Project: Global-scale Cyber Security (IdM-CKM)

Identity and cryptographic key management (IdM-CKM): The Yin and Yang of cyber security

In our interconnected and interdependent global village it is essential that we can identify the correct devices, people and organisations when we talk with them, grant them access to our systems or do business together around the world.  This is one of the essential pillars of cyber security.  A related essential pillar is how we exchange (and manage) cryptographic keys to establish secure communications between people and organisations across the globe.  These two pillars are interwoven, and so we describe them as being the Yin and Yang of cyber security.  

All existing Internet security employs both identity management (such as certificate authorities) and key management techniques (such as exchange of short-lived keys and the policy driven storage-and-recall of longer-lived keys).  However Internet security products and protocols have traditionally focussed their efforts predominantly on one aspect of the two pillars, often in the context of a very specific case-use.  Internet security protocols have also assumed a trust model that does not work well in an international context of mutually suspicious organisations.  In contrast, the Synaptic Labs' unified identity management and cryptographic key management model is designed to accommodate all essential identity and key management functions from within the one platform.  Furthermore it is designed from the onset as a multi-stakeholder and multi-jurisdiction solution. 

The existing at risk security systems (public key technologies and infrastructures) have cost billions to deploy, and are essential for all eCommerce, eGovernment and much more.  Unfortunately this infrastructure has serious limitations that threaten to undermine our global security.  It is in recognition of the limitations and our global dependence on these systems that the clarion call for a revolution in identity management and key management has subsequently emerged from Federal Agencies in the United States.

Requirements outlined by the US Government, DHS, NIST and EU for new IdM and CKM

"The community’s demands and expectations on the ability to control our identities, mutually authenticate each other and co-operatively manage inter-organisation security increases proportionally with our (international) dependence on the Internet."

In 2009 the U.S. President's Cyberspace Policy Review set out 10 near-term objectives.  The review called for the U.S. to “build a cybersecurity-based identity management vision and strategy that addresses privacy and civil liberties interests, leveraging privacy-enhancing technologies for the Nation”.  In response to the cyberspace police review, the U.S. Department of Homeland Security (DHS) has made the call for new global-scale Identity Management (2009).  Likewise, the U.S. National Institute of Standards and Technology (NIST) has made the call for new global-scale cryptographic key management.  These organisations have each set out the open hard problems that must be solved by their respective projects to achieve these goals.  Furthermore, the European Union has created laws that demand greater empowerment of the individual and the organisation with regard to their digital identity and privacy.

Synaptic Laboratories Limited new global IdM-CKM initiative is targeted to deliver a holistic solution that exceeds many of the expectations of the U.S. Agency calls and is aligned with the E.U. vision of stakeholder empowerment.  Most importantly, our new solution can wrap around and protect the existing massive investments into public key infrastructures so existing systems can remain standards compliant and interoperable. 

What is global-scale identity management (IdM)? 

According to the Department of Homeland Security - Roadmap for Cybersecurity Research, "Global-scale identity management concerns identifying and authenticating entities such as people, hardware devices, distributed sensors and actuators, and software applications when accessing critical information technology (IT) systems from anywhere."

A global-scale identity management system must be able to scale to manage the identification of potentially every organisation and human on the planet, and the billions of sensor and computer devices in their support.  A global-scale identity management system must be universally trustworthy.  To achieve this, it must uphold and protect the legitimate interests of all stake-holders.

An identity management system capable of addressing the technical and trust requirement for global scalability automatically addresses the needs of smaller closed identity management systems between a group of organisations.  Synaptic Labs' IdM-CKM proposal is designed to be suitable for deployment by small private groups all the way up to be public Internet-scale services.

New global-scale IdM is important - more detail on Government initiatives

The clarion call for a revolution in identity management has emerged from Federal Agencies in the United States as well as within the European Union.  These calls started as silo'd National ID schemes, evolved into internationally interoperable electronic ID schemes, and have reached their logical peak in the call for a global-scale identity management scheme.

The E.U. co-funded e-ID STORK project has been established to create a European electronic identity interoperability platform that will allow citizens to establish new e-relations across borders, just by presenting their national eID. The role of the STORK platform is to identify a user to a service provider.  In the E.U. the explicit consent of the owner of the data, the user, is always required before his data can be sent to the service provider.  More speifically, the user centric approach found in STORK is required by the legislative requirements of all the E.U. countries involved in the project.

The U.S. President’s May 2009 Cyberspace Policy Review calls for the creation of an online environment, or an Identity Ecosystem, where individuals and organizations can complete online transactions with confidence, trusting the identities of each other and the identities of the infrastructure that the transaction runs on.

