Dive into the blockchain technology: Worldwide public key infrastructure
We continue the cycle of articles about Emer technology. This article will tell about the infrastructure for managing terminal access to network nodes using the ssh, emcSSH protocol.
1. A series of materials on Emer technology:
1.1. The secrets of EmerCoin .
1.2. Decentralized uncensored domain name system .
1.3. Worldwide public key infrastructure .
1.4. Decentralized password-free security system .
2. Fast and secure transactions .
3. Ecosystem of digital dentistry .
4. Combating counterfeit goods .
5. Mutual insurance of animals .
6. What is ICO and how to conduct it .
7. Loading ...
As discussed in previous articles, the main utilitarian feature of the Emergency Network is Name-Value Storage (NVS), a distributed trusted storage of records of any kind.
')
And if you put a record in NVS, you can be sure that:
In other words, you can be sure that the entry placed on the blockchain will be available to all network participants, and it will be the same for everyone and exactly the same as you made it, and no one “on the way” changed this entry, as in Pushkin’s fairy tale : “And in his bag is empty, they put another letter”.
Considering also that Emer is unlimitedly scaled, it is possible to make an efficient public-key PKI (Public Key Infrastructure) public-key infrastructure based on the Emer NVS service.
Below, you will learn about such an infrastructure for controlling terminal access to network nodes using the ssh protocol, emcSSH.
In most cases, for login to network servers using ssh, a classic authentication solution is used - a password that the user presents to the server at login. Password authentication has a number of flaws, such as the ability to pick or lure a password, and advanced users use public key authentication, by which the server identifies clients.
In small networks, the simplest solution is used when public keys are placed in a static file (usually
In more or less large networks (enterprise-level enterprise scale), centralized management of both user access keys and groups of users who have certain privileges is used. Typically, such systems are made on the basis of software products Puppet, LDAP / Kerberos, and the like. Such a centralized system is already more manageable than a set of files scattered across different servers. Nevertheless, it has several disadvantages:
Technically, the emcSSH worldwide PKI system is very simple. The simplicity is due to the fact that Emer NVS performs almost all the work. The emcssh program is just a “bridge” between Emer's blockchain and the sshd server, which interprets the corresponding blockchain NVS entries and generates a list of public keys for one or another account for sshd. According to the specification, NVS-record consists of Name (search key) and Value (data associated with the key).
NVS (Name, Value) records for the emcssh service have the prefix Name
Entries are made to NVS either manually, through the wallet GUI, or through the JSON RPC API commands.
Consider creating entries for emcssh using examples, step by step:
1. End users place their public keys in the records of the following type in Emer NVS:
For example:
Since the name is unique within the Emer network, it uniquely identifies the owner of the public key.
2. An administrator of a group of access to a resource can create an ACL (access control list) for a certain group of users by creating a list of references to the
For example:
3. The group administrator can include in the ACL not only links to users, but also links to other groups, for example:
Link groups can also contain links to other groups, thus creating a hierarchy of groups and users. Moreover, it should be noted that the owners of records about groups and users can be very different people working in different organizations. That is, each manages his entries in his area of ​​responsibility, and the blockchain creates a hierarchy through links between entries.
Now that the records are created, the emcssh program comes into play. When trying to log in the next comer, the sshd server starts the emcssh program, passing it the
When generating a list of ssh-keys, the program caches the list of already processed
For example, if the “@EmercoinTeam” link is set in the server configuration for an account, the emcssh program will extract the corresponding group “@ EvgenijM86 | @Garrett | @emergator | @denis | @sv” from the blockchain, and then allow each link from a group to an individual public key, and thus generate a list of five public keys.
It would seem - is there a big difference, when instead of the actual public key on the server we store only a link to it, and retrieve the key itself from some blockchain? But in fact, there is a difference, and it is huge. And it results from the fact that the connection between the
Similar reasoning can be given for an ACL managed by
Considering that in modern business there is an increasing tendency to outsource IT, accounting, telephony, auditing, and the like - emcSH becomes an effective means of ensuring intercorporate interaction. The outsourcing company manages its groups, including hierarchical ones. Users manage their keys. And the client company allows access to the relevant groups, and its admin doesn’t have a headache about what is happening with the outsourcer.
