There Are Systems ‘Guarding’ Your Data in Cyberspace – but Who Is Guarding the Guards

-

A “zero trust” approach is the current best practise in secure technology architecture used by major businesses and organisations.

We use internet-connected devices to access our bank accounts, keep our transportation systems running, communicate with coworkers, listen to music, perform commercially sensitive tasks, and order pizza.

Every day, digital security is a part of our lives.
And, as our IT systems become more complex, the possibility of vulnerabilities grows.
Organizations are increasingly being breached, resulting in financial loss, disrupted supply chains, and identity fraud.

A “zero trust” approach is the current best practise in secure technology architecture used by major businesses and organisations.

In other words, no person or system can be trusted, and all interactions must be verified by a central entity.

Unfortunately, complete faith is then placed in the verification system.
By breaching this system, an attacker gains access to the kingdom.
To address this problem, “decentralisation” is a new paradigm that eliminates any single point of failure.

Our research looks into and develops the algorithms needed to set up an efficient decentralised verification system.

We hope that our efforts will aid in the protection of digital identities and the security of the verification processes on which so many of us rely.

Never trust without first verifying.
Verification is implemented at every possible step in a zero trust system.

Before implementation, every user is verified, as is every action they take.

Moving toward this approach is regarded as so critical that US President Joe Biden issued an executive order last year requiring all US federal government organisations to implement a zero trust architecture.

Many commercial enterprises are following suit.

In a zero trust environment, however, absolute trust is placed (contrary to popular belief) in the validation and verification system, which is typically an Identity and Access Management (IAM) system.

This creates a single trusted entity that, if compromised, provides unrestricted access to the entire organization’s systems.

An attacker can use a stolen user’s credentials (such as a username and password) to impersonate that user and do anything they’re authorised to do, such as opening doors, authorising specific payments, or copying sensitive data.

However, if an attacker gains complete access to the IAM system, they can do whatever the system is capable of.
For example, they may delegate authority over the entire payroll.

Okta, an identity management company, was hacked in January.
Okta is a single-sign-on service that allows employees of a company to use a single password for all of the company’s systems (as large companies often use multiple systems, with each requiring different login credentials).

Following Okta’s hack, large corporations that used its services had their accounts compromised, giving hackers access to their systems.
As long as IAM systems are a central point of authority within organisations, they will remain a tempting target for attackers.

Trust decentralisation
In our most recent work, we refined and validated algorithms that can be used to build a decentralised verification system, making hacking much more difficult.

TIDE, an industry collaborator, has created a prototype system based on the validated algorithms.

When a user creates an account on an IAM system, they select a password, which the system encrypts and stores for later use.
However, even in encrypted form, stored passwords are appealing targets.

Furthermore, while multi-factor authentication is useful for confirming a user’s identity, it can be defeated.

If passwords could be validated without being stored in this manner, attackers would no longer have a clear target.
Decentralisation comes into play here.
Instead of putting trust in a single central entity, decentralisation puts trust in the network as a whole, which can exist independently of the IAM system.

The mathematical structure of the algorithms that underpin decentralised authority ensures that no single node can act independently.

Furthermore, each node on the network can be operated by a separate entity, such as a bank, telecommunications company, or government department.

So stealing a single secret would necessitate hacking several separate nodes.
Even if an IAM system breach occurred, the attacker would only gain access to some user data and not the entire system.

To gain control of the entire organisation, they would have to breach a combination of 14 independently operating nodes.
This isn’t impossible, but it’s a lot more difficult.

Beautiful mathematics and verified algorithms, however, are insufficient to create a usable system.

There is still work to be done before we can move from the concept of decentralised authority to a functioning network that will keep our accounts safe.

Found this article interesting? Follow BG on Facebook, Twitter and Instagram to read more exclusive content we post.

0 0 votes
Article Rating
Subscribe
Notify of
guest

0 Comments
Inline Feedbacks
View all comments

Latest news

LG Ultra PC 14-Inch, 16-Inch Laptops With AMD Ryzen 5000 Series Processors Launched

The laptops of the LG Ultra PC series include anti-glare IPS panels with minimal bezels. Last week, LG introduced 14-inch...

Samsung Galaxy A23 5G With 6.6-Inch Infinity-V Display, 5,000mAh Battery Launched

Table of ContentsSamsung Galaxy A23 5G price, availability (expected)Samsung Galaxy A23 5G specifications Samsung has not yet revealed the Galaxy...

LG Ultra Tab With 10.35-Inch Display, Snapdragon 680 SoC Launched

Table of ContentsLG Ultra Tab priceLG Ultra Tab specifications The 7,040mAh battery in the LG Ultra Tab supports 25W rapid...

OnePlus 10T Glacier Mat Case With Sustainable Circulation Cooling, Bumper Case Sandstone Launched In India

Table of ContentsOnePlus 10T Glacier Mat Case, Bumper Case Sandstone, Tempered Glass price in India A tempered glass for the...

Latest Updates

Must read

You might also likeRELATED
Recommended to you

0
Would love your thoughts, please comment.x
()
x