
    token = CONCAT(gb, tokentx)
    enctoken = PKE_ENC(ga, token)
    tokensig = SIGN(b, enctoken)
]

The process of token verification and certificate publication in D2XChain is outlined as follows:

1.

The Service Validator receives a signed token from the Drone Operator.
2.

The Validator compares the sent token with the received one to verify their identity.
3.

Upon successful verification, the Validator signs the certificate.
4.

The signed certificate is then published to the blockchain, completing the process.

This sequence ensures the authenticity of the Drone Operator and facilitates the secure and validated publication of certificates in the D2XChain network.

principal Service_Validator[
    verify = SIGNVERIF(ga, enctokendo,
                sigtokendo)
    initialtoken = PKE_DEC(b, enctokendo)
    _ = ASSERT(initialtoken, enctoken)
]

VI-B2 Analysis and verification

The security analysis using Verifpal for token exchange in D2XChain is summarized as follows:

1.

Verifpal is used to verify the confidentiality and authenticity of the token shared between Service Validators and Drone Operators.
2.

After signing the token with their CSR private key, Service Validators sign it with their private key, and Drone Operators host it on their IoDT platform.
3.

Service Validators then confirm the match of the received token with the initially shared token.
4.

The Verifpal analysis assumes an active attacker scenario, where the attacker can listen to and modify communications between parties.
5.

The analysis is conducted in an environment considering this active attacker, thereby verifying the robustness of the token exchange mechanism under potential security threats.

This analysis ensures that the token exchange process in D2XChain maintains its integrity and confidentiality even in the presence of potential security attacks.

VI-C Adversarial Model and Threat Analysis

The primary objective of our framework is to establish a blockchain-based PKI system for the IoDT that is resilient against adversarial threats. In the IoDT context, our adversarial model includes entities such as Drone Operators and Service Validators. These entities may act maliciously, leading to the following potential attacks within our D2XChain framework:

•

IoDT Service Request (ISR) Spoofing/MITM Attack
•

Malicious Service Validator
•

Targeted Attack on IoDT Services
•

Sybil Attack in IoDT Network

Table I outlines the nature of these attacks, the category of adversaries they fall under, and how D2XChain mitigates such threats.

•

ISR Spoofing/MITM Attack: D2XChain counters service request spoofing and MITM attacks. Service Validators verify proof of ownership from the IoDT service registry, with the network’s distributed nature reducing the risk of successful DNS poisoning affecting all Validators.
•

Malicious Service Validator: To address dishonest actions by Service Validators, D2XChain employs smart contracts enforcing due diligence. The consensus mechanism ensures only certificates validated by a majority are accepted, and persistent dishonesty leads to removal from the network. Further research will focus on distinguishing between legitimate and malicious validators.

•

Victim Targeted Attack: In cases where Service Validators neglect ISR requests for specific services or operators, D2XChain escalates these requests and ensures other Validators process them. A log of inactivity and non-participation helps identify and potentially penalize negligent Validators.

TABLE I: Security analysis of D2XChain against adversarial model.

Adversary Category	Attacks	Description	Mitigation
Drone Operator	ISR Spoofing/MITM	Pretending to be a legitimate IoDT service to hijack communications.	Rigorous validation checks for ISR initiation and revocation.
Service Validator	Malicious Service Validator	Validators who endorse unauthorized transactions.	Consensus requirement of over 50% of Service Validators. Monitoring of Validator activities.
Service Validator	Victim Targeted Attack	Overlooking ISR requests from a specific IoDT service.	Escalating transaction priority over time. Logging Validator inactivity.
Service Validator	Sybil Attack in IoDT	Introducing numerous deceitful Service Validators to dominate the network.	A permissioned network of trusted Service Validators. Decentralized consensus.

•

Sybil Attack: D2XChain employs specific strategies to mitigate the risk of Sybil attacks within the IoDT network:
- –
  
  Permissioned Network: D2XChain operates as a permissioned network with authenticated Service Validators, each granted a certificate by D2XChain to participate actively.
- –
  
  Decentralized Trust: Trust in D2XChain is established through decentralized consensus among Validators, supported by an autonomous validation protocol, rather than reliance on a single entity.
- –
  
  Resilience Against 51% Collusion: D2XChain’s private and trusted Validator ensemble makes it robust against 51% collusion attacks, a common vulnerability in blockchain systems.
- –
  
  Incentivization for Integrity: The network incentivizes honest behavior among Service Validators, promoting overall integrity and reducing the likelihood of fraudulent activities.

