With the increasing reliance on Web services and software, the need for security and privacy measures is fast becoming paramount. To cater to this, developers have been using complex encryption methods to stay relevant. However, many still refrain from it, due to sheer complexity. Now, Google tries to tackle this by creating a public data framework that simplifies the developers’ job in building secure products and services moving forward.
Google has announced the open source release of its Key Transparency prototype, a platform that simplifies public key scanning. Google claims that this framework can be used by regular people as well, to verify a person’s online information through a public key.
“Existing methods of protecting users against server compromise require users to manually verify recipients’ accounts in-person. This simply hasn’t worked. Key Transparency is a general-use, transparent directory that makes it easy for developers to create systems of all kinds with independently auditable account data. It can be used in a variety of scenarios where data needs to be encrypted or authenticated. It can be used to make security features that are easy for people to understand while supporting important user needs like account recovery,” Google’s Ryan Hurst and Gary Belvin said in an announcement.
This framework looks to tackle the issues that complex systems like PGP face, due to which many developers avoid even using it. This public database will be created and managed by Google, and all the log changes to any user profile will also be public – and apparently cannot be tampered with. Thankfully, a user’s information can only be searched via their particular ID, and nothing else.
“Key Transparency dramatically improves the situation by providing a public audit record for all changes to data. When used with account data, Key Transparency provides a public audit record of all the actual recipients (in the form of public keys) associated with an account, all the times an account was updated, and who it was updated by-all in a privacy preserving way, ” Google’s Ryan Hurst and Gary Belvin said in an announcement.
Key Transparency looks to give developers all the data at hand to build simpler security features easily. Google claims it’s just a prototype, and the framework will be improved based on the security community’s feedback in the future.