Project Progress Timeline: X.509 Certificate Transparency

Overview: This page outlines tasks and milestones in order to manage and achieve goals that are set for the "X.509 Certificate Transparency using Hyperledger Fabric Blockchain" project.

Project tasks and milestones 

• Week 1-3

• Broader Goals for first Evaluation 
  • Understanding CTB design (https://eprint.iacr.org/2018/1232)
  • Running the existing proof-of-concept code for Hyperledger based CTB (HLCTB) network
  • Building a proof-of-concept client/server application supporting HLCTB-assisted SSL/TLS connection

• Work done

  • May 27 - June 2

    • Meeting with Prof. mahavir jhawar - Introduction and understanding the project 
    • Premier on using openssl for generating certificates and signing certificates by certificate authority.
    • Read paper on CTB by mahavir jhawar: https://eprint.iacr.org/2018/1232.pdf
    • Revisit Hyperledger key concepts: https://hyperledger-fabric.readthedocs.io/en/release-1.4/key_concepts.html
    • Understand the structure of crypto-config folder where certificate for identity management are stored.  (WIP)
    • Run CTB network with two CA and browser organisations. Able to add certificate and query them.
    • Reissue certificate while the previous one is active. I have gone through the go chaincode, VerifyPKCS1v15  is at heart of reissuing certificate. But I am not able to understand what the signCert exactly is? Whether it is sign of newcertstring or newcertfile or sha256 of newcert using the current public key. 
    • openssl dgst -sha256 -sign currentCert.key -out sign.txt newCert.crt , but this produces binary output and VerifyPKCS1v15 is returning false.

    June 3 - June 9

    • Create a github repository with POC of CTB network using hyperledger
    • Reported issue related Wrong port number in build your first network 
      Error rendering macro 'jira' : null
    • Understanding and running the basic-network, first-network and fabcar application of fabric-samples
    • Write a blog on structure of crypto-config and how different keys are related

    June 10 - June 16

    • Monday - Meeting with deva madala on progress till now and technical guidance
    • Testing the HLCTB network POC written by deva madala (fabric 1.1) and understood how to connect to HLCTB network and executing the chaincode  
    • Modifying the HLCTB network by adding CA to each org and couchDB for each peers for fabric 1.4
    • Besides the main goal, started with switching from direct container management to orchestration of containers using kubernetes
    • Create the project timeline and meeting regarding the same
    • Change in existing chaincode for proper revocation of certificates

    June 17 - June 23

    • Using easybaas (VMware tool, https://labs.vmware.com/flings/blockchain-on-kubernetes) for creating the hyperledger related config for deploying on kubernetes and also modifying the same for incorporating the changes in fabric 1.4
    • https://hackernoon.com/how-to-deploy-hyperledger-fabric-on-kubernetes-1-a2ceb3ada078
    • https://labs.vmware.com/flings/blockchain-on-kubernetes
    • Tuesday - meeting with Prof. mahavir jhawar regarding preparation for demo and current progress
    • Create an application(SDK) for connecting to the network and executing chaincode functions
    • Create a demo for server/client SSL PKI verification using HLCTB network
    • Thursday - show the demo to deva madala
    • Write a readme on how to run demo server/client application for testing HLCTB network
    • https://github.com/harsh-98/ctb/tree/master/docs/run_demo.md
    • Friday-  show the final step by step demo to Professor and deva madala and discussion of the second quarter plans

• Week 4-6

• Broader Goals for second Evaluation 
  • Hosting the HLCTB over cloud
  • FireFox Extension to support HLCTB-assisted https connections 
  • Development of an interface allowing registration of Certification Authorities to HLCTB network
• Work Done

  • June 24 - June 30

    • Trying to add Yeasy/blockchain-explorer:0.1.0-preview to the hlf network.
    • Added blockchain-explorer for fabric 1.4 on the HLF CTB network for easy monitoing of the transactions and the ledger.
    • Created a script for automatic testing of network. Using this we can generate multiple ca, domains cerificates , push them to the network, renew the certs for domains and also revoke them. It uses the CA server as a proxy.
    • Tested for serial processing of transactions for 100 domains and 5 times renewal of certificates and revoking them in the end. The network handled that, and blocks produced had one transaction each. Achieved a processing rate of 20-30 transactions per minute.
    • Tested for parallel processing with the same settings as serial processing. Each blocks had upto 10 transactions and achieved a processing rate of 200 transactions per minute.
    • Create a docker image of blockchain-explorer . It has two images , one for server and other for client.

    July 1 - July 7

    • Raised issue on `Explorer not able to connect orderer from docker.` - 
      Error rendering macro 'jira' : null
    • Attending mentors and mentees meet call.
    • Adding caliper to network
    • Testing using caliper for different number of transactions and tps while changing block size and batch timeout in configtx.yaml
    • Adding swagger interface to ca server
    • Adding authentication to ca server
    • Deploying whole network on cloud with blockchain-explorer, ca server and caliper
    • Making  chrome extension

    July 7 - July 14

    • Make firefox extension
    • Add script for generating crypto-material and docker files for new CA organisation
    • Adding new CA organisation to current HLCTB network(locally)
    • Fixing queryCertificateHistory and adding creation of affiliation for orgs if not present
    • Create pm2 process file for CA server, reports server and channel Config API.

• Week 7-9

• Broader Goals for third Evaluation 
  • Scaling up of HLCTB: Simulation of https connections to sufficiently many HLCTB-registered domains 
  • Bench-marking HLCTB-assisted handshake overhead (on top of SSL/TLS handshake)
  • Fine tuning of HLCTB operations for better efficiency and security

• Work Done

  • July 15 - July 21 

    • Monday meeting on caliper, firefox extension, CA server api and discussed further plan.
    • Deploy network on cloud and joining new organisation to network present on different server(whole network contains of 2 server)
    • Patching TLS certificates of orderers and peers for including IP SANs and documenting the errors faced
    • Documenting how to add new CA organisation
    • Create transfer_asset script for transfer TLS certificate for CA server
    • Documenting how to connect CA server to CA organisation in HLCTB network 

    July 22 - July 28

    • Presentation on CTB and work done
    • Reading paper on scaling hyperledger handle order of 4 tps. 
    • Adding demo for ctb-testing.ml using self-signed CA

    July 29 - Aug 4

    • Meeting with mentor showing the work done and changes needed.
    • Adding demo for hfctb.ml using lets encrypt as CA

    
    

• Week 10-12

• Broader Goals for last Evaluation
  • Prepare report explaining completed tasks
  • Certificate revocation 
  • Present your work done to hyperledger community
  • Wrapping up and organising the codebase

• Work Done

  • Aug 5 - Aug 11

    • Meeting with mentors on created presentation and suggested changes in it for better understanding
    • Create more interactive presentation and also a demo video
    • Looked into certificate revocation part and studied current methods CRL, OCSP, OCSP stapling and Must-Staple   

    Aug 12 - Aug 18

    • Attended Hyperledger internship presentation of other students
    • Started working on report
    • Setup a OCSP responder, webserver for handling OCSPERQUEST using ocsp npm package

    Aug 19 - Aug 25

    • Meeting with mentors-- different ways of integrating currently available revocation models in HFCTB network
    • Wrapping up and organizing the codebase