We have analyzed a blockchain-based protocol
for the certification of academic credentials named
Blockcerts, which aims at certifying digital certificates compliant with the Open Badges standard
through a public blockchain. We have reviewed all
the steps that are required for the creation of Open
Badges-compliant digital academic credentials and
for their certification according to the Blockcerts
protocol. From such an analysis it results that the
Blockchain protocol does not provide any strong
mechanism for authenticating the issuing institution, since the issuer authentication is basically
performed on the basis of an unauthenticated issuer
profile available online and referenced from inside
the certificate.
We have shown how a legitimate issuing institution can be easily impersonated by suitably fabricating a fake issuer profile. This way, apparently legitimate academic credentials can be released, which
the Blockcerts validation mechanisms are unable to
distinguish from valid academic credentials issued
by the legitimate institution. This clearly highlights
a vulnerability of this protocol, especially when it
is used for the certification of academic credentials
with legal value