PKI Is For Machines and Not Humans: Key Event Receipt Infrastructure (KERI)
PKI Is For Machines and Not Humans: Key Event Receipt Infrastructure (KERI)
The one thing that surprises me about cybersecurity is how black-and-white it is often painted. It has to be PKI (Public Key Infrastructure), or it has to be blockchain — there’s very little in-between. In most other disciplines, there’s a toolbox of methods, and we pick whichever is best.
In a comment on a recent blog post, someone said that a “loved PKI”. I smiled as I read it, as virtually all of my current research is trying to get rid of PKI, and replace it with something that is more citizen-focused. All I was doing in the blog post was praising how public key encryption had saved the security of the Internet. While in no means perfect, PKI, at least, is a sticking plaster, and where we need to find solutions.
The Internet was not designed for humans
One thing we should know … is that the Internet was not designed to integrate humans. It is a machine-to-machine infrastructure and uses trusted root authorities, such as GlobalSign. But why? Why do these privileged organisations have the right to be trusted to do anything? Well, of course, we have bad people on the Internet, and we need to stop them from faking Web sites and spear phishing, and so to protect our citizens, we need root signers and who delegate to intermediary signers. It mainly works well but is not without its faults.
The Internet is basically a very poor infrastructure for trust and security. What happens when someone else uses your identity for malicious purposes, such as when a scammer sends out phishing emails using your account? Are you liable? Will your email address be blocked by spam checkers? Will you be kick-off social media?
Along with this, we don’t actually own many of the identifiers that are used to identify us. For example, Gmail owns your Gmail identifier and is the case for most Cloud Service Providers. And, so, if Gmail decides that they don’t want you any more, you can just take your identity somewhere else.
KERI (Key Event Receipt Infrastructure)
So, just like we have a root of trust for the Internet, why can’t we have a primary root of trust with self-certifying identifiers? Why can’t I be the signer of my own identity and not rely on Google managing it? Could I be my own root of trust and verify my identity so that others would not be able to steal my identity?
For this, we can use Autonomic Identifiers (AIDs) and Autonomic Namespaces (ANs), and which integrate into an Autonomic Identity System (AIS) [1][2] known as KERI:
And, so, rather than using the centralised trust model of PKI we can use a decentralized key management infrastructure (DKMI). With this, we define the assurance of any message with a self-certifier identifier and which uses a public key pair (and where a private key signs the message, and the public key verifies it). When we need to change this key pair, we then update an append-only chained key-event log to show the transfer. This overcomes the revocation problems that happen in PKI. In this way, we make the signing verifiable by anyone, anywhere, at any time.
Conclusions
I repeat PKI is a sticking plaster for the security of the Internet. We need to find better ways to break the centralised approach to trust and move towards giving citizens the right to manage their own identity. KERI is, at least, one step forward in our thinking. Go and read the white paper, and make up your own mind. Our digital world is not black-or-white … it has many shades.
Reference
[1] Smith, S. M. (2019). Key event receipt infrastructure (keri). arXiv preprint arXiv:1907.02143.