In response to this call, the U.S. Department of Homeland Security (DHS) is calling for global-scale identity management (Nov 2009).  Countless critical systems and services require authenticated authorization for access and use, and global-scale identity management will be a critical enabler of future IT capabilities.  Global-scale identity management is aimed specifically at government and commercial organizations with diverse interorganizational relationships that today are hampered by the lack of trustworthy credentials for accessing shared resources.

What is global-scale cryptographic key management (CKM)?

Key management is the provisions made in a cryptography system design that are related to generation, exchange, storage, safeguarding, use, vetting, and replacement of keys. It includes cryptographic protocol design, key servers, user procedures, and other relevant protocols.

The U.S. National Institute of Standards and Technology (NIST) is calling for global-scale cryptographic key management (April 2009).

"Cryptographic Key Management (CKM) is a fundamental part of cryptographic technology and is considered one of the most difficult aspects associated with its use.  Of particular concern are the scalability of the methods used to distribute keys and the usability of these methods. NIST has undertaken an effort to improve the overall key management strategies used by the public and private sectors in order to enhance the usability of cryptographic technology, provide scalability across cryptographic technologies, and support a global cryptographic key management infrastructure."  - NIST CKM Project Website

A global-scale cryptographic key management system must be able to scale to manage the key material for every human on the planet, the billions of sensor and computer devices, and the fine-grain keys that manage conditional access to sensitive portions of information.  A global-scale key management system must be universally trustworthy.  To achieve this, it must uphold and protect the legitimate interests of all stake-holders.

A key management system capable of addressing the technical and trust requirement for global scalability automatically addresses the needs of smaller closed key management systems between a group of organisations.  Synaptic Labs' IdM-CKM proposal is designed to be suitable for deployment by small private groups all the way up to be public Internet-scale services.

New global-scale CKM is important - more detail on the Government initiative

"This [NIST] Cryptographic Key Management Workshop is the kickoff activity in a “leap-ahead” effort that we are undertaking as a part of the National Cybersecurity Initiative.  The President recently announced the results of a Cyberspace Policy Review.  Cybersecurity is a critical element in our national security posture. Our reliance on the internet is becoming nearly total.  ... The role of key management in cybersecurity is critical. ... One requirement is to have scalable solutions in very large applications. While we know how to handle key management reasonably effectively for up to a million people, we need to go a couple of orders of magnitude beyond that in the relatively near future."  – William C. “Curt” Barker,  NIST Computer Security Division Chief and NIST Cybersecurity Advisor, NIST IR-7609

Technical argument for comprehensively addressing IdM and CKM in one project

The New Oxford American Dictionary defines a secret as “something that is kept or meant to be kept unknown or unseen by others”.

Key management is responsible for managing the life cycle of a secret, whereas identity management is responsible for identifying the users that may access or know or use the secret.  Furthermore, electronic identity (eID) management systems frequently use secrets to authenticate identities.  Consequently eID systems must employ cryptographic key management techniques.

It follows that electronic identity management systems and cryptographic key management systems are as mutually interdependent as Yin and Yang.  By addressing both IdM and CKM simultaneously, in a balanced manner, we ensure that we maximize the synergies and minimize opportunities for a weakness in one to compromise the other. 

Has the combination of IdM with CKM been published anywhere?

While the issues related to identity management and cryptographic key management are tightly entwined, traditionally projects assign a strong bias to a particular feature or specific case use.  For example, identity management projects often focus on mapping identifiers (such as company name or website address) to a secret key managed by a user without implementing any features that would enable the storage and recall of long-lived keys.  Conversely key management systems focus on managing the life cycle of long-lived keys with much less emphasis on managing the identities of users in the system.  Often this is limited to identity management within the enterprise (user name and accounts) and does not scale between enterprises.

Synaptic Laboratories Limited has published a new global-scale IdM-CKM model that permits the integration of all identity management and key management services in one cloud based service.  This permits the one system to be used for long-lived key management, for key distribution and also for managing identity assertions.  This model has been presented to and published in the proceedings of the US National Cyber Security Summit, the NATO Cyber Security Symposium (2010), the Oak Ridge National Laboratory Annual Cyber Security and Information Intelligence Workshop (April 2010) and the IEEE Key Management Summit (May 2010).  This global-scale IdM-CKM initiative is targeted to deliver a holistic solution that exceeds many of the expectations of the various U.S. Agency calls and is aligned with the E.U. vision of stakeholder empowerment.

Both industry and Government acknowledge problems plague today's IdM and CKM solutions (2010)

At the 2-day IEEE Key Management Summit held in Lake Tahoe, Nevadah, USA (May 2010), the CTO of Synaptic Laboratories addressed the cryptographic security experts in the audience asking if the opinions expressed by Dr. Peter Gutmann (world recognized PKI expert) about today's (public key) security infrastructure was as bad as described.  According to Luther Martin (Chief Security Architect of Voltage Security, and on the program committee of the IEEE KMS event) in his blog posting: "it didn't take long for the group to reach a consensus.  A few people simply said, `Yes, it really is.' That's about as far as the discussion got.  After that, there really wasn't much more to say."