VI-D Assessment on Design Goals

An evaluation of D2XChain against the design goals established in Section III-A yields the following:

•

Compatibility with Existing Standards: D2XChain aligns with the operational principles of traditional PKI systems, ensuring compatibility with existing IoDT infrastructures and standards.
•

Decentralized Trust: The framework decentralizes trust by distributing it among multiple Service Validators rather than relying on a single Trusted Third Party, crucial for IoDT’s distributed nature.
•

Mitigation of MITM Attacks: D2XChain’s validation protocols robustly address MITM threats, including comprehensive checks against DNS records to prevent unauthorized access.
•

Automation: The system automates certificate lifecycle management, processing Service Requests as blockchain transactions with minimal human intervention.
•

Transparency: Leveraging blockchain technology, D2XChain offers transparency in the auditing of IoDT service certificates, with an immutable ledger enhancing trust in the system.

VI-E Implementation and Performance Evaluation

D2XChain’s implementation and performance within the IoDT are assessed as follows:

VI-E1 Setup

The D2XChain framework is implemented in an Ethereum blockchain environment with three key components:

1.

Front-end Interface: Developed using Vue.js, this interface is the primary interaction layer for end-users, Drone Operators, and Service Validators.
2.

API Layer: Built on Node.js, it connects the front-end to the blockchain, utilizing Web3js for blockchain interactions.
3.

Blockchain Network: Comprises Service Validator nodes, each maintaining an independent ledger copy. Smart contracts execute PoSv checks to validate transactions.

Performance tests were performed on a typical computing setup featuring an Intel Core-i5 9600K processor, 32 GB RAM, a 500 GB SSD, and operating on Ubuntu 20.04 LTS, utilizing Python scripts for execution.

VI-E2 Performance Analysis

The performance of D2XChain was evaluated under varying conditions:

•

Experimental Setup: Two scenarios were tested—varying the number of nodes with a fixed number of transactions, and vice versa. The registration mechanism (token issuance and CDT generation), revocation, and verification processes were analyzed separately.
•

Results with Varying Nodes: Latency and throughput were assessed with up to 12 nodes and a fixed transaction count of 2000. The results (Figures 6 and 8) showed a decrease in latency and an increase in throughput for registration and revocation with more nodes. Verification throughput remained relatively constant.
•

Results with Varying Transactions: The second setup, with a constant node count and escalating transactions, indicated a throughput decline in registration and revocation but an increase in verification operations (Figures 7 and 9). There were differences in the patterns of latency: higher for revocation and registration, lower for verification for more than 500 transactions.

The investigation highlights D2XChain’s usefulness in an IoDT context by showing that it can strike a balance between throughput and the number of SV nodes.

D2XChain’s approach to certificate issuance in the IoDT context is evaluated considering the expected rise in demand:

•

Decentralized Operation: D2XChain enables multiple Service Validators (SVs) to process certificate issuance requests concurrently, enhancing throughput.
•

Performance Metrics: In tests with 12 SV nodes handling 2000 transactions, the throughput for certificate registration and validation was around 10 seconds. This indicates effective handling of increased certificate issuance frequencies.
•

Scalability: The number of SV nodes in D2XChain can be scaled to improve performance, countering potential limitations related to blockchain size or transaction rates.
•

Adaptability to Ethereum Advancements: Ethereum features like sharding, roll-ups, state channels, and the PoS protocol can help deal with the difficulties associated with often issuing certificates for IoDT devices. D2XChain can integrate with these features without extra costs or complexity.
•

Certificate Validity Status: The framework aggregates certificate validity status into a vector, streamlining the verification process by eliminating the need to traverse the entire certificate chain.

TABLE II: D2XChain’s cost comparison for IoDT services vs the conventional CA approach.

Operation	Gas Used (Wei)	Gas Price (GWei)	Total Cost (Eth)	Total Cost (USD)	Traditional IoDT Certificate Price (USD)
CRT Generation	61603	1	0.0000616	$0.04
Certificate Registration	64579	1	0.0000646	$0.05	approx $10 per year
Certificate Revocation	35341	1	0.0000353	$0.03	0
Certificate Validation	0	1	0.0000000	$0.00	0

VI-E3 Cost analysis

TABLE III: Assessment of IoDT-Related PKI Techniques Compared to D2XChain

Evaluation Metric	D2XChain	CertLedger	BlockPKI	CloudX509
Cost for Issuing Certificates (in Ether)	0.0001262	-	0.07	-
Client Storage Requirements (MB/annum)	10	128	-	-
Average Block Size (in KB)	0.564	128	-	1
Overhead for TLS Handshake (Bytes per 1000 certs)	0	5657	-	-
Time to Issue Certificates (Sec per 1000 certs)	9	-	120	2040
Blockchain Size on Annual Basis (in GB)	86.67	512	-	-
Availability of a Working Model	Yes	Yes	No	No

