What is EmerSSH?
It is a worldwide Public Key Infrastructure (PKI) providing up-to-date, trusted user keys to create secure client-server connections. It is more than a standard PKI, allowing us to build trusted networks on any scale, including worldwide. For more details about what PKI is and what it is used for, search Russian Wikipedia.
How to install and setup EmerSSH
What is the difference between PKI EmerSSH and standard PKI?
Problems that EmerSSH solves:
- The large amount of work required for setting up access rights and the necessity for perfection. System administrators have to perform a large amount of work, recording the number of users using the servers, and there is no room for error (mistakes are very costly) (this problem can be solved by any PKI). The impossibility of quick addition and removal of users to multiple servers. It is impossible to deny access to a user on multiple servers quickly (in the cases of access restriction or password loss) (this problem can be solved by any PKI)
- The administrative channel could be compromised, i.e. hackers can take control and acquire access rights to the server (this problem is solved by any PKI to a varying degree, however only EmerSSH solves this problem without additional expense)
- It requires the allocation of additional resources (servers, “domain controllers”, human resources) to manage the PKI. These are necessary for further server maintenance. In fact, it requires its own internal network of access control servers (domain controllers) for ensuring secure communication, purchasing or generating certificates, and maintaining network certificates (generation, distribution) (this problem can be completely solved by EmerSSH alone)
- The problem of the head (central) system administrator(s). There is too much power concentrated within the administrators of the central server. There is a chief administrator (or several chief administrators) controlling the entire system without external monitoring. In other words, we can only trust the system if we completely trust the administrators.
In case of dismissal, the administrator could theoretically maintain access, unnoticed by other administrators. In situations concerning bribery or coercion, an administrator could steal data from any user or database or provide anyone access to any server (such cases have occurred in multiple instances).
An administrator with malicious intent could give access to competitors, unchecked and unnoticed, to steal information, and leave a false trail, as if a selected user stole the given information (this problem can be solved by EmerSSH only).
- The problem of a central server. If there is a centralized server of authorization (or several servers of this type), it becomes a point of weakness.
In the case of central server failure (loss of access, an attack on the server), the entire security system stops working. When the central server is compromised (password theft, physical hacking, etc.), the whole structure becomes compromised (this problem can only be solved by EmerSSH). In the case of network failure, authorization requests can’t be processed before restoration, which can lead to the entire company being temporarily down (this problem can only be solved by EmerSSH).
- All updates (keys, rights, groups, users, etc.) can only be performed by the administrator. The user cannot add or modify any keys by themselves. The administrator can’t give access to another user to manage the group rights. This leads to the possibility that:
An administrator with malicious intent could replace a user’s key independently (he or she could even do it temporarily, and then replace the original key, destroying the traces of any unauthorized access). The consequence of this is that the system administrator could have unchecked access to any data of any user(!). This could happen either because of system administrator disloyalty, coercion, or as the result of a successful attack on the administrator’s computer. The administrator could create a “bottleneck” in the system during massive changes. The administrator must be on call 24/7 (which is especially important during a situation in which keys become compromised, when every minute counts during the revocation time) (this problem can be solved by EmerSSH only).
- The problem of scale is that the growth of the system results in an exponential growth in the complexity of its control. For example, when doubling the number of servers, the costs to maintain security, management of users, administrators, etc. can grow 4–5 times. (this problem can be solved by EmerSSH only).
Why is EmerSSH better than other PKI, for example, Puppet, LDAP/Kerberos, etc.?
- Other PKI tools require separate servers to maintain their infrastructure. In EmerSSH the infrastructure is maintained by independent miners, who maintain the Emercoin blockchain, and anyone who uses the Emercoin blockchain for their needs.
- The setup and implementation of EmerSSH requires less effort.
- When increasing the scale of an infrastructure that relies on standard solutions, an exponential increase in the complexity of its configuration and maintenance occurs. EmerSSH is easily expanded to any scale, including worldwide.
In order to expand EmerSSH, downloading the block chain onto each server is required, but this takes a lot of space.
Modern computers have sufficient memory and Emercoin functions normally, even on Rapsberry Pi. Nevertheless, even for the “boxes” you can get full functionality within the firm, launching an Emer demon on one computer and organizing access to it inside a protected network. Almost all the pros in this case are retained (it is possible to quickly obtain certificates, there is no central super-administrator, etc.). In addition, the Emer blockchain is quite economical in terms of space when compared with other blockchains due to its optimization of data storage. For example, the size of the Bitcoin blockchain as of 20.12.2016 exceeds 100 GB vs 0.5 GB of Emercoin blockchain. You would have to upload your passwords to the blockchain, which are visible to all users of the blockchain.
The blockchain only stores public keys and user logins and that information is distributed via open channels.
That is how systems of asymmetric encoding work. In other words, for the operation of the system it is not required to keep classified information in the blockchain.
The EmerSSH technology is unknown in the market.
This is true, as security technology has become infamous for the extreme conservatism of its market. But is it necessarily true that any technology “not tested by hundreds of thousands of companies” isn’t any good?
EmerSSH technology is based on blockchain and it may be outlawed in our country.
Blockchain is unlikely to be prohibited. Cryptocurrency and/or its exchange can be forbidden, but the use of blockchain services is impossible to make illegal. Even if the exchange of cryptocurrency is completely forbidden, there are several simple solutions to continue the operation of services without violating the law. For example, purchasing coins to extend services in other countries where it is not prohibited or using intermediaries to pay for the services on your behalf. You can also pre-purchase a sufficient number of coins and use them only for the creation/updating of records in the blockchain.
The entire Emercoin blockchain could “collapse” and then we would lose access to our entire infrastructure.
First, the Emercoin blockchain is older than most popular blockchains and still functions well. Its focus on long-term performance is one of the strengths of Emercoin. Second, the majority of technology based on it are expected to be long-term and as long as there is a demand for blockchain services, it will be supported at least in part by the miners. Even if you were to try to deliberately stop the blockchain you wouldn’t be able to succeed because the independent miners would be profitable enough to support it.
If we decide to use your technology, we will have to train all employees (both existing and future), because it is not included in the “standard” package of system administrator training.
- The amount of information that you will need to master is small.
- 90% of the knowledge required to implement EmerSSH and EmerSSL is a part of SSL and SSH work and it is included in the “standard packages”.
- As Emercoin is based on the Bitcoin technology, many aspects of its operation are the same as Bitcoin and this knowledge is becoming a part of the “standard” for a system administrator.
- And in the end, this could actually be an advantage in many cases. Knowing an advanced technology which isn’t known by others is a competitive advantage, useful for a higher salary and better career.