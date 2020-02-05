Blockchain provides a trusted infrastructure for managing PGP key servers. Credit: Yakubov et al.

Pretty Good Privacy (PGP), one of the most widely used cryptographic standards, enables secure end-to-end encryption for email, messages and other data that is shared by users. PGP essentially implements asymmetrical encryption, in which certificates are shared across a network of PGP key servers.

Researchers from the University of Luxembourg recently developed a new PGP management framework in which the key server infrastructure is implemented using blockchain technology. This new framework, called BlockPGP, was introduced in an article published on the Internet International journal for networking and computing,

“We wanted to make email and file sharing over the Internet more secure,” Alexander Yakubov, one of the researchers who conducted the study, told TechXplore. “If something is wrong with the PGP key or the PGP certificate (which ensures the security of the file exchange with the PGP protocol), our system picks up the old PGP key quickly and efficiently and disseminates information about this key revocation to the majority the user PGP user in a few minutes. ”

In her previous work, Jakubow and his colleagues, who are part of the SEDAN research group, examined the potential of using blockchain technology to improve the security of data exchange with SSL / TLS certificates, for example when communicating via websites that are located in the Internet Explorer has been opened, Chrome and other popular browsers. Since the results obtained were very promising, they later tried to apply blockchain techniques to PGP standards.

Most existing PGP key servers distribute information over a day or two. Instead, BlockPGP can release PGP-encrypted information within minutes, while eliminating the risk of man-in-the-middle attacks. This unique PGP management framework is based on a private version of the leading blockchain platform Ethereum, which has been specifically designed for the system developed by the researchers.

One use case for sending an encrypted PGP key email to Alice: (1) retrieving the PGP certificate / key from a public key server; (2) Check the PGP certificate information using the blockchain. (3) encrypt and send the email using Alice’s PGP key. Credit: Yakubov et al.

“Blockchain enables our system to distribute information relatively quickly among users and eliminate the risk of data manipulation. This is the main advantage over the current PGP key infrastructure,” said Jakubow. “Current PGP key servers frequently store revoked certificates, and it is quite difficult to tell other users that a particular certificate is no longer valid, but our approach greatly simplifies it.”

Nowadays, many companies and individual users communicate online with others and exchange data on platforms that are managed by third-party companies. Blockchain-based encryption approaches such as that developed by Yakubov and his colleagues have the potential to change this by disseminating or replicating the same data over the Internet through a global system that is not owned or monitored by a company but is an independent system become platform.

“In my opinion, BlockPGP is a good attempt to create a PKI for a PGP system on blockchain,” Oleg Khovayko, chief technology officer at Emercoin and an expert in blockchain technology, told TechXplore. “When trying to develop their own protocol, these researchers used our emerSSH as a reference for comparison. Their result (latency reduction, impossibility to block revocation) could therefore also be applicable to our systems at Emercoin (emerSSH / emerSSL) as well other blockchain systems worldwide. “

The framework developed by Jakubow and his colleagues could in future be used by companies to improve the security of their communication and data exchange. If the researchers succeed in persuading PGP users to switch from conventional key servers to their system, their framework could ultimately speed up and simplify the administration of PGP certificates considerably.

“There are many lines of research that we would like to examine next,” said Jakubow. “For example, we recently developed a machine learning algorithm to estimate trust in PGP keys (certificates). Blockchain technology is an active research topic in both industrial and academic settings. Together with our partners, we are investigating that Advantages of this technology Technology to enrich your portfolio with blockchain-based applications. In the same context, our team made a remarkable contribution to the blockchain scientific community. ”

