PKI for the People will be presented in public for the first time at DEFCON Demo Lab on August 6th, 2016. Check out our introduction for an eye-opener.... even if you are not a techie!

1. PKIforthePeople
A Public Research Initiative

2. Areyouunder attackonlinerightnow?
Existingdetectiontoolsgiveapartialpicture.

3. Noneofthemhaveevergone
Fromtheendpointsup.

4. It’sokay.
Theycouldn’t.

5. Butreally,isa maninthemiddle feedingyou
afakesslcertificaterightnow?
Youdon’tknow.

6. Andyoucan’tcheck.

7. OneFact:
Themobiledevicehas neverbeenable
tobeanything morethanaclient.

8. Kindasad.It’sneverbeena httpsserver.

9. Until now.

10. Security is a chain; it's only as strong as the weakest link.
The security of any CA-based system is based on many links and
they're not all cryptographic. People are involved.
-Bruce Schneier on PKI
OneLegitQuote:

11. PKI for the People is a movement
with a tangible benefit:
Analertsystem
for the state of the global trust.

12. It is an open source tool using
a peer-to-peer network
based on a mobile and desktop app.

13. Yes, it’s a node net.

14. This node net is used to
audit/monitor changes to the
global security infrastructure.
In real-time.
Thisincludes:
DNS records
IP addresses
Domain names
Certificate IDs
Public roots

15. The device will sign these
certificates records with a
unique server identifier
(assigned to the specific mobile or
desktop application).
The application will query
the top 1000 websites to
receive their public-facing
certificates.
Step1
Step2

16. The application will discover other network nodes.
It will validate each public certificate with other members of the network.
This generates blockchain-based cryptographic security assertions.

17. What about…?

18. We appreciate these initiatives.
They have laid a solid foundation for our work.

19. Tweet to @Beame_io to learn more
or get a technical description.