Google ventures into public key encryption

Google's Key Transparency project offers a model of a public lookup service for encryption keys

Google ventures into public key encryption
Credit: Flickr/ke dickinson

Google announced an early prototype of Key Transparency, its latest open source effort to ensure simpler, safer, and secure communications for everyone. The project’s goal is to make it easier for applications services to share and discover public keys for users, but it will be a while before it's ready for prime time.

Secure communications should be de rigueur, but it remains frustratingly out of reach for most people, more than 20 years after the creation of Pretty Good Privacy (PGP). Existing methods where users need to manually find and verify the recipients’ keys are time-consuming and often complicated. Messaging apps and file sharing tools are limited in that users can communicate only within the service because there is no generic, secure method to look up public keys.

“Key Transparency is a general-use, transparent directory, which makes it easy for developers to create systems of all kinds with independently auditable account data,” Ryan Hurst and Gary Belvin, members of Google’s security and privacy engineering team, wrote on the Google Security Blog.

Key Transparency will maintain a directory of online personae and associated public keys, and it can work as a public key service to authenticate users. Applications and services can publish their users’ public keys in Key Transparency and look up other users’ keys. An audit mechanism keeps the service accountable. There is the security protection of knowing that everyone is using the same published key, and any malicious attempts to modify the record with a different key will be immediately obvious.

“It [Key Transparency] can be used by account owners to reliably see what keys have been associated with their account, and it can be used by senders to see how long an account has been active and stable before trusting it,” Hurst and Belvin wrote.

The idea of a global key lookup service is not new, as PGP previously attempted a similar task with Global Directory. The service still exists, but very few people know about it, let alone use it.

Kevin Bocek, chief cybersecurity strategist at certificate management vendor Venafi, called Key Transparency an "interesting" project, but expressed some skepticism about how the technology will be perceived and used. Key Transparency is not a response to a serious incident or a specific use case, which means there is no actual driving force to spur adoption. Compare that to Certificate Transparency, Google’s framework for monitoring and auditing digital certificates, which came about because certificate authorities were repeatedly mistakenly issuing fraudulent certificates.

Google seems to be taking a “build it, and maybe applications will come,” approach with Key Transparency, Bocek said.

The engineers don’t deny that Key Transparency is in early stages of design and development. “With this first open source release, we're continuing a conversation with the crypto community and other industry leaders, soliciting feedback, and working toward creating a standard that can help advance security for everyone," they wrote.

While the directory would be publicly auditable, the lookup service will reveal individual records only in response to queries for specific accounts. A command-line tool would let users publish their own keys to the directory; even if the actual app or service provider decides not to use Key Transparency, users can make sure their keys are still listed. “Account update keys” associated with each account—not only Google accounts—will be used to authorize changes to the list of public keys associated with that account.

Google based the design of Key Transparency on CONIKS, a key verification service developed at Princeton University, and integrated concepts from Certificate Transparency. A user client, CONIKS integrates with individual applications and services whose providers publish and manage their own key directories, said Marcela Melara, a third-year student at Princeton University’s Center for Information Technology Policy and the main author of CONIKS. For example, Melara and her team are currently integrating CONIKS to work with Tor Messenger. CONIKS relies on individual directories because people can have different usernames across services. More important, the same username can belong to different people on different services.

Melara said she and her team have not yet decided if they are going to stop work on CONIKS and start working on Key Transparency. One of the reasons for keeping CONIKS going is that while Key Transparency’s design may be based on CONIKS, there may be differences in how privacy and auditor functions are handled. For the time being, Melara intends to keep CONIKS an independent project.

“The level of privacy protections we want to see may not translate to [Key Transparency’s] internet-scalable design,” Melara said.

On the surface, Key Transparency and Certificate Transparency seem like parallel efforts, with one providing an auditable log of public keys and the other a record of digital certificates. While public keys and digital certificates are both used to secure and authenticate information, there is a key difference: Certificates are part of an existing hierarchy of trust with certificate authorities and other entities vouching for the validity of the certificates. No such hierarchy exists for digital keys, so the fact that Key Transparency will be building that web of trust is significant, Venafi’s Bocek said.

“It became clear that if we combined insights from Certificate Transparency and CONIKS we could build a system with the properties we wanted and more,” Hurst and Belvin wrote.