Using Public Blockchain For The Management Of Public Key Infrastructure To Strengthen Nuclear Safeguards

This paper demonstrates for the first time the potential of the application of Blockchain technology for managing a Public Key Infrastructure (PKI) for Nuclear Safeguards process monitoring. Asymmetric cryptography (based on the use of private and public keys) is the basis of a Public Key Infrastructure and is widely used to prove the authenticity of data through digital signatures. In the case of sensors, the output data is signed with the private key of the sensor and everybody can verify with the corresponding public key the authenticity of that data. A certificate signed by a trusted Certificate Authority, or a trusted master list of public keys, guarantees the identity of the sensor associated to the public key. Nevertheless, even trusted processes may be hit by cyberattacks: in fact, malicious actors impersonating authorized personnel, or colluded system administrators, could potentially either issue a new unauthorized certificate or modify an entry in a public key master list to disrupt normal process monitoring operations. We demonstrate here how Blockchain technology can discourage attacks aiming at stealing the identity of devices. The scenario we consider consists of cameras deployed for the surveillance of a nuclear plant. As a first security layer, video frames are digitally signed and the camera’s public key is embedded in the transmitted file. A second layer of security, uses a public Blockchain to record the hashes of the cameras’ public keys, enabling inspectors to verify the authenticity of both the video and the camera. This second layer, compared to a traditional master list, makes it practically unfeasible for a public key to be added or modified without leaving traces. In this paper we present the experimental results obtained using Bitcoin, Ethereum and Algorand public blockchains. We discuss strengths and limits, and we compare this approach with the traditional master list approach currently used. We demonstrate that Blockchain-based PKI can enhance security in Nuclear Safeguards. We conclude that using Blockchain for managing PKI cannot block fraudulent behaviours, but that the attacker cannot avoid leaving traces.