Subsequently in October 2010 Andrew McLaughlin, the White House Deputy CTO for Internet Policy publicly, asserted that the U.S. Government is helpless against fake security certifications, a problem that emerges due to the trust model employed in the current (public key) security systems. "We are looking at a multijurisdictional, multistakeholder problem for which there is no governmental solution," said McLaughlin, a former Google executive. "Because of the multijurisdictional and multistakeholder nature of the problem, government can't fix it and government shouldn't fix it," McLaughlin said.

It is exactly this multi-jurisdictional and multi-stakeholder problem that Synaptic Labs global-scale identity management and cryptographic key management models address in an innovative way that protects and upholds the legitimate interests of all stake-holders.

For more information see Synaptic Labs' slide-show summary of the known problems identified by public key infrastructure experts.

EU requirements for user-centricity

Based on text and quotes from two related EU FP6 SecurIST publications [here and here]:

"In the E.U., privacy is generally defined as a right of self-determination, namely, the right of individuals to determine for themselves when, how and to what extent information about them is communicated to others."  

SecurIST calls for international user-centric IdM in which the end users are empowered to determine his or her own security and dependability requirements and preferences.

"User-centric mechanisms are required to allow controlled release of personal, preference-related and location-based information, and to deliver assurances to owners about how personal information will be used by third parties."  

This marks a shift "from Security and Dependability by 20th century central command and control approaches", towards architectures that could lead to an "open and trustworthy Information Society through empowerment" of the individual with the purpose of protecting the central systems, the citizen and society interests (i.e. protecting the legitimate interests of all stake holders).

"Responsibility, authority and control have to move more towards the end user."

What is global-scale identifier based encryption (G-IBE)?

In many personal and business contexts we may only know the email address or website of a company without knowing the identities of the people who can answer the email or manage the website.  For example, we may be content to know that the email address This e-mail address is being protected from spambots. You need JavaScript enabled to view it  will get us in contact with one of many possible authorized sale representatives at that company.  In this type of context if would be ideal if we could establish secure communications with anybody just by knowing their email address or website (or some other public identifier).  

Expert participants at the U.S. Federal Cyber Security Summit (NITRD NCLY) have promoted (public key) ID-based Encryption schemes (which use e-mail addresses to manage secure communications) as a possible solution to increasing the uptake of security:  

“In particular, we propose that a significant effort be devoted to evaluating identity-based cryptography (IBE) as a viable key-management model for enterprises and other controlled, hierarchical institutions, in lieu of the individual web-of-trust model which has proven all but unusable at scale.  While not intended to be a universal solution, it is our opinion that techniques like IBE hold the potential to immediately dismantle numerous roadblocks to widespread adoption of cryptography in industry and government”

There are many limitations to commercially available (public key) Identity-based Encryption schemes which prevent it being a universal solution.  These limitations prevent their use in a global context, where anybody from any organisations can talk to anybody in any other organisation just by e-mail addresses. 

The Synaptic Labs global-scale IdM-CKM proposal supports the creation of a single global directory capable of managing secure communications between anybody in the world just by using their e-mail address (actually, by any Uniform Resource Identifier). We call this global-scale Identifier Based Encryption (G-IBE).  Our proposal is uniquely capable of addressing the critical trust, security, key-management and life-cycle problems that are present in (public key) Identity-based encryption schemes that limit their suitability for use within inter-enterprise and global Internet-scale contexts.  

end faq

Synaptic Labs' vision for the global-scale IdM-CKM?

The creation of a universally trustworthy and dependable identity management and key management platform suitable for use in day-to-day and mission critical operations.  It is specifically designed to operate in multijurisdictional and multistakeholder environments.  This platform should deliver unprecedented confidentiality, integrity, availability, reliability, safety and authenticity assurances for all stakeholders against continuous and evolving insider and outsider attacks (i.e. all malicious actors), in a way that is credible and can be audited.  Furthermore this platform should facilitate operational continuity in the face of natural or man made physical disasters.

How do you intend to achieve this vision?

We have taken a clean-slate approach to global-scale identity management and cryptographic key management.

Central to realizing Synaptic Labs' vision of universally trustworthiness and dependability is the use of an innovative distributed and decentralized architecture that permits all client transactions to be distributed across several autonomously owned and managed service providers.  This distributed and decentralised architecture permits the multistakeholder trust issues to be resolved, specifically by ensuring client transactions remain secure against the simultaneous compromise of (N-1) out of (N) participating service providers as a result of insider collusion, or outsider attacks.  More specifically we employ the democracy supporting principles of `seperation of powers' and `checks and balances' to provide balanced security, accountability and privacy for all stakeholders/users.

