CyberEye

By Patrick Marshall

Blog archive
digital key (Mott Jordan/Shutterstock.com)

Making encryption easier with blockchain

Moving public key infrastructure to a distributed ledger could offer a more secure, less expensive way to provide online authentication.

Public key infrastructure is an effective way of ensuring the security of encrypted data, but not many people use it.  That’s because PKI requires users to acquire -- at a cost greater than what many individuals and small businesses are prepared to pay -- a public key certificate from a centralized certificate authority that issues and manages the critical keys.

One company, however, wants to move the key storage from a centralized authority to a distributed ledger.

Respect Network Corp., a Seattle-based network technology company since acquired by Evernym, is using a $750,000 award from the Department of Homeland Security to develop a blockchain-based solution  for decentralized creation and management of key certificates for encryption and identity management. The Decentralized Key Management System employs a three-layer architecture that includes a distributed-ledger layer, a cloud-based agent layer and an edge layer of apps or wallets that individuals use to access keys and data. 

“In DKMS the public keys needed to verify any user are stored on a blockchain, which as you know provides an extremely tamperproof, decentralized solution to immutable storage,” Evernym Chief Trust Officer Drummond Reed said. “That's the primary innovation that makes DKMS possible.”

Private keys are also more secure, Reed said, because they reside on each user’s devices (the edge layer) instead of with a centralized authority.  “With DKMS, there is no giant stash of private keys or other secrets anywhere,” he said.  Without the private-key “honeypots” to target, attackers “would have to try to break into the secure elements on edge devices -- mobile phones, tablets, laptops -- for each and every user they want to try to attack.” 

The edge agents being developed for DKMS, which interact with DKMS cloud agents, also make it possible to provide backup and recovery options that weren’t feasible before. “They will make it easy enough for any average internet [user] to start using a digital wallet and easily recover it if they lose all their devices,” Reed said.

DKMS has three other major advantages, according to Reed.  First, since there is no central authority, there’s no single point of failure that can impact a large number of users.  Second, DKMS is not dependent on proprietary software the way traditional service providers are.  Third, DKMS has all the resiliency of distributed-ledger technology.

The company is developing prototypes of edge and cloud agents in the open-source Hyperledger Indy project, a distributed ledger and utility library purpose-built for decentralized identity. It expects the system to be available for proof-of-concept deployments in the first half of 2018.

Posted by Patrick Marshall on Apr 27, 2018 at 2:16 PM


Featured

  • Defense
    Soldiers from the Old Guard test the second iteration of the Integrated Visual Augmentation System (IVAS) capability set during an exercise at Fort Belvoir, VA in Fall 2019. Photo by Courtney Bacon

    IVAS and the future of defense acquisition

    The Army’s Integrated Visual Augmentation System has been in the works for years, but the potentially multibillion deal could mark a paradigm shift in how the Defense Department buys and leverages technology.

  • Cybersecurity
    Deputy Secretary of Homeland Security Alejandro Mayorkas  (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

    Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

    The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

Stay Connected