P3KI Core has been a long time coming: based on research that begun in 2006, two best-of-class diploma theses, and under active development since 2014 by a growing consortium of companies with a headcount crossing thirty.
P3KI Core is the brainchild of the internationally renowned hacker Felix 'FX' Lindner and strongly informed by decades of experience 1, 2, 3, 4, 5, 6, 7 doing cyber security consulting1 for large multi-nationals from the automotive to telecoms sector.
In colaboration with a large, german chemical company (references upon request) operating internationally, we've successfully presented a system to self-service personalized accounts in accordance with regulations such as IEC 62443 and GMP.
We've showcased cross-airgap functionality enabling easy onboarding of employees and contractors to gain access to a DCS (Distributed Control System).
We've developed a novel concept to marry classic PKI with P3KI's web-of-trust to enable seamless permission control delegation across PKI boundaries.
In collaboration with the Maritime Connectivity Platform Consortium we've been developing a Decentralized Trust System for international maritime shipping applications.
With our partner digital.Wolff we're bringing offline capable authorization to IoT payment terminals.
We've extended our platform support to include the Xtensa Platform (ESP32) as well as WebAssembly (WASM) along side Python 3 bindings.
Work on a Kubernetes integration to allow flexible authorization of large scale Cloud deployments is underway.
We've joined the newly established Trust over IP Foundation to further the standardization effort for decentralized PKI solutions.
With this proof of concept we are able to show that it's possible to use P3KI Core to digitize personal certificates, like attestations for having successfully passed a professional welding test. The resulting system is straight forward to use, protects your privacy, and fully supports offline verification for scenarios where you do not have internet connectivity at hand.
Due to customer demand for an embedded implementation of P3KI Core, we've decided to move away from Java. After much deliberation we've settled on Rust at a time where MISRA-C and C++ where still state of the art.
Two years later, in mid-2019 we would be proven right in our decision, when even Microsoft hailed Rust as the next big and safe systems programming language.
With this proof of concept for a large automotive we've outlined the applicability of P3KI to vehicle-to-X scenarios, namely autonomous parking and driving. For this we've developed a table-top demonstrator based on small mobile computers wirelessly communicating with each other.
As a first proof-of-concept we've shown an alternative approach to how PGP does verification of key material. PGP let's you verify that you trust someone that trusts someone that trusts a given key to be legitimate. However, since you already have a usable key in hand and attesting someone's key at key signing events did not quite scale, this step is rarely taken.
Our prototype turned this around by doing a forward-search of the web-of-trust until it found a trusted key that was directly usable or none at all, making key verification way more robust.
Gregor Kopf, in his diploma thesis, layed the foundation for what would become P3KI two years later. He outlined a distributed, peer-to-peer based, highly flexible alternative PKI approach and wrote the first prototype implementation while working for Recurity Labs1.
The automotive industry foresaw the need for distributed PKI to address increasingly complex maintenance scenarios as well as vehicle-to-X communication security. The standard itself is heavily influenced by the established tools available at the time (X.509) and several important technical details are noted as outside the scope of the standard.
Nevertheless, ISO 20828 was instrumental in seeding the idea that would later become P3KI Core. Today P3KI Core goes far beyond what ISO 20828 envisioned and solves all its requirements with ease.
SDSI/SPKI was way ahead of its time and was soon forgotten outside academia. Despite not being aware of SDSI/SPKI during initial development of P3KI Core we've arrived at many a same conclusion. P3KI Core, while not exactly SDSI/SPKI, shares a lot of its spirit.
If you want to learn more, don't hesitate to get in touch with us for a presentation and demo!Contact us!
P3KI is a young and growing company with many opportunities for first-class developers, security and cryptography experts, operations wizards and the likes.
If you think you've got what it takes to complement our team, get in touch!Contact us!