Slides presented at World e-Id and Cybersecurity Marseille 2015-08-06-lh-xuheg
KeeeX lets users their own identity settings using a social certificates: people who know you ensure that you are the one you pretend, in the absence of a certificate authority.
Social certificates can be renewed, published, revoked at any time, at no cost.
KeeeX won an award at World Smart Week in the category e-Id and Cybersecurity.
KeeeX is unique no infrastructure, #nosaas solution.
How Social Certificates may help build Decentralized Trust - xuheg
1. World e-Id and Cybersecurity Conference
Sept. 17 2015
Laurent Henocque - KeeeX - Marseille
How Social Certificates May
Help Build Decentralized Trust
2. The situation
‣ Trusted tiers cannot be trusted to protect our
data, which may further be attacked on the air
‣ Certificate authorities may perform a loose
job at ensuring who a an emitter is.
‣ Certificates are complex to obtain, expensive,
have somehow missed their e-identity market
‣ Certificates expire, they are almost never
revoked. Revoking is expensive.
2
3. Certificate Pyramid / Chain in Short
Trusted Authority
Self Signed
Root Certificate
'topaz'
Private key digitally signs
the public key of company certificate
Private key
digitally signs
the hash ‘topaz’
Company
Certificate
Digitally
signs
the public
key of user
certificateThe file has
proven
integrity
and
certified
author
4. The two functions of a certificate
can be distributed
‣ Decentralized, autonomous file integrity is
possible (immune to attacks)
‣ Socially enforced certificates allow for a
unique e-ID scheme
4
5. Decentralized Integrity
‣ Solutions exist to embed file integrity in
documents
‣ adobe pdf, microsoft office implement this
‣ KeeeX implements this for 250+ file formats
‣ When a file is obtained, it’s integrity can be
checked offline, independently from a trusted
tier
5
6. Decentralized Authenticity
‣ The public key of a user needs not be digitally
signed by a certificate hierarchy
‣ The public key of a user can be signed by
other users!
‣ The signing private/public keypair of a user
can be picked by the user himself
‣ The signing private/public keypair of a user
can be replaced and revoked at anytime
6
7. Your public key can be signed by
someone who knows you!
…
‘topaz’
+
public
Key
+
signature Private key
digitally signs
the hash ‘topaz’
Your public key can be
stored inside the file!
The file has proven integrity
and certified author
8. How do you create your own
certificate?
‣ You create an ECC KeyPair, either randomly, or
from a self defined passphrase
‣ The public key is very short (<40 chars) and
easily fits within any file
‣ Then other people will certify your identity by
‣ digitally signing documents that refer to
documents that you have signed yourself, or
‣ files that explicitly contain your public key
8
9. For instance use Bitcoin Addresses
‣ Public key would be 1Gr8a8XKW…ERTDtya
9
10. Signatures can be verified offline
10
‣ Below is a valid signature of xirap-no…ox by
my real public key: 16VjbG…SaBSA
11. Conclusion
‣ Solutions exist to achieve the social (peer)
certification of user defined e-identities
‣ It is cost effective
‣ It is under control
‣ It can be verified using publicly available
tools
11
12. 12
Thanks for listening
Meet us at World Smart WeeeK
Laurent Henocque, laurent@keeex.net, +33 683 88 20 01
KeeeX SAS, RCS Marseille 807 570 148
Pôle Média Belle de Mai CS 20038 – 37 Rue Guibal – 13356 Marseille cedex 03
Tel: +33 4 91 05 64 47