In addition to the above core principle, we will employ the use of Synaptic Labs' TruSIP ^4clouds platform to achieve unprecedented confidentiality, integrity, availability, reliability, safety and authenticity assurances for each service provider (and subsequently the clients of that service provider) against continuous and evolving insider and outsider attacks.

We will achieve secure IdM and CKM services for all stakeholders:

• using commercial off the shelf (COTS) hardware and operating systems, where each component is managed in a particular way; and
• by enabling at risk standards-based security applications to be protected, without requiring modification, so existing systems will remain standards compliant and interoperable.

What are the unique-value-propositions of Synaptic Labs' proposal?

Synaptic Labs' global-scale identity management and cryptographic key management platform has no known competitors: 

• it has been designed from the ground up as an holistic global-scale cryptographic project
• it has been designed from the onset to protect the legitimate interests and enhance the security of all stakeholders, even within a multi-jurisdiction, multi-stakeholder system
• it can address the open hard problems that undermine today's (mainstream, X.509 public key) security systems
• it provides many of the design features called for by the US Department of Homeland Security Future InfoSec Roadmap, including protection against a wide range of insider attacks including from trusted staff through to malware in the hardware and software
• it can be used to protect and enhance existing at-risk (public key) security cryptosystems using evolutionary improvements of known-and-trusted (symmetric key and fault-resistant) techniques while maintaining existing standards compliance and interoperability
• it employs an intrusion and malware resistant design to improve confidentiality, integrity and availability of services for the service provider (more attractive services to clients, better business continuity) and dependent clients
• it can be used to provision a diverse range of client services by mapping traditionally specialized services (key distribution, key agreement, key management, name server, assertion server, file server, secure email, secure instant messaging) in a uniform way within one system
• it has an decentralised trust model which can be deployed locally and internationally.  It employs the democracy supporting "Principles Of Laws" and can be deployed in a manner that empowers all stake-holders and promotes goodwill and engenders trust between the participants, be they corporate competitors and nation states.
• it has been designed with E.U. principles of user-centricity in mind

This global scale identity management and cryptographic key management project can be built using commercial-off-the-shelf hardware, operating systems and programming languages.

Synaptic Labs' platform addresses three key calls.  First, the U.S. Networking and Information Technology Research and Development (NITRD) Program call to create and employ a digital immune system (multi-layered protection, decentralised control, diversity, pattern recognition) in next generation systems.  Second, the DHS call for combating insider attacks and malware, achieving survivability and availability.  Third, the NIST CKM Project managers' call for a CKM design supporting billions of users without the use of public key technologies.

What does your proposal look like?

The global-scale identity management and cryptographic key management is hosted in the cloud and can be accessed from the desktop.  Online services are provisioned by 3 or more autonomous service providers working in a collaborative manner.  Clients are assigned smart cards which are enrolled into the service providers.  Software is installed on the client side (on the desktop, or on the network servers) to provide local security services (utilizing services provisioned from servers/cloud) to the client.

For more detailed information we encourage you to watch one or more of the videos from Synaptic Labs' cyber security video page.

Phase 1: Inter-enterprise split-path key exchange and identifier based encryption

Implementing inter-enterprise split path key exchange (key distribution) with support for management of keys by public identifies (identifier based encryption).  These features are required for applications that secure information while in transit (network security).  The keys are often disposed of after the communication is finished.

he public identifiers map email-accounts and domain names to smart cards held by users that can demonstrate control (ownership) over the account and domain names.  This is sufficient in practice for most secure internet applications (such as secure email, and secure web-surfing).

Example end-user applications that can benefit from the phase 1 platform include security wrappers for today's ubiquitous standards based Internet security protocols such as secure email, secure web-surfing (SSL/TLS), secure virtual private networks (IPsec) and proprietary applications in banking and Galileo that require key management solutions suitable for use between mutually suspicious organisations.

Phase 2: Inter-enterprise key management for data at rest

Enhancing the Phase 1 platform so that it can perform inter-enterprise key management for data at rest.  This includes managing key material for databases, tape backup, and other situations where the key must be managed over a relatively long period of time (days to years).  These keys typically have policies that enforce strict access controls to who can and cannot recall or update the keys.

End-user contexts that can use services from the phase 2 platform include: inter-enterprise collaborative management of sensitive data and smart grids.

Phase 3: International multi-attested assertions and credentials

Enhancing the Phase 2 platform by implementing international multi-attested assertions and credentials.  This will overlap the functionality of, and address the limitations of, current federated public key certificate authorities.  The purpose of this is to manage the mapping of electronic identities with actual people and organisations.

end faq