FortKnoxster has announced (yet another) token sale for its secure privacy platform. It claims this is one of the few token sales backed by a working product, which is an indictment of the whole ICO scene. Yet what interests is less the token sale and more that product.
The FortKnoxster platform claims to be an end-to-end encryption system leveraging the Blockchain technology to establish secure and trusted communication links between its users. In essence, it encrypts files and communications in a senders’ browser before these are:
- sent to the servers
- stored in a decentralized storage area.
With decryption of data only possible in the browser of intended recipients, and all communications and data encrypted on all devices, users can communicate privately and safely, be it for:
- video calls
FortKnoxster privacy and encryption
The FortKnoxster platform’s encryption features are based on public key cryptography and include:
- 256-bit AES encryption,
- RSA 2048-bit key cryptography
- Elliptic Curve P-521 cryptography
- PBKDF2 key derivation with SHA-256 hashing.
Only the user has access to private keys. Privacy features include:
- blockchain technology for decentralized trust of digital identities
- decentralized P2P distributed storage
- zero-knowledge architecture
- confidentiality: only intended recipients have access to the data
- for integrity it verifies all messages for message authenticity (to avoid tampering)
- all messages, digitally-signed, have the senders’ identity verified.
The FortKnoxster blockchain dimension
The blockchain is a decentralized and open distributed ledger. Conventionally this records financial transactions – or, increasingly, virtually anything of value – conducted between two parties on a peer-to-peer network. The blockchain’s continuously growing, and complete, list of records exploits strong cryptography. This makes transactions permanently verifiable and therefore incorruptible. Since blockchains are publicly verifiable, they provide the security and transparency which have attracted FortKnoxster in the context of a security application.
FortKnoxster takes advantage of blockchain technology by:
- having a decentralized trust of digital identities
- maintaining its own Public Key Infrastructure (PKI)
- extending the latter to the Ethereum Blockchain, which stores the user’s Digital Identity in a registry using Smart Contracts.
The net effect is that no single entity can compromise security, not even FortKnoxster.Key exchange
A common problem in encryption systems continues to be the secure key exchange of public keys between users – making sure that the obtained key indeed belongs to the intended recipient. The FortKnoxster platform protects against such potential Man-In-The-Middle (MITM) attacks by leveraging the blockchain in conjunction with a self-signed contact list.
Each user keeps a contact list. This is where each contact record is digitally signed with the user’s Private Identity Key. It contains all the contact details – such as name, user id and the public keys.
Each contact is digitally signed during a contact request/accept process. This process involves:
- retrieving the contact’s digital identity from the blockchain
- verifying it in the client by computing the same Public Key Fingerprint from the contacts public keys
- verifying the signature with the contact’s Public Identity Key.
With the contact verified, it can be signed and added to the user’s own contact list. From then on, that user can trust this contact. It will verify the contact before using public keys to exchange messages, files or calls.
What does it mean
This raises the possibility of eliminating the risk of hacks, cyber-threats and centralized government surveillance attracts. Too much is exposed for comfort (and this is not assisted by politicians too lazy to dig into the weeds before pontificating).
The FortKnoxster is another (see ‘Substratums blockchain combinations decentralise Web content’) ‘tangential’ and ingenious use of blockchain. Its exploitation of blockchain is far removed from the Bitcoin world where blockchain gained credibility as an underlying technology base.
Whether the FortKnoxster platform is a good as its claims must remain uncertain. It is one of the endemic problems of security, as has always been the case, that it is near impossible to prove that secure means secure. Only the breaches demonstrate the opposite.
Nevertheless, the concept of using blockchain technology to secure communications is neat. What isn’t so clear is whether such dependence diminishes or increases the risks. All depends on the blockchain.