News

Key board in a hotel.
Every key in its own place—in future, a link to a physical space will make the internet safer.

Flexible keys

Compared with the relative safety we enjoy in the physical world, security problems abound in the digital world. To remedy this, researchers at the Centre for Cyber Trust at ETH Zurich are working on an internet technology that is rock solid and safe from attacks—one using virtual “keys” that are linked to a physical or geographic proof.

Imagine this: a couple has booked a stay at a charming mountain inn. Upon their arrival, the receptionist welcomes them and hands them the key to their room. Even when they return the key while out on their daily hikes, the couple know the belongings left behind in their room are safe—because they trust the hotel staff to guard the key. In the digital world, however, equally trustworthy services are much more difficult to set up. To be sure, the internet also uses “keys” to protect property—or data—in a process called public key authentication. These virtual keys consist of a long sequence of numbers and characters that encrypt the data being transferred and thus prevent unauthorised persons from reading them. The standard public key infrastructure used to implement authentication processes is, however, not fail-safe. Fraudulent websites are sometimes so convincing that even experts can be fooled. “Not nearly enough is being done to ensure that ordinary citizens can safely use the internet. Our project wants to remedy that,” says Professor Adrian Perrig, who leads the Centre for Cyber Trust at ETH Zurich with his colleagues Professor David Basin, Professor Peter Müller and Professor Matthew Smith. Their aim is to make the internet completely safe.

Proof in the physical world

Last year, the team developed their concept for a novel public key infrastructure (PKI)—the flexible PKI—bringing them one step closer to achieving their goal. The concept is based on a certification system that relies on a physical or geographic proof to make it readily clear whether or not a sender is trustworthy. The electronic key would be linked to the physical location—much like the key to a hotel room remains safely at the reception desk while guests are out on adventures. “We believe the physical aspect makes the idea very transparent. With flexible PKI, users can recognise whether an email was sent by a specific individual or from a bank,” is how Adrian Perrig explains the concept. The flexible PKI would allow every individual, company or other entity to decide whom to trust, just as in the physical world. The innovation is also designed to prevent hackers from compromising digital certification authorities and the public keys these authorities issue—which in turn limits the damage caused by hackers. Adrian Perrig says, “The most forceful attacks would no longer be like a machine gun assault. More like a fight with a water gun.” Perrig explains that every single user of a flexible PKI would also receive a guideline (called a policy) that is valid for the key. The policy—stored separately in a manipulation-proof area—is what governs the generation of keys. Although creating and storing these policies is highly complex, they could be used to create new and update old keys. Nevertheless, several problems remain to be solved, including whether the designated physical location actually belongs to an entity and what happens to a key when the owner of a location changes.

Software verification

The flexible PKI concept involves other aspects as well. Parallel to the work in Zurich, research partner Matthew Smith is conducting studies to discover whether new technical solutions alone are enough to increase user trust in the digital world. In addition, David Basin and his team have the task of verifying the functioning of the flexible PKI and testing its correctness; to do so, they are designing a customised software program. Once the software design has been verified, Peter Müller and his group will apply a mathematical proof to determine whether the software implementation functions correctly and reliably. “We’ll be working on this for a while,” says Peter Müller of this separate verification. “Our experience from past projects has taught us that verifying software takes five times as long as writing the program.” For this reason, Müller and his team are also seeking ways to increase the efficiency of verification methods. Harmonising the two verification steps represents yet another major challenge. A kind of “glue” is needed to link the software design (what should be programmed) with the programming code (what is programmed). David Basin gave their innovative solution a clever name: Igloo—pronounced “I glue”. This novel verification method is a breakthrough for the researchers at the Centre for Cyber Trust. Peter Müller compares Igloo’s role with that of a building inspection: “In the end, the purchaser wants to know if the building was constructed the way it should have been, in accordance with all the plans. As a mathematical proof, Igloo likewise shows how well design and implementation correspond.” The planned software verification would close all software loopholes that hackers currently exploit for their attacks.

Text: Sabine Witt
Photo: Oliver Lang