World e-Id and Cybersecurity Conference Sept. 17 2015 Laurent Henocque - KeeeX - Marseille How Social Certificates May Help Build Decentralized Trust
How Social Certificates may help build Decentralized Trust - xuheg
Apr 13, 2017
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
World e-Id and Cybersecurity Conference Sept. 17 2015
Laurent Henocque - KeeeX - Marseille
How Social Certificates May Help Build Decentralized Trust
The situation
‣ Trusted tiers cannot be trusted to protect our data, which may further be attacked on the air
‣ Certificate authorities may perform a loose job at ensuring who a an emitter is.
‣ Certificates are complex to obtain, expensive, have somehow missed their e-identity market
‣ Certificates expire, they are almost never revoked. Revoking is expensive.
2
Certificate Pyramid / Chain in Short
Trusted Authority Self Signed
Root Certificate
'topaz'
Private key digitally signs the public key of company certificate
Private key digitally signs
the hash ‘topaz’
Company Certificate
Digitally signs
the public key of user certificateThe file has
proven integrity
and certified author
The two functions of a certificate can be distributed
‣ Decentralized, autonomous file integrity is possible (immune to attacks)
‣ Socially enforced certificates allow for a unique e-ID scheme
4
Decentralized Integrity
‣ Solutions exist to embed file integrity in documents
‣ adobe pdf, microsoft office implement this
‣ KeeeX implements this for 250+ file formats
‣ When a file is obtained, it’s integrity can be checked offline, independently from a trusted tier
5
Decentralized Authenticity
‣ The public key of a user needs not be digitally signed by a certificate hierarchy
‣ The public key of a user can be signed by other users!
‣ The signing private/public keypair of a user can be picked by the user himself
‣ The signing private/public keypair of a user can be replaced and revoked at anytime
6
Your public key can be signed by someone who knows you!
…
‘topaz’ + public Key + signature Private key
digitally signs the hash ‘topaz’
Your public key can be stored inside the file!
The file has proven integrity and certified author
How do you create your own certificate?‣ You create an ECC KeyPair, either randomly, or
from a self defined passphrase
‣ The public key is very short (<40 chars) and easily fits within any file
‣ Then other people will certify your identity by
‣ digitally signing documents that refer to documents that you have signed yourself, or
‣ files that explicitly contain your public key8
For instance use Bitcoin Addresses‣ Public key would be 1Gr8a8XKW…ERTDtya
9
Signatures can be verified offline
10
‣ Below is a valid signature of xirap-no…ox by my real public key: 16VjbG…SaBSA
Conclusion
‣ Solutions exist to achieve the social (peer) certification of user defined e-identities
‣ It is cost effective
‣ It is under control
‣ It can be verified using publicly available tools
11
12
Thanks for listening
Meet us at World Smart WeeeK
Laurent Henocque, [email protected], +33 683 88 20 01
KeeeX SAS, RCS Marseille 807 570 148Pôle Média Belle de Mai CS 20038 – 37 Rue Guibal – 13356 Marseille cedex 03
Tel: +33 4 91 05 64 47
Related Documents
