PKI for the Masses – Secure, Private Authentication Made Easy
Public Key Infrastructure (PKI) authentication is the most secure and reliable way to prove online identity, but it is rarely used by consumers. There are three main obstacle to using PKI authentication for consumers:
- Obtaining and installing private keys in devices is beyond the comfort level of most users. This capability has existed for 25 years but if still only used by a few security professionals and journalist who want to receive anonymous, confidential material.
- Installing, associating and tracking key pairs for each service is complex. It is time consuming for users to register keys for each device they own with the ~100 different internet services that they use. Adding, removing or replacing a device becomes an all day marathon.
- Trust in PKI systems traditionally relies on a central certificate authority which issues and sign keys. The software for users to create and store unsigned key pairs has been available for decades but few services accept them.
Single Sign On systems leveraging OIDC and Oauth are offered by largest internet services and provide PKI authentication for web services but they are extremely hostile to user privacy (Facebook, Google) or proprietary products (Apple, Microsoft). UNS is an open collection of protocols, software products and service providers that solves the problem of associating unsigned public keys with users in a way that preserves user privacy.
UNS allows users to control their online identity by pinning and unpinning public keys. Each user device generates a unique public-private key pair. When a user gets a new device they can pin the key to their account on a UNS Identity Guardian of their choice. If a device is lost or discarded, the user can unpin its key.
To authenticate to an internet service, the user receives a token that they cryptographically sign, their Guardian verifies the signature and then sends a signal to the service’s UNS Gatekeeper indicating the user’s identity. Identity is authenticated using service specific identifiers that contain no personally identifiable information.
Additional security is achieved through three different types of audit process:
a) Each user device keeps and synchronizes a list of the user’s public keys. If a pin or unpin transaction has occurred with the user’s Guardian Node, the node sends the device a receipt for the transaction that is cryptographically signed by the user. This allows the user to verify that each pin/unpin transaction was properly authorized.
b) Upon login in to a service, the service can provide the user the cryptographically signed token from the most recent login, allowing the user to verify that no unauthorized logins have occured.
c) If a service suspects that a user is participating in a Sybil attack, the service can request non-personally identifiable information about the user (such as public keys) that is stored by the user’s Guardian node. This information is tokenized using a hash function that takes the information and the service’s identifier as inputs. This prevents different services from comparing information about their users, but may allow each service to determine if a user is controlling more than one account with the service.