HKCSView: Beyond PKI--authentication that scales

Michael MuddApart from global geo politics, headline news today seems to be full of reports of massive data breached and personal data losses. This is causing many C-level executives trooping out of the door or taking early ‘retirement’.  Many of these breaches are results of the compromise of authentication credentials, leading to access from the malicious actors.  I have addressed the social engineering aspects of cybersecurity breach through phishing, so perhaps it is time to look at weaknesses in technology.

History of PKI

Public Key Infrastructure (PKI) forms the bedrock of security technology validation in computer security. Despite PKI’s popularity as a security solution, attacks are seemingly accomplished with ease throughout computer networks.

The amount of data traversing the internet, both public and private, has vastly increased since the advent of PKI developed as a standard. ITU defined X.509 as the standard for public key certificates, an important element in the public-key cryptography pioneered by Whit Diffie. This was to engender trust in electronic transactions. The very concept of ‘e-commerce’ did not really exist in the vernacular and for the majority of the planet the internet was just an academic or government computer network with virtually zero pubic access. The legal system was not in place to recognise digital signatures back then, but has since caught up in most jurisdictions. 

Exploding e-commerce transaction

To put this into a historical perspective—in 1992 there was about 100GB of data created a day, by 2002, just seven years after the launch of the first commercial browser, 100GB was being created every second and by 2014 this had grown to 28,875 GB/sec. It is estimated that by 2018 the volume of data created to reach 50,000 GB/sec. A lot of this will be contributed by the 2.2 million-plus mobile apps now available, which is increasing by 1,600 a day. This is the backbone of the internet of things (IoT).

The first consumer transaction on eBay was in September 1995 in France by its founder Pierre Omidayer. The number of consumer transaction on eBay then grew to 1.8 billion items by 2005. Today, e-commerce transactions have exceeded many physical retail outfits; Alibaba sold $17.78 billion on ‘singles day’ in 2016.

To put it simply PKI was never designed to address hyperscale transactions at this level, no wonder we have the security issues we are observing, so what is next?