"Security analysis of a blockchain-based protocol for the certification of academic credentials"

We have analyzed a blockchain-based protocol for the certification of academic credentials named Blockcerts, which aims at certifying digital certificates compliant with the Open Badges standard through a public blockchain. We have reviewed all the steps that are required for the creation of Open Badges-compliant digital academic credentials and for their certification according to the Blockcerts protocol. From such an analysis it results that the Blockchain protocol does not provide any strong mechanism for authenticating the issuing institution, since the issuer authentication is basically performed on the basis of an unauthenticated issuer profile available online and referenced from inside the certificate. We have shown how a legitimate issuing institution can be easily impersonated by suitably fabricating a fake issuer profile. This way, apparently legitimate academic credentials can be released, which the Blockcerts validation mechanisms are unable to distinguish from valid academic credentials issued by the legitimate institution. This clearly highlights a vulnerability of this protocol, especially when it is used for the certification of academic credentials with legal value
1 Like