CoreStreet targets massively scalable validation

Phil Libin

All computer and network security begins with authentication. Once you identify someone, by whatever means, the focus shifts to authorization, or what CoreStreet’s President Phil Libin calls validation. Are the credentials still valid? Is the authenticated person allowed to read this document or enter that airplane cockpit?

In small-scale connected systems, we just look up the person in a directory and check permissions. But when there are millions of potential readers of the document, or when the plane is airborne and can’t contact the directory, we’re stuck. It hasn’t been feasible, never mind economical, to validate credentials on a massive scale across far-flung and/or occasionally connected networks. Libin wants to do for validation what GPS does for location-finding: Make it cheap and ubiquitous.

The vision unfolds in several phases. CoreStreet’s RTC (Real Time Credentials) Validation Authority precomputes and distributes OCSP (Online Certificate Status Protocol) responses, working with existing public key infrastructure. The Department of Defense, Libin says, is rolling out this solution to validate credentials on its more than four million Common Access Cards.

In other applications, the RTC generates and distributes small packets of data — time limited and tamper evident — that can safely travel to the edge of the network or even beyond to offline devices. The mathematical foundations were laid by CoreStreet’s chief scientist, Silvio Micali, who won the 1993 Gödel Prize for his theoretical work on zero-knowledge and interactive proofs. What Libin and his team saw in Micali’s work was a series of applications that transcend the limitations of centrally connected validation.

The security counterpart to GPS is something Libin calls “validation heartbeat.” Superdistribution of time-limited credentials, he suggests, will make validation on a massive scale both feasible and economical. In one version of the idea, VTokens transmit small sets of credentials to, for example, bandwidth-constrained battleships. In another version, MiniCRLs (Certificate Revocation Lists) broadcast huge batches of credentials — what Libin calls a “world file” — to, for example, routers that need to divide the vast population of IP hosts into friends and foes.

By decoupling the distribution of credentials from their generation, all these schemes challenge traditional assumptions about the bandwidth, security infrastructure, and device capabilities required in order to validate credentials. “We can see a time in the near future,” Libin says, “when an application or device can take for granted that it just knows, without having to ask, whether an action is valid.”