Editor's Note: This is the first in an ongoing series of articles on security projects from academia and the nation's research labs with real-world implications.
Three cryptographers have developed a secure method to help content publishers make money via P2P content distribution without creating bottlenecks. The trio's key-storage system could prove a significant edition in the encryption arena, given how much content is expected to traverse public pipes in the coming year.
For instance, content providers who do not wish to manage their own Web servers now can encrypt and publish content on a peer-to-peer network such as Gnutella. Those wishing to subscribe to the provider's content can then purchase a key from the provider's Website. But if the provider is offering an entire year's worth of audio or video content to a large number of users, the demand for keys to decrypt the files could become overwhelming.
To remedy this, Fu took an existing key distribution method, called the S-key algorithm, and altered it so that a content subscriber could be issued a key that would unlock the content for that day and all previous days, but not provide access to any future content.
The beauty of the system is that the subscriber need only come to the provider once to obtain a key, thus avoiding network bottlenecks.
"There was a security problem," said Kohno, a computer science doctoral student at UCSD, who ran into Fu after his presentation at the Network and Distributed System Security Symposium in San Diego last year. "There was a subtle mathematical flaw that made the output (or the number generated by the key) to be not completely random."
Kohno worked with Fu and Samara to develop a stronger method, called Key Regression. This algorithm produces a public key to decrypt today's content, and secondary piece of code called "the member state." Combining the previous "member state" with the current key can decrypt scrambled information the day before yesterday and so on. The predictability is completely removed, so the system is more secure.
While the encryption itself is highly mathematical, it does have plenty of real-world applications. In an Internet environment where an increasing amount of multimedia content is distributed among an ever-growing number of peer-to-peer networks, such encryption techniques can be used to build efficient, low-cost content subscription models.
Modified versions could also be used for other applications, such as time-based password mechanisms or as s way to unlock subscription-based software. For example, a software provider could use this system as a licensing method for desktop applications. Cellular providers could use it to distribute multimedia content such as the daily news.
"What we're doing is creating the tool that the carpenter can use to build a house," says Kohno. "It is very likely that somebody will take these tools and use them to create products that we have not even thought of yet."
That said, the key regression algorithm is not patented. The researchers are content to solve the problems and let others build business models and product lines around what the trio dreams up. "Solving interesting problems is as satisfying watching a beautiful sunset," says Kohno.