AuthMA Public Key Infrastructure

Public key distribution that is verifiably secure from man-in-the-middle (MITM) attacks.

Many users would prefer privacy in their communications (as can only be achieved with end-to-end encryption), but not without sacrificing the convenience they have come to expect from webmail clients. In particular, users don't want the hassle of manually managing public and private keys as typically required for end-to-end encryption.

Although PGP's Web of Trust and open PGP keyservers are designed to mitigate this problem, they cannot be trusted enough for fully automatic key distribution, and hence key management remains a user problem. Services such as Lavabit and Hushmail attempted to make PGP more user-friendly by taking care of key management, but in so doing they have given up the fundamental privacy guarantees of end-to-encryption that motivate the use of PGP in the first place.

AuthMA provides a fundamentally new approach by empowering end-users with the capacity to independently verify the authenticity of a public key. This permits email client software to automatically lookup public keys associated with an email addresses from a keyserver without needing to trust the keyserver, because any MITM attacks could be detected by end-users. Thus, our protocol enables a new breed of messaging clients with true end-to-end encryption built in, without the hassle of requiring users to manually manage the public keys for their contacts, and without relying on any third party to keep certain information secret.

AuthMA is free to use. We provide this service for the betterment of mankind, to bring privacy into peoples' everyday communications.

For more detail, read: Public Key Infrastructure based on Authentication of Media Attestments.

Frequently Asked Questions

Any person or organization who desires a guarantee of privacy that does not rely on trusting their comunications providers or any other third parties. For example, this could be used to create secure email clients, secure messaging for social media services, or as a system for internal communications within government agencies or large corporations.

Currently, all emails, SMS conversations, and private Facebook messages are readable by one's email service provider, phone service provider, or Facebook respectively. In addition, these communications may be monitored by any third party who gains access to those communications providers, either knowingly or unknowningly. Many users, and may organizations that deal in secret issues, may desire a higher level of privacy. End-to-end encryption can offer complete privacy, but only if you know the person's public key. Most people don't have public keys, or don't know the public keys of the people they want to talk to. We're hoping to change this, by letting anyone who cares about security register their public keys with us. This lets software, web, and app developers write applications that use end-to-end encryption and automatically retrieve the public keys of people you want to talk to, even if you don't know their public key. We want to see end-to-end encryption become the new norm.

When a user registers a public key to their email address with the AuthMA server, they also provide a link to a media attestment of themself reading a hash of their public key. When another user looks up the public key associated with that email address, the server also provides the media attestment. The user can watch the media attestment and verify that the communicated hash is equal to the true hash of the supplied public key.

An email client that supports AuthMA will behave similarly to any other email client. The main difference from the perspective of the user is that they will have two passwords -- the first password is used to login to the email server and retrieve their messages, and the second password is not given to anyone, but is instead used by the client software to derive a public/private RSA keypair for encrypting and decrypting messages.

The email client will automatically query the AuthMA keyserver in order to retrieve public keys for the user's contacts. The client software will typically display email addresses that have an associated public key in a different style to indicate secure communication is possible. If both users have registered public keys, then any emails sent to/from that person will be end-to-end encrypted, similar to PGP. Otherwise, emails will just be sent normally.

Any public key that was obtained from the keyserver will have an associated YouTube link to a media attestment. At any time, if the user has reason to doubt the validity of someone's public key, they can simply watch the media attestment. If it's the right person in the video, and they communicate the correct hash, then the public key must be correct. In the future, we will also integrate web-of-trust style community ratings in order to warn users of potentially untrustworthy media attestments.

The service is just getting started, but the AuthMA protocol is easy to implement, and could be used by email clients, plugins, or Facebook messaging plugins, cellphone apps, or anything else. In the future, we hope that it will become standard for all private communications between users to use end-to-end encryption with AuthMA verification.

Although computer graphics technology used in film is very advanced, it is still extremely difficult to make convincing copies of real people. Arguably the best attempt so far has been the CG version of Arnold in Terminator Salvation. However, keep in mind that this was a $200 million production by a world class visual effects company, and that they had access to a plaster cast of Arnold's face and body, and that they didn't even make this character say any lines.

We have created guidelines for media attestments that make forgery extremely difficult. Because the public key hash is both written and spoken, and it cannot be easily altered by any simple mechanism. For very high profile targets, additional precautions can be taken like showing photo ID. However, if you think there are organizations willing to spend hundreds of millions of dollars to make a fake video of yourself, perhaps you should just take the paranoid approach and exchange public keys manually.

End-to-end encrpytion can only be used to communicate between parties that have exchanged public keys. There are no previous protocols that allow public keys to be easily looked up that aren't susceptible to man in the middle (MITM) attacks that don't require trusting a third party authority, and any third party can be compromised.