D2XChain’s deployment in the IoDT ecosystem on a private Ethereum network reveals its cost-effectiveness and efficiency:

•

Operational Costs: D2XChain incurs modest operational costs of $0.09 for certificate registration and $0.03 for revocation, significantly lower than traditional PKI systems. This cost advantage, coupled with mitigation of the single point of failure issue, makes D2XChain an economically viable alternative.
•

Reward Mechanism for SVs: An incentive scheme is put up for Service Validators, whereby certificate creation costs are distributed as compensation for carrying out sanity tests. This study does not address the intricacies of the block rewards distribution.
•

Blockchain Configuration and Costs: Both private and public blockchains can use the framework; public transactions will cost money, while private networks will need an initial investment but may not charge transaction fees.
•

Storage Analysis: A theoretical model of the D2XChain ledger was analyzed for storage efficiency. The analysis, using methodologies from CertLedger, shows D2XChain’s superior performance in storage efficiency and processing time compared to similar frameworks, as detailed in Table III.

TABLE IV: D2XChain smart contracts security vulnerabilities detection in the IoDT context.

Vulnerability class	Vulnerability group	Vulnerability	Detection in D2XChain smart contracts
		Vulnerable off-chain server	✓
	Trust	Overpowered owner	✗
	Privacy	Sensitive data visibility	✗
		Constructor name	✗
		Authorization with tx.origin	✗
		Suicidal contracts	✗
	Authorization	Generous contracts	✗
		Game Theory issues	✗
		Tokenomics issues	✗
Model	Economy	Voting issues	✗
		Overlap attack	✗
		Delegatecall and storage layout	✓
	Storage access	Uninitialized storage pointer	✗
		Over/underflow	✗
	Arithmetic	Precision issues	✗
		Assembly return in constructor	✗
		Function type variable jump	✗
Language	Internal control flow	Multiple inheritance	✗
		Transaction censorship	✗
		Random with blockhash	✗
		Timestamp manipulation	✗
	Block content manipulation	Front-running/transaction reordering	✗
		Signature collisions	✗
	Message structure	Short address attack	✗
		Infinite loops	✗
	Contract interaction	Transfer provides too little gas	✗
		DoS with selfdestruct	✗
		DoS with revert	✗
		Reentrancy	✗
	Contract interaction	Unchecked low-level call	✗
		Present Ether	✗
		Ether transfer with mining	✗
Blockchain	Ether transfer	Ether transfer with selfdestruct	✗

VI-E4 Smart Contract Vulnerabilities in IoDT

The security of smart contracts in D2XChain is crucial for maintaining the integrity of the blockchain-based system:

•

Importance of Smart Contract Integrity: Given their immutable nature, ensuring the security of smart contracts is essential in the IoDT framework.
•

Analytical Tools for Vulnerability Detection: Various tools can analyze smart contracts, examining either EVM bytecode or source code. D2XChain employed SmartCheck, an open-source tool that analyzes Solidity source code for vulnerabilities.
•

SmartCheck Analysis: SmartCheck categorizes vulnerabilities into several classes and applies numerous rules for detection. D2XChain’s smart contracts, totaling 404 lines of code, were analyzed against approximately 80 rules, as summarized in Table IV.
•

Identified Vulnerabilities: Vulnerabilities related to off-chain server connections were found, due to interfacing with an oracle to fetch tokens from DNS records. Issues with Delegatecall and Storage layout were also noted, attributed to the loading of data from memory using assembly code.
•

System Robustness: The analysis indicates that D2XChain is robust against a wide range of security issues, ensuring the integrity of decentralized trust management in the IoDT ecosystem.

VII Conclusion

D2XChain is a pioneering blockchain-based PKI framework designed specifically for the IoDT, utilizing a private Ethereum blockchain with a PoSv protocol. It achieves decentralized trust management while complying with the X.509 standard, supporting essential PKI operations like registration, validation, revocation, and verification. Enhanced by smart contracts with thorough sanity checks, D2XChain effectively fortifies against adversarial threats, ensuring robust security in the IoDT environment. Performance evaluations affirm its aptitude for real-time IoDT applications, marking a substantial advancement in secure, decentralized PKI for drone services. Future research aims to refine the system further, focusing on integrating PoSv into the blockchain’s consensus mechanism and developing a dedicated ledger optimized for IoDT PKI operations, thereby elevating the security and functionality in the dynamic IoDT landscape.

