TA4NGI – DAASI International Creates Concept for Secure Authentication Procedure on Internet
DAASI International on experience values for sustainable authentication and its design using the model of TA4NGI.
In October 2020 DAASI International became an “NGI architect” as part of the European initiative Next Generation Internet (NGI). NGI promotes new technologies as well as the development of existing technologies across Europe. Their goal is to shape a new generation of the Internet which respects European values, and is centred around humanity.
The working group NGI Pointer focuses on changes to the basic structure of the Internet. Within this programme DAASI International worked on TA4NGI, a proof of concept (PoC) n which an authentication mechanism for the open source software SATOSA was implemented.
The Challenge of Quantum Technology
Motivated by the idea of an authentication process secure enough to face future challenges posed by quantum computers, the team of DAASI International began the project Trust and Authentication for the Next Generation Internet – TA4NGI.
Ultimately, the goal was to prototypically implement authentication and encryption methods which would withstand hacking attempts aided by quantum technology. Their attempt was focused on TLS-KDH which had been specified in early 2020 the last time yet never was actually applied. Thus an important milestone of TA4NGI was to evaluate whether TLS-KDH can be integrated into modern business apps. Corteza was chosen as exemplary business app for the PoC.
Outcome and Prospect
Over the course of the project, which was about one and a half years, DAASI International continuously worked towards several milestones they had chosen at the beginning. The first important milestone was to create a concept which took a closer look at all associated technology as well as gave an introduction to TLS-KDH itself. The source code of the implementation is publicly licensed, and available in a public Gitlab repository next to the correlating technical documentation.
In the end the PoC proved that TLS-KDH can be successfully applied to realistic use cases. However these use cases are still limited to server-server scenarios as TLS-KDH is not supported by most (popular) browsers as of yet. By integrating Authenticator, the authentication module of DAASI International’s very own software suite didmos, it was proven that it was overall doable. In all, the project provided insights about advantages and disadvantages of currently commonly used authentication and encryption mechanisms (Kerberos, TLS and Diffie Hellman Forward Secrecy), which led to the conclusion that the combination of these technologies for secure authentication and encryption as proposed in TLS-KDH is indeed able to withstand the test of time.
In the future, DAASI International sees themselves more in the role of a service provider rather than a developer when it comes to TLS-KDH. In order to achieve broader support for the protocol in the future, it would be essential to integrate it into the relevant SSL libraries.
About DAAI International
DAASI International is an expert in (federated) identity and access management, exclusively using open source technology. Since it was founded in 2000, the IT service provider from Tübingen, Germany deals with identity management, access control and directory service technologies for universities, public authorities and companies. Additionally, DAASI International is actively involved in the field of digital humanities and participates in national and international research projects.
About The NGI Initiative
The Next Generation Internet (NGI) is a European Commission initiative that aims to shape the development and evolution of the Internet into an Internet of Humans. An Internet that responds to people’s fundamental needs, including trust, security, and inclusion, while reflecting the values and the norms all citizens enjoy in Europe.