Project Progress Timeline: X.509 Certificate Transparency

Overview: This page outlines tasks and milestones in order to manage and achieve goals that are set for the "X.509 Certificate Transparency using Hyperledger Fabric Blockchain" project.

Project tasks and milestones 

• Broader Goals for first Evaluation 

  Understanding CTB design (https://eprint.iacr.org/2018/1232)

  Running the existing proof-of-concept code for Hyperledger based CTB (HLCTB) network

  Building a proof-of-concept client/server application supporting HLCTB-assisted SSL/TLS connection

• Work done

  • May 27 - June 2

    Meeting with Prof. mahavir jhawar - Introduction and understanding the project 

    Premier on using openssl for generating certificates and signing certificates by certificate authority.
    Read paper on CTB by mahavir jhawar: https://eprint.iacr.org/2018/1232.pdf

    Revisit Hyperledger key concepts: https://hyperledger-fabric.readthedocs.io/en/release-1.4/key_concepts.html

    Understand the structure of crypto-config folder where certificate for identity management are stored.  (WIP)

    Run CTB network with two CA and browser organisations. Able to add certificate and query them.

    Reissue certificate while the previous one is active. I have gone through the go chaincode, VerifyPKCS1v15  is at heart of reissuing certificate. But I am not able to understand what the signCert exactly is? Whether it is sign of newcertstring or newcertfile or sha256 of newcert using the current public key. 

    • openssl dgst -sha256 -sign currentCert.key -out sign.txt newCert.crt , but this produces binary output and VerifyPKCS1v15 is returning false.

    June 3 - June 9

    Create a github repository with POC of CTB network using hyperledger

    Reported issue related Wrong port number in build your first network 

    Error rendering macro 'jira' : null

    Understanding and running the basic-network, first-network and fabcar application of fabric-samples

    Write a blog on structure of crypto-config and how different keys are related

    June 10 - June 16

    Monday - Meeting with deva madala on progress till now and technical guidance

    Testing the HLCTB network POC written by deva madala (fabric 1.1) and understood how to connect to HLCTB network and executing the chaincode  

    Modifying the HLCTB network by adding CA to each org and couchDB for each peers for fabric 1.4

    Besides the main goal, started with switching from direct container management to orchestration of containers using kubernetes

    Create the project timeline and meeting regarding the same

    Change in existing chaincode for proper revocation of certificates

    June 17 - June 23

    Using easybaas (VMware tool, https://labs.vmware.com/flings/blockchain-on-kubernetes) for creating the hyperledger related config for deploying on kubernetes and also modifying the same for incorporating the changes in fabric 1.4

    • https://hackernoon.com/how-to-deploy-hyperledger-fabric-on-kubernetes-1-a2ceb3ada078

    • https://labs.vmware.com/flings/blockchain-on-kubernetes

    Tuesday - meeting with Prof. mahavir jhawar regarding preparation for demo and current progress

    Create an application(SDK) for connecting to the network and executing chaincode functions

    Create a demo for server/client SSL PKI verification using HLCTB network

    Thursday - show the demo to deva madala

    Write a readme on how to run demo server/client application for testing HLCTB network

    • https://github.com/harsh-98/ctb/tree/master/docs/run_demo.md

    Friday-  show the final step by step demo to Professor and deva madala and discussion of the second quarter plans

• Broader Goals for second Evaluation 

  Hosting the HLCTB over cloud

  FireFox Extension to support HLCTB-assisted https connections 

  Development of an interface allowing registration of Certification Authorities to HLCTB network

• Work Done

  • June 24 - June 30

    Trying to add Yeasy/blockchain-explorer:0.1.0-preview to the hlf network.

    Added blockchain-explorer for fabric 1.4 on the HLF CTB network for easy monitoing of the transactions and the ledger.

    Created a script for automatic testing of network. Using this we can generate multiple ca, domains cerificates , push them to the network, renew the certs for domains and also revoke them. It uses the CA server as a proxy.

    Tested for serial processing of transactions for 100 domains and 5 times renewal of certificates and revoking them in the end. The network handled that, and blocks produced had one transaction each. Achieved a processing rate of 20-30 transactions per minute.

    Tested for parallel processing with the same settings as serial processing. Each blocks had upto 10 transactions and achieved a processing rate of 200 transactions per minute.

    Create a docker image of blockchain-explorer . It has two images , one for server and other for client.

    July 1 - July 7

    Raised issue on `Explorer not able to connect orderer from docker.` - 

    Error rendering macro 'jira' : null

    Attending mentors and mentees meet call.

    Adding caliper to network

    Testing using caliper for different number of transactions and tps while changing block size and batch timeout in configtx.yaml

    Adding swagger interface to ca server

    Adding authentication to ca server

    Deploying whole network on cloud with blockchain-explorer, ca server and caliper

    Making  chrome extension

    July 7 - July 14

    Make firefox extension

    Add script for generating crypto-material and docker files for new CA organisation

    Adding new CA organisation to current HLCTB network(locally)

    Fixing queryCertificateHistory and adding creation of affiliation for orgs if not present

    Create pm2 process file for CA server, reports server and channel Config API.

• Broader Goals for third Evaluation 

  Scaling up of HLCTB: Simulation of https connections to sufficiently many HLCTB-registered domains 

  Bench-marking HLCTB-assisted handshake overhead (on top of SSL/TLS handshake)

  Fine tuning of HLCTB operations for better efficiency and security

• Work Done

  • July 15 - July 21 

    Monday meeting on caliper, firefox extension, CA server api and discussed further plan.

    Deploy network on cloud and joining new organisation to network present on different server(whole network contains of 2 server)

    Patching TLS certificates of orderers and peers for including IP SANs and documenting the errors faced

    Documenting how to add new CA organisation

    Create transfer_asset script for transfer TLS certificate for CA server

    Documenting how to connect CA server to CA organisation in HLCTB network 

    July 22 - July 28

    Presentation on CTB and work done

    Reading paper on scaling hyperledger handle order of 4 tps. 

    Adding demo for ctb-testing.ml using self-signed CA

    July 29 - Aug 4

    Meeting with mentor showing the work done and changes needed.

    Adding demo for hfctb.ml using lets encrypt as CA

     

• Broader Goals for last Evaluation

  Prepare report explaining completed tasks

  Certificate revocation 

  Present your work done to hyperledger community

  Wrapping up and organising the codebase

• Work Done

  • Aug 5 - Aug 11

    Meeting with mentors on created presentation and suggested changes in it for better understanding

    Create more interactive presentation and also a demo video

    Looked into certificate revocation part and studied current methods CRL, OCSP, OCSP stapling and Must-Staple   

    Aug 12 - Aug 18

    Attended Hyperledger internship presentation of other students

    Started working on report

    Setup a OCSP responder, webserver for handling OCSPERQUEST using ocsp npm package

    Aug 19 - Aug 25

    Meeting with mentors-- different ways of integrating currently available revocation models in HFCTB network

    Wrapping up and organizing the codebase