Introduction
DiME, the open and trust-based data format building secure Application-based Public-Key Infrastructures (APKIs) in a breeze.
Dime (Data Integrity Message Envelope) is an open data format to build trust and share data securely within networks of any size and shape. Dime envelopes contain encoded information, including verifiable claims by the sending party and application-specific encrypted data. Digital signatures and end-to-end encryption are used to ensure that data cannot be altered or read by unauthorized parties once created.
The DiME format may be used to support the building of Application-based Public-Key Infrastructures (APKI). APKI aims to move elements of traditional PKIs to the application. This includes trust establishment, authentication, and secure communication, all using public keys used and controlled by the applications themselves.
By establishing an APKI the security and controlled is encapsulated and interwoven into the context and purpose of the application. Some potential use cases for DiME include:
IoT networks for distributing sensitive data, including collected sensory information, operational instructions, patches, and firmware updates
Trusted processing and transmission when audit trails and results logging is crucial
Peer-to-peer messaging systems which messages are linked using cryptography
Distribution of sensitive information and records within any-sized networks
Establishing application-based networks with trusted entities
Traversing trust across different networks using multiple trust roots
Complex cryptography is merged with a modern data format focusing on security, human readability, and ease of use. DiME provides a powerful and flexible data format suitable for the secure foundation of any networked setup.
Additionally, strengths of the DiME format are its modular composition, enabling applications to shape the use for their specific needs. At the same time, it removes the need to build complicated authentication and verification mechanisms, as this is included in the actual transmitted data payloads using appropriate cryptography.
Through its flexible and modular design, DiME may be used in any type of entity network, from centralized to decentralized, where there is a need to either control connected entities through trust or broaden the reach of entities within a network and allow inter-network communication.
Guarding principles
The DiME data format has been designed with a few principles:
Application-based – enable applications to implement, use, and control the whole trust and security chain
Make use of modern structures – use modern thinking when designing the format
Human readability – easy to read for humans, ease troubleshooting
Minimize options and decisions – less room for mistakes during implementation and usage
Openness and transparency – important for the overall trust of a system
What problems are solved
According to the latest update of the OWASP Top 10, which describes the most common problems and mistakes found in real-world applications, cryptographic failures is in second place.
Cryptographic failures relate to lack of knowledge, skills, and experience in using cryptographic algorithms and set ups correctly. DiME is designed to remove some of those factors and, hopefully, prevent mistakes in cryptographic usage. The format pre-defines usages related to digital signatures (data integrity protection) and end-to-end encryption (data confidentiality protection) without the need of expert knowledge.
Further on, another entry on the OWASP Top 10 is Identity and Authentication Failures, where applications fail to properly identify and authenticate entities making requests. In DiME this is also built in with the help of digital trust by using public keys, much in the same way as traditional Public-Key Infrastructures.
These two aspects form the basis for End-To-End Encryption and Trust (E2EET) which enables applications to both protect sent and received data and verify the identity and trust of any involved parties.
Thanks for stopping by!
Last updated