Data encryption on the Internet is no longer the prerogative of secret military laboratories or crypto-anarchists. As the line between the material and virtual realities blurred, the question of keeping privacy on the Internet, a place which does not know traditional boundaries with inspection points and passport control, becomes even more acute. According to the Russian Coordination Center of the national Internet domain, the amount of encrypted traffic has increased from 30% to 80% over the past five years.
Digital signatures, or as they are often called digital certificates, is one of the most commonly used methods of data protection on the Internet. SSL certificates allow you to electronically transfer information in an encrypted form, protecting it from being replaced or read. The way a digital certificate operates can be represented as follows: when you send a secure message, it is encrypted with a public key, then to be decrypted with a private key in order for the receiving side to read the message. SSL certificates have become the usual method of protection for most of the resources that work with personal data and payment information – banks, insurance companies, air carriers, payment systems, as well as government portals, such as, for example, the tax service.
Typically, digital certificates are issued by certification authorities (Comodo, Geotrust, GlobalSign, Symantec, etc.), either directly or through partners. An important role is also played by the Registration Centers and Servers, which are responsible for providing information about the current status of the certificate via the OCSP (Online Certificate Status Protocol). But how rational is it to trust the public key authentication to third parties?
Back in 2010, Stuxnet malware began to spread on the network, the program was signed using stolen digital certificates from RealTek and JMicron. There is no doubt that over the past nine years not only the technology of digital certificate protection has been developed, but also the methods of their theft and hacking. In addition, digital certificates can be revoked in the context of political conflicts, which will also affect the work of many resources. It was precisely this case that the administration of the Russian president was scared of several years ago, when in 2016 they discussed the possibility of creating a state certification center that would issue SSL certificates for sites on the Internet. Now even state portals in Russia use digital certificates issued by American companies Comodo or Thawte (Symantec’s subsidiary).
One of the key factors that open up the possibility for attackers to act is a centralized approach to issuing and maintaining digital certificates. The answer to this may be the transition to decentralization. This conclusion is made by the Russian scientist, the legend of cryptography and the director of technology and innovation of ENCRY Andrey Chmora in his article on the concept of a decentralized public key infrastructure (DPKI).
“Let’s abandon the concept of a digital certificate and use a distributed registry (blockchain) to store information about public keys <…> If previously a digital certificate that imitated CA was used as a “container” for storing a public key, now that information with the details about the owner and other metadata is stored in a distributed registry “, – the article says.
The scientist proposes to refuse the services of trusted centers, which are now responsible for authenticating the identity of the owner of a public key, issuing a certificate, and changing status. So, everyone will be able to access the distributed registry and check the current status of a public key, and only the owner will be able to change its status.
One of the basic functions of trusted centers is to authenticate the identity of the applicant. With a decentralized approach, it is proposed to delegate it to the community, which will collectively verify it after the fact.
“With the growth of global digitalization, there is also growing interest among fraudsters and intruders in this area. The usual protection methods can not withstand and may give a gap, but the decentralized approach and blockchain technology can strengthen security systems and protect data flows from unauthorized changes or hacking,” said the Founder of ENCRY Roman Nekrasov. – “We are pleased to contribute and offer such an elegant and, at the same time, revolutionary concept, as a decentralized infrastructure of public keys (DPKI). This will help the entire industry to make another step in the development of capabilities offered by the blockchain technology”.
The decentralized infrastructure of public keys – DPKI has two main advantages – the persistence (invariability) of information and its open storage, when anyone can check the status of a key. Both of these advantages lead to the enhancement of the security of data transmission on the Internet.
Since 2018, ENCRY has been actively developing technologies related to the implementation of DPKI. More details on how DPKI is organized and how it is going to be deployed on the ENCRY Core blockchain will be explained in the company’s official blog.