CONIKS: Bringing Key Transparency to End Users
نویسندگان
چکیده
We present CONIKS, an end-user key verification service capable of integration in end-to-end encrypted communication systems. CONIKS builds on transparency log proposals for web server certificates but solves several new challenges specific to key verification for end users. CONIKS obviates the need for global third-party monitors and enables users to efficiently monitor their own key bindings for consistency, downloading less than 20 kB per day to do so even for a provider with billions of users. CONIKS users and providers can collectively audit providers for non-equivocation, and this requires downloading a constant 2.5 kB per provider per day. Additionally, CONIKS preserves the level of privacy offered by today’s major communication services, hiding the list of usernames present and even allowing providers to conceal the total number of users in the system.
منابع مشابه
Bringing Deployable Key Transparency to End Users
We present CONIKS, an end-user key verification service capable of integration in end-to-end encrypted communication systems. CONIKS builds on related designs for transparency of web server certificates but solves several new challenges specific to key verification for end users. In comparison to prior designs, CONIKS enables more efficient monitoring and auditing of keys, allowing small organi...
متن کاملEthIKS: Using Ethereum to Audit a CONIKS Key Transparency Log
CONIKS is a proposed key transparency system which enables a centralized service provider to maintain an auditable yet privacypreserving directory of users’ public keys. In the original CONIKS design, users must monitor that their data is correctly included in every published snapshot of the directory, necessitating either slow updates or trust in an unspecified third-party to audit that the da...
متن کاملCONIKS: A Privacy-Preserving Consistent Key Service for Secure End-to-End Communication
Recent revelations about government surveillance have significantly increased the demand for end-to-end secure communications. However, key management remains a major barrier to adoption. Current systems are often either vulnerable to a malicious or coerced key directory or they make unrealistic assumptions about user behavior, for example, that users will verify key fingerprints out of band. W...
متن کاملConiks 2.0: Publicly Verifiable Keystore with Key Changing and Verifying Capabilities
A requirement of public-key infrastructure is that users can verify that a key belongs to a specific person. While it is infeasible for machines to verify a "correct" user-key binding, we assume that simply having continuity of name-key bindings is sufficient for secure communications. In this paper and corresponding reference implementation we present CONIKS 2.0, an extension of the original C...
متن کاملEnhanced Certificate Transparency and End-to-End Encrypted Mail
The certificate authority model for authenticating public keys of websites has been attacked in recent years, and several proposals have been made to reinforce it. We develop and extend certificate transparency, a proposal in this direction, so that it efficiently handles certificate revocation. We show how this extension can be used to build a secure end-to-end email or messaging system using ...
متن کامل