ETD

• blockchain
• certificates
• decentralization
• dpki
• Hyperledger Fabric
• pdl
• privacy-aware
• trust model

The maritime sector is undergoing a profound digital transformation (e.g., e-Navigation) but currently operates in a complex environment without a defined trust model, creating a strong need for secure communication. Current technical efforts, such as the Maritime Connectivity Platform (MCP), rely on traditional, centralized PKIs. This approach introduces single points of trust and failure and utilizes revocation mechanisms (like CRLs and OCSP) that are inadequate, especially in offline maritime scenarios. This thesis proposes a "privacy-aware" Distributed PKI (DPKI) architecture built on a Permissioned Distributed Ledger (PDL) to overcome these limitations. The solution employs a "Dual-Chain" model to logically separate information: an Identity channel stores PII (Personally Identifiable Information) with access restricted to Ports and Maritime Authorities, while a Certificate channel stores anonymous (pseudonymous) X.509 certificates, accessible to all members. In this decentralized model, actors (Ocean Carriers, Ports, Authorities) maintain independence by managing their own nodes; carriers can even deploy nodes on ships. This eliminates the single point of trust and failure. A Proof of Concept using Hyperledger Fabric was developed to validate the architecture. The primary innovation is the ability to enable offline certificate verification (e.g., Ship-to-Ship scenarios) by leveraging the local copy of the ledger. The "Dual-Chain" model provides selective privacy, balancing operational anonymity with controlled "linkability" by authorities. The use of standard X.509 certificates ensures native interoperability with existing protocols like TLS and SECOM while the PDL guarantees data integrity, non-repudiation, and auditability.