LOKI : a lease-oriented key infrastructure with instant updates and seizure-resistance
Author(s)Fromknecht, Conner(Conner M.)
Lease-oriented key infrastructure with instant updates and seizure-resistance
Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science.
MetadataShow full item record
Most of the secure communication protocols that power the Internet of today rely on a robust and frictionless mechanism for digital identity attestation. Authentication is typically achieved using a Public Key Infrastructure (PKI) that enables users to verify a counterparty's public key binding. Unfortunately, the structure of many existing PKIs present vulnerabilities and usability issues that stem from a lack of consistency, inefficient updates, or a dependence on centralized entities. In this work we present a decentralized marketplace for digital identities that autonomously leases the verification state of a globally-consistent PKI. Users express ownership of an identity through a sequence of leases, which incrementally defines the conditions under which ownership can be renewed and the identity's bindings can be updated. A careful structuring of the lease semantics, economic incentives and architectural design enables a fast update protocol, which permits clients to verify and accept a fresher binding without needing to wait for confirmation from the underlying consensus layer. The task of registration accuracy is extended naturally through the structure of the DNS namespace, after which the state of the system at any particular time acts as the root of trust during authentication. We discuss a novel seizure-resistance mechamism called dormancy, which in turn gives the existing owner of an identity substantial preference during the renewal process. Finally, we show how the system could be used to efficiently and unobtrusively secure today's communication protocols.
Thesis: M. Eng., Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science, 2017Cataloged from PDF version of thesis.Includes bibliographical references (pages 69-70).
DepartmentMassachusetts Institute of Technology. Department of Electrical Engineering and Computer Science
Massachusetts Institute of Technology
Electrical Engineering and Computer Science.