The above division of powers (localization of responsibility) allows you to organize large-scale group work without centralizing privileges and entering the role of super-admin responsible for everything.
Let us briefly list the main advantages of emcSSH:
1. All software — both the Emer node and emcssh are Open Source Freeware distributed under GNU / BSD licenses. Sources are available on GitHub , where they can be downloaded, analyzed and compiled.
2. Key and group management is most conveniently done through the GUI QT wallet .
3. For servers, there are pre-compiled builds for major Linux versions that are installed by package managers. It is also possible to expand the Emer node with the pre-installed emcSSH and other services in Microsoft Azure .
4. Under FreeBSD and other operating systems, building from source is also not a problem, and takes several minutes.
5. The distribution kit, man-pages and assembly guide are available on emcSSH page.
6. Step-by-step Russian-language instruction with pictures.
7. Making entries in Emer NVS is paid, and requires a certain amount of EmerCoins, which are “burned” when creating a record. The price is low, about $ 0.05 at the current rate for a 10-year record, but you still need to take coins somewhere. They can be purchased on any crypto-exchange from the list , for example Livecoin .
8. You can communicate with the developers by mail.
For the safe operation of the emcSSH network, do not let the recordings expire. Reserve a record for a long time (albeit 1000 years), and renew as necessary.
The emcSSH system has been used by the EmerCoin development team for about two years to manage a distributed cloud infrastructure and VPS, and has proven to be in line with the requirements and expectations.
Also, HashCoin has been successfully using this system for more than a year to manage miner arrays and distributed data centers. Interview CTO company about the experience of operating the system here .
The emcSSH system as
For example, HashCoin suggested using emcSSH to manage access lists to the site through the emcSSL service.
More information about emcSSL and this application will be explained in the following articles.
Oleg Hovayko is a leading cryptocurrency developer EmerCoin, an expert in the field of cryptography and computer security. Since 1994 he has been working in IT. Currently, he is also the vice-president of the American investment bank, which makes operations with securities - Jefferies & Company. Which is considered one of the largest independent US banks.
The series of articles "Immersion in technology blockchain"
1. A series of materials on Emer technology:
1.1. The secrets of EmerCoin .
1.2. Decentralized uncensored domain name system .
1.3. Worldwide public key infrastructure .
1.4. Decentralized password-free security system .
2. Fast and secure transactions .
3. Ecosystem of digital dentistry .
4. Combating counterfeit goods .
5. Mutual insurance of animals .
6. What is ICO and how to conduct it .
7. Loading ...
Introduction
As discussed in previous articles, the main utilitarian feature of the Emergency Network is Name-Value Storage (NVS), a distributed trusted storage of records of any kind.
')
And if you put a record in NVS, you can be sure that:
- This entry will be distributed to all network nodes, that is, each node will have a copy in its local blockchain.
- Confidence in a particular record, like in the whole blockchain, is created through the consolidated efforts of miners POW and POS.
In other words, you can be sure that the entry placed on the blockchain will be available to all network participants, and it will be the same for everyone and exactly the same as you made it, and no one “on the way” changed this entry, as in Pushkin’s fairy tale : “And in his bag is empty, they put another letter”.
Considering also that Emer is unlimitedly scaled, it is possible to make an efficient public-key PKI (Public Key Infrastructure) public-key infrastructure based on the Emer NVS service.
Below, you will learn about such an infrastructure for controlling terminal access to network nodes using the ssh protocol, emcSSH.
How it works without emcSSH
In most cases, for login to network servers using ssh, a classic authentication solution is used - a password that the user presents to the server at login. Password authentication has a number of flaws, such as the ability to pick or lure a password, and advanced users use public key authentication, by which the server identifies clients.
In small networks, the simplest solution is used when public keys are placed in a static file (usually
$HOME/.ssh/authorized_keys ) on a particular server. However, as the size of the network grows, keeping the list of keys on a variety of machines up-to-date becomes an administrative headache. For example, when a person is fired, the administrator must bypass all the computers to which he had access, and accurately remove the corresponding entry from each file. This approach justifies itself in a network of five computers, but it is practically not applicable in a network of fifty.In more or less large networks (enterprise-level enterprise scale), centralized management of both user access keys and groups of users who have certain privileges is used. Typically, such systems are made on the basis of software products Puppet, LDAP / Kerberos, and the like. Such a centralized system is already more manageable than a set of files scattered across different servers. Nevertheless, it has several disadvantages:
- The need to deploy, configure, and administer the PKI infrastructure — the central key server, domain controllers, creation of databases and replication rules on controllers, security of update channels, security for authorization requests, and a lot of similar work.
