While sharing our data on the interwebs, we’re not extremely concerned with how securely it is being transferred. But numerous encryption methods have been put in place to ensure our privacy and security on this vast expanse called the Internet. The same are being continuously updated and renewed to protect us against stubborn intruders. And now, Google is taking aim at further improving one of them.
Google’s Security and Privacy engineering team while working through the intricacies of encryption technologies discovered a few problems with building a generic and secure way of sharing of public encryption keys. The team, thus, started developing a generic mechanism which can exchange generic encryption keys across a variety of applications.his gave birth to a new open-source Key Transparency initiative that is aimed at establishing secure connection even across untrusted connections.
This gave birth to the open-source Key Transparency initiative that is aimed at establishing secure connections in a simple way, even across untrusted connections. The tech behemoth is aiming to develop simplistic technologies for noobs, who know nothing about encryption. It doesn’t want the users to understand methods like PGP and other. They should also not be required to manually verify their contact details (or identity) to use encrypted apps.
Thus, it’s now building a database-like infrastructure that defines a relationship between online personas and public keys. These records will be automatically verifiable and publicly auditable. This means that Google is building a directory that’ll confirm the identity of an individual at a systematic level on its own. It will, hence, also ensure the privacy of the sender and recipient of data through the interwebs.
The Github page of this encryption-focused initiative has been described as under:
Key Transparency provides a lookup service for generic records and a public, tamper-proof audit log of all record changes. While being publicly auditable, individual records are only revealed in response to queries for specific IDs.
Under this initiative, Google is not only making the encryption methods more secure but is also making it easy for developers to build simple and secure features. Due to the collated nature of the public data, they’ll also find auditing the account data less of a chore. This will prevent man-in-the-middle attacks as well.
The tech behemoth, in the official blog post, says that the project has been a multiyear development. It has been working with the CONIKS team, Open Whisper Systems and Yahoo Security team on this encryption technology. And this open-source release is aimed at developing an even secure encryption method for communication across the online medium.