Moving public key infrastructure to a distributed ledger could offer a more secure, less expensive way to provide online authentication. Public key infrastructure is an effective way of ensuring the security of encrypted data, but not many people use it. That’s because PKI requires users to acquire — at a cost greater than what many individuals and small businesses are prepared to pay — a public key certificate from a centralized certificate authority that issues and manages the critical keys.
One company, however, wants to move the key storage from a centralized authority to a distributed ledger. Respect Network Corp., a Seattle-based network technology company since acquired by Evernym, is using a $750,000 award from the Department of Homeland Security to develop a blockchain-based solution for decentralized creation and management of key certificates for encryption and identity management.
The Decentralized Key Management System employs a three-layer architecture that includes a distributed-ledger layer, a cloud-based agent layer and an edge layer of apps or wallets that individuals use to access keys and data. “In DKMS the public keys needed to verify any user are stored on a blockchain, which as you know provides an extremely tamperproof, decentralized solution to immutable storage,” Evernym Chief Trust Officer Drummond Reed said. “That’s the primary innovation that makes DKMS possible.” Private keys are also more secure, Reed said, because they reside on each user’s devices (the edge layer) instead of with a centralized authority. “With DKMS, there is no giant stash of private keys or other secrets anywhere,” he said. Without the private-key “honeypots” to target, attackers “would have to try to break into the secure elements on edge devices — mobile phones, tablets, laptops — for each and every user they want to try to attack.” The edge agents being developed for DKMS, which interact with DKMS cloud agents, also make it possible to provide backup and recovery options that weren’t feasible before.
“They will make it easy enough for any average internet [user] to start using a digital wallet and easily recover it if they lose all their devices,” Reed said. DKMS has three other major advantages, according to Reed. First, since there is no central authority, there’s no single point of failure that can impact a large number of users. Second, DKMS is not dependent on proprietary software the way traditional service providers are. Third, DKMS has all the resiliency of distributed-ledger technology.
The company is developing prototypes of edge and cloud agents in the open-source Hyperledger Indy project, a distributed ledger and utility library purpose-built for decentralized identity. It expects the system to be available for proof-of-concept deployments in the first half of 2018. Read more from gcn.com…
thumbnail courtesy of gcn.com