Security Blog
The latest news and insights from Google on security and safety on the Internet
Security Through Transparency
12 януари 2017 г.
Posted by Ryan Hurst and Gary Belvin, Security and Privacy Engineering
Encryption is a foundational technology for the web. We’ve spent a lot of time working through the intricacies of making encrypted apps easy to use and in the process, realized that a generic, secure way to discover a recipient's public keys for addressing messages correctly is important. Not only would such a thing be beneficial across many applications, but nothing like this exists as a generic technology.
A solution would need to reliably scale to internet size while providing a way to establish secure communications through untrusted servers. It became clear that if we combined insights from
Certificate Transparency
and
CONIKS
we could build a system with the
properties
we wanted and more.
The result is
Key Transparency
, which we’re making available as an open-source prototype today.
Why Key Transparency is useful
Existing methods of protecting users against server compromise require users to
manually
verify
recipients’ accounts in-person. This simply hasn’t worked. The PGP web-of-trust for encrypted email is just one example: over 20 years after its invention, most people
still can't
or
won’t
use it,
including its original author
.
Messaging apps
, file sharing, and software updates also suffer from the same challenge.
One of our goals with Key Transparency was to simplify this process and create infrastructure that allows making it usable by non-experts. The relationship between online personas and public keys should be automatically verifiable and publicly auditable. Users should be able to see all the keys that have been attached to an account, while making any attempt to tamper with the record publicly visible. This also ensures that senders will always use the same keys that account owners are verifying.
Key Transparency is a general-use, transparent directory that makes it easy for developers to create systems of all kinds with independently auditable account data. It can be used in a variety of scenarios where data needs to be encrypted or authenticated. It can be used to make security features that are easy for people to understand while supporting important user needs like account recovery.
Looking ahead
It’s still very early days for Key Transparency. With this first open source release, we’re continuing a conversation with the crypto community and other industry leaders, soliciting feedback, and working toward creating a standard that can help advance security for everyone.
We’d also like to thank our many collaborators during Key Transparency’s multi-year development, including the CONIKS team, Open Whisper Systems, as well as the security engineering teams at Yahoo! and internally at Google.
Our goal is to evolve Key Transparency into an open-source, generic, scalable, and interoperable directory of public keys with an ecosystem of mutually auditing directories. We welcome your apps, input, and contributions to this new technology at
KeyTransparency.org
.
Няма коментари :
Публикуване на коментар
Етикети
#sharethemicincyber
#supplychain #security #opensource
android
android security
android tr
app security
big data
biometrics
blackhat
C++
chrome
chrome enterprise
chrome security
connected devices
CTF
diversity
encryption
federated learning
fuzzing
Gboard
google play
google play protect
hacking
interoperability
iot security
kubernetes
linux kernel
memory safety
Open Source
pha family highlights
pixel
privacy
private compute core
Rowhammer
rust
Security
security rewards program
sigstore
spyware
supply chain
targeted spyware
tensor
Titan M2
VDP
vulnerabilities
workshop
Archive
2024
ное
окт
сеп
авг
юли
юни
май
апр
март
фев
яну
2023
дек
ное
окт
сеп
авг
юли
юни
май
апр
март
фев
яну
2022
дек
ное
окт
сеп
авг
юли
юни
май
апр
март
фев
яну
2021
дек
ное
окт
сеп
авг
юли
юни
май
апр
март
фев
яну
2020
дек
ное
окт
сеп
авг
юли
юни
май
апр
март
фев
яну
2019
дек
ное
окт
сеп
авг
юли
юни
май
апр
март
фев
яну
2018
дек
ное
окт
сеп
авг
юли
юни
май
апр
март
фев
яну
2017
дек
ное
окт
сеп
юли
юни
май
апр
март
фев
яну
2016
дек
ное
окт
сеп
авг
юли
юни
май
апр
март
фев
яну
2015
дек
ное
окт
сеп
авг
юли
юни
май
апр
март
фев
яну
2014
дек
ное
окт
сеп
авг
юли
юни
апр
март
фев
яну
2013
дек
ное
окт
авг
юни
май
апр
март
фев
яну
2012
дек
сеп
авг
юни
май
апр
март
фев
яну
2011
дек
ное
окт
сеп
авг
юли
юни
май
апр
март
фев
2010
ное
окт
сеп
авг
юли
май
апр
март
2009
ное
окт
авг
юли
юни
март
2008
дек
ное
окт
авг
юли
май
фев
2007
ное
окт
сеп
юли
юни
май
Feed
Follow @google
Follow
Give us feedback in our
Product Forums
.
Няма коментари :
Публикуване на коментар