#authentication #pki #trust #security #ieee #washington #nova #openid

The Northern Virginia and Washington Joint Computer Society Chapter will host Ethan Heilman at the MLK Jr. Memorial Library for a virtual presentation on his research in authentication protocols for distributed systems with OpenPubKey. Food and beverages will be available at the talk.

 

OpenPubkey makes a client-side modification to OpenID Connect so that an ID Token issued by an OpenID Provider commits to a user held public key. This transforms an ID Token into a certificate that cryptographically binds an OpenID Connect identity to a public key. The user can then sign messages with their signing key and these signatures can be authenticated and attributed to the user’s OpenID Connect identity. This allows OpenPubkey to upgrade OpenID Connect from Bearer Authentication to Proof-of-Possession, eliminating trust assumptions in OpenID Connect and defeating entire categories of attacks present in OpenID Connect. OpenPubkey was designed to satisfy a decade-long need for this functionality. Prior to OpenPubkey, OpenID Connect did not have a secure way for users to sign statements under their OpenID identities.

 

OpenPubkey is transparent to users and OpenID Providers. An OpenID Provider can not even determine that OpenPubkey is being used. This makes OpenPubkey fully compatible with existing OpenID Providers. OpenPubkey does not add new trusted parties to OpenID Connect and reduces preexisting trust assumptions. If used in tandem with our MFA-cosigner, OpenPubkey can maintain security even against a malicious OpenID Provider (the most trusted party in OpenID Connect).

 

OpenPubkey is currently used in opkssh which allows SSH access management via identities like alice@example.com instead of long-lived keys. It does not replace OpenSSH, but rather generates ssh public keys and configures sshd to verify the ssh keys with OpenPubkey.

 

In this talk, Ethan Heilman will be presenting virtually and we have reserved room 401-G for anyone interested in viewing the talk at the MLK Jr. Memorial Library where they can ask Ethan questions on OpenPubkey, and network with their fellow IEEE members. The MLK Jr. Memorial Library is conveniently located near two Metro stations, between the Metro Center and Gallery Place-Chinatown Stations. The conference room is located on the 4th floor of the library in the Conference Center.