- Centralizing such a system gives the administrator almost unlimited authority, that is, gives the administrator a “god mode”, where he has the opportunity to compromise any accounts of any users (and even if all at once), or enter into the system of fictitious pseudo-users, doing everything on their behalf . And there is a crucial question - how to guard the guard?
- The seizure of control over the key management center will lead to a compromise or paralysis of the entire network. In other words, the cost of compromising losses is enormous.
- Updating user keys occurs through the administrator. That is, the user is required to change the key to contact the administrator, to identify himself, to give him the key, and he will enter the key in the centralized system. This process is reminiscent of a hundred years old telephone commutation like “aly, lady, give Smolny”.
- Restrictions on the growth of such a system at the enterprise level. In addition to technical issues, when it is difficult to imagine LDAP support for hundreds of thousands of domain controllers in a country-level or global scale network, there is also a problem of trust restriction - for example, an enterprise security administrator’s database is unlikely to allow an administrator of another arbitrary enterprise to modify this database. This has already led to the fact that people simply do not imagine a PKI system of a higher level than an enterprise. Although it would seem, every day is an example of a working worldwide network, the Internet!
How emcSSH works
Technically, the emcSSH worldwide PKI system is very simple. The simplicity is due to the fact that Emer NVS performs almost all the work. The emcssh program is just a “bridge” between Emer's blockchain and the sshd server, which interprets the corresponding blockchain NVS entries and generates a list of public keys for one or another account for sshd. According to the specification, NVS-record consists of Name (search key) and Value (data associated with the key).
NVS (Name, Value) records for the emcssh service have the prefix Name
“ssh:” and follow the following formal rules: username, groupname, ssh_public_key ::= VisibleString name_key ::= <username> | <groupname> token ::= <ssh_public_key> | ”@”<name_key> Name ::= ”ssh:”<name_key> Value ::= <token> | <token>“|”<Value> Entries are made to NVS either manually, through the wallet GUI, or through the JSON RPC API commands.
Consider creating entries for emcssh using examples, step by step:
1. End users place their public keys in the records of the following type in Emer NVS:
Name=ssh:username Value=ssh_public_key For example:
"name" : "ssh:emergator", "value" : "ssh-rsa AAAAB3…”. Since the name is unique within the Emer network, it uniquely identifies the owner of the public key.
2. An administrator of a group of access to a resource can create an ACL (access control list) for a certain group of users by creating a list of references to the
username users, that is, a record like: Name=ssh:groupname Value=@usename1|@username2|...|@usernameN For example:
"name" : "ssh:EmercoinTeam", "value" : "@EvgenijM86|@Garrett|@emergator|@denis|@sv", 3. The group administrator can include in the ACL not only links to users, but also links to other groups, for example:
Name=ssh:super_group Value=@usename1|@username2|@EmercoinGroup Link groups can also contain links to other groups, thus creating a hierarchy of groups and users. Moreover, it should be noted that the owners of records about groups and users can be very different people working in different organizations. That is, each manages his entries in his area of ​​responsibility, and the blockchain creates a hierarchy through links between entries.
Now that the records are created, the emcssh program comes into play. When trying to log in the next comer, the sshd server starts the emcssh program, passing it the
username parameter. The program for the given username retrieves the links to the name_key(s) in the blockchain from the configuration of the corresponding user, and recursively, through the chain of queries into the blockchain, “unpacking” these keys, creates a list of ssh keys for the given account, which the sshd program sends. And she, in turn, authorizes a stranger or rejects him.When generating a list of ssh-keys, the program caches the list of already processed
name_key , and does not process previously processed keys when re-meeting. This protects the system from endless recursion (including indirect), and also allows you to correctly resolve "diamond-like inheritance", when a certain group refers to other groups, and those in turn refer to the third. In this case, the third group will be processed once, and ignored when processing the second branch of the diamond.For example, if the “@EmercoinTeam” link is set in the server configuration for an account, the emcssh program will extract the corresponding group “@ EvgenijM86 | @Garrett | @emergator | @denis | @sv” from the blockchain, and then allow each link from a group to an individual public key, and thus generate a list of five public keys.