References

[1] J. Akram, M. Umair, R. H. Jhaveri, M. N. Riaz, H. Chi, and S. Malebary, “Chained-drones: Blockchain-based privacy-preserving framework for secure and intelligent service provisioning in internet of drone things,” Computers and Electrical Engineering, vol. 110, p. 108772, 2023.
[2] J. Akram, A. Akram, R. H. Jhaveri, M. Alazab, and H. Chi, “Bc-iodt: blockchain-based framework for authentication in internet of drone things,” in Proceedings of the 5th International ACM Mobicom Workshop on Drone Assisted Wireless Communications for 5G and Beyond, pp. 115–120, 2022.
[3] S. I. Khan, F. Ullah, and B. J. Choi, “Drone-as-a-service (daas) for covid-19 self-testing kits delivery in smart healthcare setups: A technological perspective,” ICT Express, 2022.
[4] H. S. Munawar, F. Ullah, D. Shahzad, A. Heravi, and S. Qayyum, “Civil infrastructure damage and corrosion detection: An application of machine learning,” Buildings, vol. 12, no. 2, p. 156, 2022.
[5] H. S. Munawar, Z. Gharineiat, and S. Imran Khan, “A framework for burnt area mapping and evacuation problem using aerial imagery analysis,” Fire, vol. 5, no. 4, p. 122, 2022.
[6] J. Akram, A. Anaissi, R. S. Rathore, R. H. Jhaveri, and A. Akram, “Galtrust: Generative adverserial learning-based framework for trust management in spatial crowdsourcing drone services,” IEEE Transactions on Consumer Electronics, vol. 70, no. 1, pp. 2285–2296, 2024.
[7] J. Akram, A. Anaissi, R. S. Rathore, R. H. Jhaveri, and A. Akram, “Digital twin-driven trust management in open ran-based spatial crowdsourcing drone services,” IEEE Transactions on Green Communications and Networking, vol. 8, no. 2, pp. 841–855, 2024.
[8] J. Akram, A. Anaissi, W. Othman, A. Alabdulatif, and A. Akram, “Dronessl: Self-supervised multimodal anomaly detection in internet of drone things,” IEEE Transactions on Consumer Electronics, vol. 70, no. 1, pp. 4287–4298, 2024.
[9] J. Akram, M. Aamir, R. Raut, A. Anaissi, R. H. Jhaveri, and A. Akram, “Ai-generated content-as-a-service in iomt-based smart homes: Personalizing patient care with human digital twins,” IEEE Transactions on Consumer Electronics, pp. 1–1, 2024.
[10] J. Davies, Implementing SSL/TLS using cryptography and PKI. John Wiley and Sons, 2011.
[11] C. Adams and S. Lloyd, Understanding public-key infrastructure: concepts, standards, and deployment considerations. Sams Publishing, 1999.
[12] M. wiki, “CA/Included certificates.” https://wiki.mozilla.org/CA/Included\_Certificates. [Online].
[13] Apple, “List of available trusted root certificates in iOS 12, macOS 10.14, watchOS 5, and tvOS 12.” https://support.apple.com/en-us/HT209144. [Online].
[14] Chromium, “Root Certificate policy.” https://www.chromium.org/Home/chromium-security/rootca-policy. [Online].
[15] SSLmate, “Timeline of certificate authority failures.” https://sslmate.com/certspotter/failures. [Online].
[16] SOPHOS, “Fraudulent certificates issued by Comodo, is it time to rethink who we trust?.” https://bit.ly/3fMimR5. [Online].
[17] krebsonsecurity, “Crooks continue to exploit GoDaddy hole.” https://bit.ly/3cnrKIV. [Online].
[18] B. Laurie and R. Clayton, “Proof-of-work proves not to work; version 0.2,” in Workshop on economics and information, security, 2004.
[19] A. De Vries, “Bitcoin’s growing energy problem,” Joule, vol. 2, no. 5, pp. 801–805, 2018.
[20] N. Atzei, M. Bartoletti, and T. Cimoli, “A survey of attacks on ethereum smart contracts (sok),” in Principles of Security and Trust: 6th International Conference, POST 2017, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2017, Uppsala, Sweden, April 22-29, 2017, Proceedings 6, pp. 164–186, Springer, 2017.
[21] S. Matsumoto and R. M. Reischuk, “Ikp: Turning a pki around with blockchains, iacr cryptol,” ePrint Arch. 2016 (2016), 2016.
