CyberEye

By Patrick Marshall

Blog archive
digital key (Mott Jordan/Shutterstock.com)

Making encryption easier with blockchain

Moving public key infrastructure to a distributed ledger could offer a more secure, less expensive way to provide online authentication.

Public key infrastructure is an effective way of ensuring the security of encrypted data, but not many people use it.  That’s because PKI requires users to acquire -- at a cost greater than what many individuals and small businesses are prepared to pay -- a public key certificate from a centralized certificate authority that issues and manages the critical keys.

One company, however, wants to move the key storage from a centralized authority to a distributed ledger.

Respect Network Corp., a Seattle-based network technology company since acquired by Evernym, is using a $750,000 award from the Department of Homeland Security to develop a blockchain-based solution  for decentralized creation and management of key certificates for encryption and identity management. The Decentralized Key Management System employs a three-layer architecture that includes a distributed-ledger layer, a cloud-based agent layer and an edge layer of apps or wallets that individuals use to access keys and data. 

“In DKMS the public keys needed to verify any user are stored on a blockchain, which as you know provides an extremely tamperproof, decentralized solution to immutable storage,” Evernym Chief Trust Officer Drummond Reed said. “That's the primary innovation that makes DKMS possible.”

Private keys are also more secure, Reed said, because they reside on each user’s devices (the edge layer) instead of with a centralized authority.  “With DKMS, there is no giant stash of private keys or other secrets anywhere,” he said.  Without the private-key “honeypots” to target, attackers “would have to try to break into the secure elements on edge devices -- mobile phones, tablets, laptops -- for each and every user they want to try to attack.” 

The edge agents being developed for DKMS, which interact with DKMS cloud agents, also make it possible to provide backup and recovery options that weren’t feasible before. “They will make it easy enough for any average internet [user] to start using a digital wallet and easily recover it if they lose all their devices,” Reed said.

DKMS has three other major advantages, according to Reed.  First, since there is no central authority, there’s no single point of failure that can impact a large number of users.  Second, DKMS is not dependent on proprietary software the way traditional service providers are.  Third, DKMS has all the resiliency of distributed-ledger technology.

The company is developing prototypes of edge and cloud agents in the open-source Hyperledger Indy project, a distributed ledger and utility library purpose-built for decentralized identity. It expects the system to be available for proof-of-concept deployments in the first half of 2018.

Posted by Patrick Marshall on Apr 27, 2018 at 2:16 PM


Featured

  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.