EmcSSH benefits
It would seem - is there a big difference, when instead of the actual public key on the server we store only a link to it, and retrieve the key itself from some blockchain? But in fact, there is a difference, and it is huge. And it results from the fact that the connection between the
username and the key is controlled by the owner of the username , and the use of the username and the corresponding key is controlled by the person responsible for the server to which the login occurs. And, for example, if it is necessary to replace the key, the username host on his side generates a new key ( ssh_public_key ) and publishes it in NVS. After that, the updated record is replicated across all network nodes, and its accuracy is confirmed by public cryptocurrency consensus. The server administrator no longer cares that the key has been updated by the owner. Moreover, this key update will automatically occur in all servers to which our username has access, without the participation of any administrators or human operators. Returning to the analogy with the telephone network, it can be said that instead of the human operator “ale, give Smolny,” the automatic dialing system was used.Similar reasoning can be given for an ACL managed by
groupname . For example, if your company decided to give access to some account for EmercoinTeam, then the admin of the company simply prescribes a link to the group at home. And the admin of Emercoin administers the contents of the group, not the administrator of your company. And if any personnel changes took place in Emercoin, then this is not the business of the administrator of your company, but the business of the Emercoin administrator, who maintains the relevance of this group.Considering that in modern business there is an increasing tendency to outsource IT, accounting, telephony, auditing, and the like - emcSH becomes an effective means of ensuring intercorporate interaction. The outsourcing company manages its groups, including hierarchical ones. Users manage their keys. And the client company allows access to the relevant groups, and its admin doesn’t have a headache about what is happening with the outsourcer.
The above division of powers (localization of responsibility) allows you to organize large-scale group work without centralizing privileges and entering the role of super-admin responsible for everything.
Let us briefly list the main advantages of emcSSH:
- localization of authority, and increased security as a result;
- ease of administration;
- automatic update of keys and groups without the participation of the administrator;
- usability;
- decrease in the price of infrastructure and its administration;
- the ability to create end-to-end trust between distributed participants.
useful links
1. All software — both the Emer node and emcssh are Open Source Freeware distributed under GNU / BSD licenses. Sources are available on GitHub , where they can be downloaded, analyzed and compiled.
2. Key and group management is most conveniently done through the GUI QT wallet .
3. For servers, there are pre-compiled builds for major Linux versions that are installed by package managers. It is also possible to expand the Emer node with the pre-installed emcSSH and other services in Microsoft Azure .
4. Under FreeBSD and other operating systems, building from source is also not a problem, and takes several minutes.
5. The distribution kit, man-pages and assembly guide are available on emcSSH page.
6. Step-by-step Russian-language instruction with pictures.
7. Making entries in Emer NVS is paid, and requires a certain amount of EmerCoins, which are “burned” when creating a record. The price is low, about $ 0.05 at the current rate for a 10-year record, but you still need to take coins somewhere. They can be purchased on any crypto-exchange from the list , for example Livecoin .
8. You can communicate with the developers by mail.
post office
team@emercoin.com
For the safe operation of the emcSSH network, do not let the recordings expire. Reserve a record for a long time (albeit 1000 years), and renew as necessary.
Experience of practical use
The emcSSH system has been used by the EmerCoin development team for about two years to manage a distributed cloud infrastructure and VPS, and has proven to be in line with the requirements and expectations.
Also, HashCoin has been successfully using this system for more than a year to manage miner arrays and distributed data centers. Interview CTO company about the experience of operating the system here .
Extensions
The emcSSH system as
ssh_public_key can “deliver to the consumer” not only the ssh public key, but an arbitrary text string. This makes it possible to use emcSSH to create distributed ACLs for other services not related to ssh.For example, HashCoin suggested using emcSSH to manage access lists to the site through the emcSSL service.
More information about emcSSL and this application will be explained in the following articles.
about the author
Oleg Hovayko is a leading cryptocurrency developer EmerCoin, an expert in the field of cryptography and computer security. Since 1994 he has been working in IT. Currently, he is also the vice-president of the American investment bank, which makes operations with securities - Jefferies & Company. Which is considered one of the largest independent US banks.Source: https://habr.com/ru/post/316326/
All Articles