Google has always been invested in developing applications and programs that will give its users the most convenient and secure experience possible and, on Jan. 12, the company released Key Transparency-another one of its projects geared towards online security.
The project aimed to establish secure connections even through untrusted servers and was a joint effort by Google and Yahoo! security engineers, as well as Open Whispers System and the CONIKS client software of Princeton University.
The release of Key Transparency simplifies the process of building secure account databases for developers since it is a transparent directory that allows users to see when there are attempts to tamper with their own or someone else's account. This is especially helpful since many people are highly dependent on online communications and sending sensitive data via untrusted networks is a huge risk.
What Is Key Transparency And How Does It Work?
Since Google understands the risks connected to online communication, the company gathered insights from Certificate Transparency.org and CONIKS to determine possible solutions and to enable its security engineers to build a stable and simple system that anyone can use.
The team ended up with a directory of public keys that can be checked for inconsistencies and verified consistently by both the sender and receiver.
To illustrate, imagine a private communication between person HGG and person FAR that contains an exchange of sensitive information about a new technology being developed. From the beginning, both sender and recipient are assigned public keys to their accounts. Say person HGG is assigned a public key of HGG42 and FAR's account is FAR451. When HGG sends a private message to FAR, Key Transparency will make sure that the right person gets the message.
What Key Transparency does is to pull up FAR's public key from the directory and determine whether it did not suddenly and unexpectedly change. Second, it checks whether the FAR451 key is the same public key everyone else is "seeing" for FAR's account to determine that nothing seems amiss. When these two conditions are satisfied, FAR will receive the secure message HGG sent. However, if there is an account for FAR with the same information but has a different public key (ex. FAR123), the identical account will not receive the message. The same is done with the sender's account.
Think of it as an anti-Catfish system for secure communications.
What's Next For Key Transparency?
Key Transparency is offered right now as a prototype, which means that Google has every intention to strengthen the existing system to make it more helpful.
"Our goal is to evolve Key Transparency into an open-source, generic, scalable, and interoperable directory of public keys with an ecosystem of mutually auditing directories," Ryan Hurst and Gary Belvin from Google's Security and Privacy Engineering write.
The release definitely reinforces the idea that Google is intent on strengthening security protocols since it also released the Google Cloud Key Management Service (KMS) in select countries on Jan. 11.