A man-in-the-middle attack is when you try to send your public key to someone else, and an attacker intercepts your communication and replaces the public key you are sending with one of their own public keys. If they do this for both parties who are trying to communicate, then they will be able to read, modify, and impersonate your encrypted messages.

Encryption isn't illegal, it is the backbone of all secure online services. Previous secure email services such as Lavabit and Hushmail tried to alleviate the hassle of key management by managing the private keys for their users. This made them a target for third parties (such as the NSA) who wanted them to hand over those private keys. Lavabit wasn't shutdown -- they chose to shutdown their services because they didn't want to be complicit in handing over users' private keys. AuthMA is different because it's merely a protocol, and AuthMA servers only collect and serve public registration information, and therefore have no secret information to share, and no ability to eavesdrop on user communications.

In short, it is easy for attackers to infiltrate the web of trust and setup MiTM attacks against targeted individuals, as we are starting to see happen more often.

Public keys are found in the WOT by searching for a chain of signed public key certificates. Keys which can be found with fewer hops are generally considered to be ``more trustworthy.'' As such, a common metric for trustworthiness of a public key is the mean shortest distance (MSD) to all other keys.

In the interest of increasing their own MSD, each user has an incentive to sign as many public keys as they can. This has a detrimental effect on security, because it encourages people to sign public keys for their own apparent benefit, making it significantly easier for an impersonator to get their impostor keys signed. Moreover, the users who exhibit the least restraint or least thorough verification of identities will be able to sign the most keys, and hence will have the lowest MSD's. Finally, anyone who is signed by someone with a low MSD will, by proxy, also acquire a low MSD. Thus, it is very easy for an impersonator to acquire a low MSD, simply by getting their key signed by someone who has a low MSD, which is very likely the same person who is willing to sign a key without doing a thorough background check.

Furthermore, users are encouraged to sign other peoples' key certificates if their identity can be verified without regard to the integrity of that person. According to Zimmerman, ``You aren't risking your credibility by signing the public key of a sociopath, if you were completely confident that the key really belonged to him.'' Unfortunately, this is simply not true, because a person with ulterior motives can go on to sign keys that they know are false with the effect of making those keys appear trustworthy to you or other people based on graph analysis.

For example, if Eve wants to spy on Alice's communications with Bob, she could just get her associates Charlie, Dave and Francis to have their keys signed by Alice and Bob after verifying their identities. Then those same associates could certify Eve's impostor key as the key for Alice, and also certify another one of Eve's impostor keys for Bob. After doing this, if Alice tried to look up Bob's key, she would find multiple independent pathways, all with a short link of just 1 hop, leading to the impostor key (and similarly, for Bob trying to find Alice's key).

Despite being so easy to game the system, the WOT has a lot of followers among security experts and privacy enthusiasts that would call it a success based on their own empirical observations that it appears to work. Of course, it should come as no surprise that the WOT will work to exchange the public keys between two parties, neither of whom are high profile targets for espionage, because hacking the WOT cannot be done en masse, and would require some effort be expended for each target.

The general public largely uses unencrypted email, and those with a genuine need for security are likely to exchange keys over more secure channels. Thus, most targets worth spying on aren't using email encryption, or know better than to use the WOT. Thus, there is simply little incentive for spying agencies to subvert the WOT.

However, if the WOT were deployed on a massive scale, as a means for exchanging public keys behind all major email services in the background, then this would certainly change. First, existence of a pathway of introducers on the WOT would become almost meaningless, due to the large number of general users who might be certifying keys with little regard to security. Second, if an agency wanted to spy on some individual, they would likely undertake means to start spreading impostor keys, possibly using bots to sign key certificates, and they would either succeed in intercepting some user's requests or create sufficient confusion about which key was correct as to effectively serve as a denial of service (DOS) attack against the usage of the WOT.

No protocol can give absolute protection against MiTM attacks. We assume that modern cryptographic methods are secure and that the media attestment cannot be forged. However, we cannot guarantee that client software designed to work with AuthMA is trustworthy. The biggest danger is that the users computer is already compromised, or that users would acquire software for registration or login that has a back door installed. For example, we use SSL encryption to certify that the Javascript on our registration page is legitimate and has no back doors. However, it is still possible that our webserver could be hacked, or that SSL could be subverted.

The inspiration for media based attestments comes from ask-me-anything (AMA) sessions on the popular news site Reddit, where celebrities often "authenticate" themselves by showing a photo posing with a handwritten note indicating that they will be doing an AMA session. We called the security protocol Authentication of Media Attestments (AMA) as a throwback to Reddit, but later changed the abbreviated moniker to AuthMA to be more identifiable.

Example: Bryan Cranston's AMA picture proof for reddit