Skip to content
Permalink
Browse files

Acknowledgements (#1490)

* Acknowledgements

* spell

* fix upspin link
  • Loading branch information
gdbelvin committed Mar 9, 2020
1 parent c6ef70f commit 3bb128948f2d77df7d8cea3fcda019284761d87d
Showing with 17 additions and 15 deletions.
  1. +16 −14 README.md
  2. +1 −1 docs/scenarios.md
@@ -26,12 +26,8 @@ authenticating users with public keys, including [Universal Second Factor Securi
* [Design document](docs/design.md)
* [API](docs/api.md)

Key Transparency is inspired by [CONIKS](https://eprint.iacr.org/2014/1004.pdf)
and [Certificate Transparency](https://www.certificate-transparency.org/).
It is a work-in-progress with the [following
milestones](https://github.com/google/keytransparency/milestones) under
development.

### Project Status
Key Transparency is a work-in-progress with the [following milestones](https://github.com/google/keytransparency/milestones) under development.

## Key Transparency Client

@@ -43,18 +39,18 @@ development.

## View a Directory's Public Keys
The Key Transparency server publishes a separate set of public keys for each directory that it hosts.
By hosting multiple directores, a single domain can host directories for multiple apps or customers.
A standardized pattern for discovering domains and directores is a TODO in issue #389.
By hosting multiple directories, a single domain can host directories for multiple apps or customers.
A standardized pattern for discovering domains and directories is a TODO in issue #389.

Within a directory the server uses the following public keys to sign its responses:
1. `log.public_key` signs the top-most merkle tree root, covering the ordered list of map roots.
2. `map.public_key` signs each snapshot of the key-value database in the form of a sparse merkle tree.
1. `log.public_key` signs the top-most Merkle tree root, covering the ordered list of map roots.
2. `map.public_key` signs each snapshot of the key-value database in the form of a sparse Merkle tree.
3. `vrf.der` signs outputs of the [Verifiable Random Function](https://en.wikipedia.org/wiki/Verifiable_random_function)
which obscures the key values in the key-value database.

A directory's public keys can be retrieved over HTTPS/JSON with curl
or over gRPC with [grpcurl](https://github.com/fullstorydev/grpcurl).
The sandboxserver has been initalized with a domain named `default`.
The sandboxserver has been initialized with a domain named `default`.
```sh
$ curl -s https://sandbox.keytransparency.dev/v1/directories/default | json_pp
$ grpcurl -d '{"directory_id": "default"}' sandbox.keytransparency.dev:443 google.keytransparency.v1.KeyTransparency/GetDirectory
@@ -98,7 +94,7 @@ $ grpcurl -d '{"directory_id": "default"}' sandbox.keytransparency.dev:443 googl
#### Generate Update Signing Keys
Every update to a user record in key transparency must be signed by an `authorized-key`.

Update signatures are saved in the merkle tree data structure, producing a record of *who* made each change to a user's
Update signatures are saved in the Merkle tree data structure, producing a record of *who* made each change to a user's
account, allowing products to distinguish between changes signed by a user key, the provider's key, or a reset-provider's key.

Each account has an updatable policy that lists the current set of authorized public keys that are allowed to make updates to the user's record.
@@ -206,7 +202,7 @@ The directory structure of Key Transparency is as follows:
* [keytransparency-sequencer](cmd/keytransparency-sequencer): Key Transparency backend.
* [keytransparency-server](cmd/keytransparency-sequencer): Key Transparency frontend.
* [**core**](core): main library source code. Core libraries do not import [impl](impl).
* [adminserver](core/adminserver): private api for creating new directories.
* [adminserver](core/adminserver): private API for creating new directories.
* [**api**](core/api): gRPC API definitions.
* [**crypto**](core/crypto): verifiable random function and commitment implementations.
* [directory](core/directory): interface for retrieving directory info from storage.
@@ -231,7 +227,13 @@ The directory structure of Key Transparency is as follows:

- [Mailing list](https://groups.google.com/forum/#!forum/keytransparency).

# Related
## Acknowledgements

Key Transparency would not have been possible without a whole host of collaborators including researchers, interns, and [open source contributors](https://github.com/google/keytransparency/graphs/contributors).

Key Transparency was inspired by [CONIKS](https://eprint.iacr.org/2014/1004.pdf) and [Certificate Transparency](https://www.certificate-transparency.org/).

## Related

* [Google Security Blog Post](https://security.googleblog.com/2017/01/security-through-transparency.html)
* [CONIKS Project](https://coniks.cs.princeton.edu/)
@@ -11,7 +11,7 @@ can significantly benefit from Key Transparency.
| **Scenario** | **Description** |
|---------------|------------------|
| Encrypted Messaging | Key Transparency is ideal for user friendly end-to-end encrypted messaging. By making key management analogous to device management, users do not have to learn any new concepts, and no additional UI beyond device management is needed. Key management fits seamlessly into existing account life-cycle flows, and users are protected without requiring them to take additional actions. |
| Encrypted Storage | Key Transparency can also be used to securely rotate the keys used for encrypted storage systems such as [upspin.io](upspin.io) |
| Encrypted Storage | Key Transparency can also be used to securely rotate the keys used for encrypted storage systems such as [upspin.io](https://upspin.io) |
| PGP Encrypted Email | Key Transparency was initially built to solve the problem of public key lookup for PGP email encryption. KT has the potential to make PGP significantly more usable than the existing web-of-trust model. |
| Insider Risk | Key Transparency removes the ability of privileged users to modify other user accounts without detection. This protects the privileged user from manipulation and ensures system safety even if the privileged user's account is compromised. |
| Post Compromise Security Audit | By relying on mathematics, Key Transparency significantly reduces the trusted computing base (TCB) of an authentication system. This makes reasoning about the security properties of an enterprise under attack much easier. The system administrator can have certainty that the authentication records for all accounts are intact, and that users will be able to quickly correct any account compromise. |

0 comments on commit 3bb1289

Please sign in to comment.
You can’t perform that action at this time.