[22] L. Dykcik, L. Chuat, P. Szalachowski, and A. Perrig, “Blockpki: An automated, resilient, and transparent public-key infrastructure,” in 2018 IEEE International Conference on Data Mining Workshops (ICDMW), pp. 105–114, IEEE, 2018.
[23] A. Yakubov, W. Shbair, A. Wallbom, D. Sanda, et al., “A blockchain-based pki management framework,” in The First IEEE/IFIP International Workshop on Managing and Managed by Blockchain (Man2Block) colocated with IEEE/IFIP NOMS 2018, Tapei, Tawain 23-27 April 2018, 2018.
[24] H. Tewari, A. Hughes, S. Weber, and T. Barry, “X509cloud—framework for a ubiquitous pki,” in MILCOM 2017-2017 IEEE Military Communications Conference (MILCOM), pp. 225–230, IEEE, 2017.
[25] M. Y. Kubilay, M. S. Kiraz, and H. A. Mantar, “Certledger: A new pki model with certificate transparency based on blockchain,” Computers & Security, vol. 85, pp. 333–352, 2019.
[26] B. Qin, J. Huang, Q. Wang, X. Luo, B. Liang, and W. Shi, “Cecoin: A decentralized pki mitigating mitm attacks,” Future Generation Computer Systems, 2017.
[27] D. Basin, C. Cremers, T. H.-J. Kim, A. Perrig, R. Sasse, and P. Szalachowski, “Arpki: Attack resilient public-key infrastructure,” in Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 382–393, 2014.
[28] M. Toorani and C. Gehrmann, “A decentralized dynamic pki based on blockchain,” in Proceedings Of the 36th Annual ACM Symposium On Applied Computing, pp. 1646–1655, 2021.
[29] M. Al-Bassam, “Scpki: A smart contract-based pki and identity system,” in Proceedings of the ACM Workshop on Blockchain, Cryptocurrencies and Contracts, pp. 35–40, 2017.
[30] B. Laurie, “Certificate transparency,” Communications of the ACM, vol. 57, no. 10, pp. 40–46, 2014.
[31] T. H.-J. Kim, L.-S. Huang, A. Perrig, C. Jackson, and V. Gligor, “Accountable key infrastructure (aki) a proposal for a public-key validation infrastructure,” in Proceedings of the 22nd international conference on World Wide Web, pp. 679–690, 2013.
[32] P. Szalachowski, S. Matsumoto, and A. Perrig, “Policert: Secure and flexible tls certificate management,” in Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 406–417, 2014.
[33] M. D. Ryan, “Enhanced certificate transparency and end-to-end encrypted mail,” Cryptology ePrint Archive, 2013.
[34] C. Fromknecht, D. Velicanu, and S. Yakoubov, “A decentralized public key infrastructure with identity retention,” Cryptology ePrint Archive, 2014.
[35] M. Ali, J. Nelson, R. Shea, and M. J. Freedman, “Blockstack: A global naming and storage system secured by blockchains,” in 2016 USENIX annual technical conference (USENIX ATC 16), pp. 181–194, 2016.
[36] L. Axon and M. Goldsmith, “Pb-pki: A privacy-aware blockchain-based pki,” in 14th International Conference on Security and Cryptography (SECRYPT 2017), vol. 6, SciTePress, 2016.
[37] B. Qin, J. Huang, Q. Wang, X. Luo, B. Liang, and W. Shi, “Cecoin: A decentralized pki mitigating mitm attacks,” Future Generation Computer Systems, vol. 107, pp. 805–815, 2020.
[38] J. Chen, S. Yao, Q. Yuan, K. He, S. Ji, and R. Du, “Certchain: Public and efficient certificate audit based on blockchain for tls connections,” in IEEE INFOCOM 2018-IEEE conference on computer communications, pp. 2060–2068, IEEE, 2018.
[39] J. Chen, Z. Zhan, K. He, R. Du, D. Wang, and F. Liu, “Xauth: Efficient privacy-preserving cross-domain authentication,” IEEE Transactions on Dependable and Secure Computing, vol. 19, no. 5, pp. 3301–3311, 2021.
[40] M. E. Whitman and H. J. Mattord, Principles of information security. Cengage learning, 2011.
[41] N. Kobeissi, G. Nicolas, and M. Tiwari, “Verifpal: Cryptographic protocol analysis for the real world,” in Progress in Cryptology–INDOCRYPT 2020: 21st International Conference on Cryptology in India, Bangalore, India, December 13–16, 2020, Proceedings 21, pp. 151–202, Springer, 2020.