The Future Of Security On The Internet: Distributing Trust
The most basic requirement for human relationships and connectivity is trust. Be it machines or actual people, when one communicates with another, they give up some security in return for interacting. This is a leap of faith. In the context of the internet of all things (IoT) and ubiquitous Cloud-connectivity, there is an alternative.
From its humble beginnings, early adopters of the internet understood that without trust, the degree of exchange required to reshape the way the world communicates (social networking + e-mail), shops (e-commerce), saves (e-banking) or votes (e-voting) would be impossible. Public-private key pairings, passwords, and SSLs were all hallmarks of an early encryption technology. Yet, this trust infrastructure was designed to support thousands of servers, not billions. Passwords are useful insofar as criminals do not compromise central directories, or equip themselves with advanced password-generators.
Cyber-attacks throughout the internet are growing in complexity and severity. The growing availability of DDoS, Ransomware and APT toolkits are making attacks easier. Criminals are no longer limited by technical shortcomings. Internet company Verisign’s Q1 2016 study on DDoS attack trends showed an 111% yearly increase in attacks, 64% of which were a combination of two-or-more types. The Payment Card Industry Security Standards Council (PCI SSC) no longer recognises SSLs as safe encryptions. A recent study showed that 79% of info-sec professionals experienced account takeovers, and 69% said that username/password credentials no longer provided enough security. The foundations for internet trust — passwords, SSL, the public key infrastructure — are outdated and fundamentally unsafe.
While behavioural biometrics and two-factor authentication (considered by 92% of info-sec pros much safer than passwords) are part of the solution, an architectural overhaul towards a simpler, decentralised trust is urgently needed.
The New Solution
MIRACL, a small UK-based cryptography company, has an answer. Its Distributed Trust model promises to authenticate any person, app or machine instantly, without the use of passwords, keys or vulnerable HTTPS protocol. A human (or machine) would easily supply a pin code with their specific browser (Safari, for instance) in order to use their “Unique Cryptographic Authentication Key”, hence access to the requested server. The user would receive their key after multiple partial key distributees (called “trust authorities”) receive a request to create shares of a key from a single entity. This technology allows the user to receive their partial key shares from, theoretically, an infinite number of trust authorities whom they choose to trust.
Up 30% from 2015, research company Gartner estimates 6.4 Billion ‘things’ are connected to the internet, on a surge of investment in the IoT that is expected to triple by 2020 (and go from $1.4trn in 2016 to $3trn by 2020). This upsurge creates a scalability problem that a simplified trust/authentication infrastructure can resolve. It is tempting to securitise ‘things’ with the HTTPS protocol, but deeply inefficient. Indeed, using HTTPS for a dozen different devices within a single home would generate untold amounts of wire traffic between central directories, certificate authorities and devices. Bypassing the need to supply central servers with public-private key matches for each connected device, Distributed Trust removes intermediaries and reduces the wire traffic.
By decentralising trust through distributing key parts to an infinite number of chosen trust-authorities, MIRACL endeavours to make authentication safer, simpler and cheaper for all.
If you enjoyed this piece, keep watching this space. I will be writing about Blockchain and Cyberwar in the next few weeks.
This article was modified from its original, published on The Market Mogul 6 July 2016.
Enjoy this Article?
Like & Follow us to get more!
Originally published at themarketmogul.com.
