Wei-Yang Chiu:
Why should I believe in everything you said?
When incompetent security monopolies predominate our computer trusted network, should we trust the system anyway?
You are in a world of the future. In this particular world, people are not allowed to trust any others without permission. Suppose you are ready to make friends with someone. Before you proceed, you have to dial a special number to the government agency and ask: “Is this particular person trustworthy?” If the answer is yes, you proceed. If the answer is no, you decline. You are not allowed to override the decision and not entitled to question the government agency.
If you are questioning the story, you might want to take a close examination of our Public Key Infrastructure (a.k.a. PKI) nowadays. Before we proceed any further into the article, we have to take a look at how the keys work in asymmetric encryption. You may not have heard of asymmetric encryption; However, you may have known HTTPS, a protocol that ensures your connection is secure and nobody can eavesdrop your data. HTTPS is a typical protocol that relies on asymmetric encryption. Asymmetric encryption consists of 2 keys to perform encryption and decryption. A public key and a private key. If A would like to send B an encrypted message, A uses B’s public key to perform encryption, B then uses her private key to decrypt. Any public key will have a paired up private key. The paired up private key should only decrypt a public key encrypted message. In layman’s term, the public key is an open box with a lock. The lock locks the box automatically if closed. A private key is a key that can open the box.
However, the asymmetric encryption system runs into a problem. How can I know which public key indeed belongs to a person or organization? That’s where the certificate and Public Key Infrastructure (a.k.a. PKI) steps in. Public Key Infrastructure has two crucial entities, the certificate authority, and registration authority. The registration authority is the entity responsible for validating whether the person or the organization possesses the public legitimately. If the person or organization passed the validation, the registration authority would notify the certificate authority to store the person’s or the organization’s public key and provide the certificate of the public key. The certificate authority is the entity responsible for storing, checking, issuing the certificates. A certificate is a piece of information that describes the status of a person’s or an organization’s public key. It includes some crucial information, including who the public key belongs to and who approves the certificate. The computer software only checks the information of who approves the certificate. Is the approver the one I trust? If the approver is in the software’s trust store, the software accepts the certificate. If the approver is not in the trust store, the software rejects it or make complaints to the user. The computer software mostly comes with major CAs’ information preinstalled, so that the users don’t have to install themselves.
The system sounds promising; however, it does come with a bunch of problems. There are many CAs and RAs in service around the world. How can we ensure that they are playing nicely? Any of them can issue whatever certificates or public keys they want to. What if they generate disguised keys and being malicious? For example, conceal a particular destination that is not a real place I would like to be; however, because the certificate is a valid certificate according to the CA, the software trusts it nonetheless.
Endless security breaches from the major CAs coming now and then, such as DigiNotar, Comodo, even company that relies on its security expertise: Symantec plagued from the problem. Many solutions carry out. Certificate Revocation List (a.k.a. CRL), an extended system alongside with existing PKI, allows certificate authorities to provide a list of revoked certificates before these certificates reach their expiration date. CRL allows the software that implemented with the scheme, rejects the malicious certificates as soon as the CA issued the notice. Log-based PKI equipped with a public log of PKI activities, the software deployed with the scheme can check the log accordingly to terminate the trust for certain certificates and CAs. However, these solutions do not change the nature of the PKI architecture: Centralized, which is the weak spot and breaching point of the whole system.
If we looked into how the network of trust in human society, we may find a solution for this. Although, how to evaluate the trustworthiness of a person is based on multiple criteria, how others, especially the people that are close and trusted, say about the person is a crucial index. Combine with the intelligence in the manner of how human trusted network expand and maintain; we developed a decentralized network based on the model. The special characteristic of the network is every participant will ask its trusted nodes, named neighbors, for validating others. If most of the neighbors provide the same particular response, it is considered the correct answer. The answering integrity of a node is very important because the score of trustworthiness is relying on it. A node that constantly provides a different answer from others is considered malicious. Other nodes will lower the priority to query the node for validating others since its low trustworthiness. In contrast to a node that has good answering integrity, the other nodes will increase the priority to query the node for validating. The scheme allows the whole system to eliminate the malicious node naturally.
To combine the advantages of decentralization, the benefits of the power of masses, the safety of blockchain technology, and finally, a stable system performance, we introduced NoPKI – A PKI system that benefits from blockchain, however, keeping a stable system performance as the system grows. The bootstrap process consists of a group of nodes that randomly selected from one’s trusted node list, called “Neighbors,” to form a temporary private blockchain and generate a root certificate of the group, called “Neighborhood.” A node may or may not be in single or multiple groups. For a node to perform a lookup up the validity of a certificate or public key, it will send its request to its neighborhood, in which each neighbor will pass the request along until the request reached the destination. To estimate the trustworthiness of each neighbor in the neighborhood, the correctness of the answer each neighbor provided, will turn into its score. The higher a neighbor’s score is, the more trustworthiness the neighbor will be.
Finally, we create a network that diversifies the risk of centralizing the decision of trust to every participant in the network, which solves the root cause of the problem existing in our current PKI system directly and effectively.