A "zero trust" approach is the current best practise in secure technology architecture used by major businesses and organisations.
HIGHLIGHTS
Before going live, every user and action is double-checked.
There isn't a single person or system that can be trusted.
Through a central entity, the interactions are verified.
We use internet-connected devices to check our bank accounts, keep our transportation systems running, communicate with coworkers, listen to music, complete commercially sensitive tasks – and order pizza.
Every day, digital security is a part of our lives. The potential for vulnerabilities grows as our IT systems become more complex. More and more businesses are being hacked, resulting in financial losses, supply chain disruptions, and identity theft.
A "zero trust" approach is the current best practise in secure technology architecture used by major businesses and organisations.
To put it another way, no one or system can be trusted, and every interaction must be verified by a central entity.
Regrettably, total faith is then placed in the verification system in use. As a result, breaking into this system grants an attacker access to the kingdom's keys. To address this problem, "decentralisation" is a new paradigm that eliminates any single vulnerability point.
Our research looks into and develops the algorithms needed to set up a decentralised verification system that works.
We hope that our efforts will contribute to the protection of digital identities and the security of the verification processes that so many of us rely on.
Always verify before you trust. Verification is implemented at every possible step in a zero trust system.
Before going live, every user is verified, and every action they take is verified as well.
The importance of adopting this approach is so great that US President Joe Biden issued an executive order last year requiring all US federal government organisations to implement a zero trust architecture.
Many commercial enterprises have followed suit.
In a zero trust environment, however, absolute trust is placed in the validation and verification system, which in most cases is an Identity and Access Management (IAM) system (contrary to popular belief).
This creates a single trusted entity that can gain unrestricted access to the entire organization's systems if it is breached.
An attacker can impersonate a user using stolen credentials (such as a username and password) and do anything that user is authorised to do, such as opening doors, authorising certain payments, or copying sensitive data.
An attacker who gains access to the entire IAM system, on the other hand, can do anything the system can do. They could, for example, give themselves complete control over the payroll.
Okta, an identity management company, was hacked in January. Okta is a single-sign-on service that allows employees of a company to use a single password for all of the company's systems (as large companies often use multiple systems, with each requiring different login credentials).
Following Okta's hack, large businesses that used its services had their accounts hacked, giving hackers access to their systems. IAM systems will continue to be an attractive target for attackers as long as they are a central point of authority over organisations.
Trust decentralisation In our most recent research, we refined and validated algorithms that can be used to build a decentralised verification system that makes hacking much more difficult.
TIDE, one of our industry partners, has created a prototype system based on the validated algorithms.
When a user creates an account on an IAM system, they select a password that the system should encrypt and store for future use. Even if stored passwords are encrypted, they are tempting targets.
Multi-factor authentication is useful for verifying a user's identity, but it can be hacked.
Attackers would no longer have a clear target if passwords could be verified without having to be stored in this manner. This is where the concept of decentralisation comes into play. Decentralisation places trust in the network as a whole, rather than a single central entity, and this network can exist outside of the IAM system that uses it.
The mathematical structure of the algorithms that underpin decentralised authority ensures that no single node can act independently.
Furthermore, each node on the network can be operated by a separate entity, such as a bank, a telecommunications company, or government agencies.
As a result, stealing a single secret would necessitate hacking several separate nodes. Even if there is a breach in the IAM system,
And they'd have to break through 14 independently operating nodes to gain control of the entire organisation. This isn't impossible, but it's much more difficult.
Beautiful mathematics and tested algorithms, however, are insufficient to create a usable system.
There's still a lot of work to be done before we can turn decentralised authority into a working network that keeps our accounts safe.
