BlockWorld 2018 has ended
Friday, September 14 • 3:00pm - 3:50pm
OPEN TALK: A Global, Distributed Identity and Trust Management System Using Distributed Ledgers

Sign up or log in to save this to your schedule and see who's attending!

Much of the Internet is built on use of digital certificates to provide trusted assertions. Digital certificates have many limitations that can now be overcome using distributed ledgers and other components. While many applications of blockchains have unproven value or can be implemented more efficiently without them, we demonstrate that blockchains and other forms of distributed ledgers can be used to construct a global system that solves many of the current problems in identity and trust management systems. This system allows us to establish identity and trust management systems that can gracefully scale to include the Internet of Everything. The talk will discuss many of the limitations of current certificate authorities such as: · Scale: Current CAs are hierarchical, so the production of trusted assertions is limited by the inability of CAs to efficiently organize means for trusting assertions from authorities that naturally need to cover billions of diverse topics from billions of authoritative sources that interact in non-hierarchical ways. · Perfect Forward Integrity: Certificate base systems rely on the security of signing keys. When a signing key is compromised, all certificates signed with the key both in the future as well as the past, lose verifiable authenticity. Worse, all assertions made in the past with keys downstream in a certificate chain are compromised. This exacerbates and is exacerbated by the scaling issue described above. A system with perfect forward integrity is needed whereby assertions are still valid and authenticatable as long as we know they were made before the key was compromised. · Revocation and renewability: After decades of deployment of Certificate Management systems, revocation and renewability remain difficult and unscalable even for homogeneous applications. Identity management for entities whose attributes can change often requires new thinking and systems. · Impending collapse from Quantum Computation: All certificate schemes that are in practice today are vulnerable to QC attacks that can someday render all digital certificates past, present and future useless. The proposed distributed ledger-based system will include the following features: · A heterogenous system of distributed ledgers with common interfaces can become a universal recording mechanism for all types of trusted assertions about "rich identities" for all kinds of entities. · This heterogeneous system can evolve to naturally and securely support assertions from the "natural" authorities able to cover diverse attributes about diverse entities. This system will scale as more entities need to rely on one another in an Internet of Everything. · We introduce the concept of "trusted derivatives" of distributed ledgers that can be used to efficiently make trusted assertions available to individual entities and applications optimized for their needs. · While the virtuous immutability and auditability of distributed ledgers can make revocation and renewability challenging, we can use these trusted derivatives to provide the latest trusted assertions, including any changes and revocations, available in highly efficient ways. Under this system, users of trusted information can be guaranteed the latest information provided at low latency and high reliability. Costs of the system can be scaled according to the level of assurance required. · A few simple, optimizable components can be designed to provide a highly reliable, adaptive, scalable system that efficiently transfers information from trusted assertion producers with recognized authority on specific topics to trusted assertion consumers who will use that information according to their specific applications and their own personalized policies. · The architecture allows for the use of many different types and formats of trusted assertions. This architecture will support notions of "incremental trust", blind authorization, anonymity, and confidentiality. · The system is designed to significantly reduce vulnerability to quantum computing attacks.

avatar for David Maher

David Maher

Chief Technical Officer, Intertrust Technologies
David Maher has over 30 years of experience in secure computing and is responsible for Research and Development at Intertrust. Before joining Intertrust in 1999, he was chief scientist for AT&T Secure Communications Systems, Head of the Secure Systems Research Department, and security... Read More →

Friday September 14, 2018 3:00pm - 3:50pm
Expo Stage

Attendees (35)