LOKI : a lease-oriented key infrastructure with instant updates and seizure-resistance

Fromknecht, Conner(Conner M.)

Author(s)

Fromknecht, Conner(Conner M.)

Download1015247248-MIT.pdf (3.693Mb)

Alternative title

Lease-oriented key infrastructure with instant updates and seizure-resistance

Other Contributors

Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science.

Advisor

Srini Devadas.

Terms of use

MIT theses are protected by copyright. They may be viewed, downloaded, or printed from this source but further reproduction or distribution in any format is prohibited without written permission. http://dspace.mit.edu/handle/1721.1/7582

Metadata

Show full item record

Abstract

Most of the secure communication protocols that power the Internet of today rely on a robust and frictionless mechanism for digital identity attestation. Authentication is typically achieved using a Public Key Infrastructure (PKI) that enables users to verify a counterparty's public key binding. Unfortunately, the structure of many existing PKIs present vulnerabilities and usability issues that stem from a lack of consistency, inefficient updates, or a dependence on centralized entities. In this work we present a decentralized marketplace for digital identities that autonomously leases the verification state of a globally-consistent PKI. Users express ownership of an identity through a sequence of leases, which incrementally defines the conditions under which ownership can be renewed and the identity's bindings can be updated. A careful structuring of the lease semantics, economic incentives and architectural design enables a fast update protocol, which permits clients to verify and accept a fresher binding without needing to wait for confirmation from the underlying consensus layer. The task of registration accuracy is extended naturally through the structure of the DNS namespace, after which the state of the system at any particular time acts as the root of trust during authentication. We discuss a novel seizure-resistance mechamism called dormancy, which in turn gives the existing owner of an identity substantial preference during the renewal process. Finally, we show how the system could be used to efficiently and unobtrusively secure today's communication protocols.

Description

Thesis: M. Eng., Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science, 2017

Cataloged from PDF version of thesis.

Includes bibliographical references (pages 69-70).

Date issued

2017

URI

http://hdl.handle.net/1721.1/112914

Department

Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science

Publisher

Massachusetts Institute of Technology

Keywords

Electrical Engineering and Computer Science.

Collections

Graduate Theses