Modern Australian
The Times

There are systems 'guarding' your data in cyberspace – but who is guarding the guards?

  • Written by Joanne Hall, Senior Lecturer in Mathematics and Cybersecurity, RMIT University
There are systems 'guarding' your data in cyberspace – but who is guarding the guards?

We use internet-connected devices to access our bank accounts, keep our transport systems moving, communicate with our colleagues, listen to music, undertake commercially sensitive tasks – and order pizza. Digital security is integral to our lives, every day.

And as our IT systems become more complex, the potential for vulnerabilities increases. More and more organisations are being breached, leading to financial loss, interrupted supply chains and identity fraud.

The current best practice in secure technology architecture used by major businesses and organisations is a “zero trust” approach. In other words, no person or system is trusted and every interaction is verified through a central entity.

Unfortunately, absolute trust is then placed in the verification system being used. So breaching this system gives an attacker the keys to the kingdom. To address this issue, “decentralisation” is a new paradigm that removes any single point of vulnerability.

Our work investigates and develops the algorithms required to set up an effective decentralised verification system. We hope our efforts will help safeguard digital identities, and bolster the security of the verification processes so many of us rely on.

Never trust, always verify

A zero trust system implements verification at every possible step. Every user is verified, and every action they take is verified, too, before implementation.

Moving towards this approach is considered so important that US President Joe Biden made an executive order last year requiring all US federal government organisations to adopt a zero trust architecture. Many commercial organisations are following suit.

Read more: Zero-trust security: Assume that everyone and everything on the internet is out to get you – and maybe already has

However, in a zero trust environment absolute faith is (counter intuitively) placed in the validation and verification system, which in most cases is an Identity and Access Management (IAM) system. This creates a single trusted entity which, if breached, gives unencumbered access to the entire organisations systems.

An attacker can use one user’s stolen credentials (such as a username and password) to impersonate that user and do anything they’re authorised to do – whether it’s opening doors, authorising certain payments, or copying sensitive data.

However, if an attacker gains access to the entire IAM system, they can do anything the system is capable of. For instance, they may grant themselves authority over the entire payroll.

In January, identity management company Okta was hacked. Okta is a single-sign-on service that allows a company’s employees to have one password for all the company’s systems (as large companies often use multiple systems, with each requiring different login credentials).

Following Okta’s hack, the large companies using its services had their accounts compromised – giving hackers control over their systems. So long as IAM systems are a central point of authority over organisations, they will continue to be an attractive target for attackers.

Decentralising trust

In our latest work, we refined and validated algorithms that can be used to create a decentralised verification system, which would make hacking a lot more difficult. Our industry collaborator, TIDE, has developed a prototype system using the validated algorithms.

Currently, when a user sets up an account on an IAM system, they choose a password which the system should encrypt and store for later use. But even in an encrypted form, stored passwords are attractive targets. And although multi-factor authentication is useful for confirming a user’s identity, it can be circumvented.

If passwords could be verified without having to be stored like this, attackers would no longer have a clear target. This is where decentralisation comes in.

Instead of placing trust in a single central entity, decentralisation places trust in the network as a whole, and this network can exist outside of the IAM system using it. The mathematical structure of the algorithms underpinning the decentralised authority ensure that no single node that can act alone.

Decentralisation (the same concept which underpins the blockchain) refers to a transference of authority within a system, from a central point of control, to several different entities. Shutterstock

Moreover, each node on the network can be operated by an independently operating organisation, such as a bank, telecommunication company or government departments. So stealing a single secret would require hacking several independent nodes.

Even in the event of an IAM system breach, the attacker would only gain access to some user data – not the entire system. And to award themselves authority over the entire organisation, they would need to breach a combination of 14 independently operating nodes. This isn’t impossible, but it’s a lot harder.

But beautiful mathematics and verified algorithms still aren’t enough to make a usable system. There’s more work to be done before we can take decentralised authority from a concept, to a functioning network that will keep our accounts safe.

Authors: Joanne Hall, Senior Lecturer in Mathematics and Cybersecurity, RMIT University

Read more https://theconversation.com/there-are-systems-guarding-your-data-in-cyberspace-but-who-is-guarding-the-guards-183041

Why Your Skin Breaks Out: The Science of Acne Explained

Acne is the most common skin condition in the world. An estimated 85% of people experience it at some point between the ages of 12 and 24, and a gro...

10 Swimwear Trends Australian Women Are Wearing This Summer

Every Australian summer brings a fresh wave of swimwear trends, but some styles have much greater staying power than others. While fashion constantly ...

Why Regular Skills Updates Are Essential for Licensed Security Officers

A guard at a Brisbane shopping centre gets a call about a shoplifter who's turned aggressive.  They’ve done the job for six years. But their de-...

10 Benefits of Choosing Professional Tutoring Penrith Services

Every student has unique learning strengths, challenges, and academic goals. While classroom teaching provides essential knowledge and structure, so...

Sunshine Coast Baby Classes Prove Big Hit Among First-Time Mums

There's a movement gaining traction on the Sunshine Coast, providing a village of support, socialisation and relief for first-time mothers and babie...

Father's Day Gift Ideas for Men Who Are Hard to Buy For

Some dads are easy to buy for. Others do not want anything, already have everything, or give you the classic "don't worry about me" answer every yea...

Top 5 Mistakes That Wear Out Your Brakes Faster

Brakes don't need frequent replacements like oil changes do.   But a lot of the wear happens quietly, over months, because of habits most drivers...

Plantation Shutters vs Curtains: Which Is Better for Your New Home?

Moving into a new home is an exciting opportunity to personalise your space and make it your own. While many homeowners focus on furniture, flooring...

Celebration of Life vs Traditional Funeral: What's the Difference?

When saying goodbye to someone you love, there is no single way to honour their life. Every family has different traditions, beliefs, and preference...

Building Approval for Roofing Projects: What Homeowners Need to Know

Roofing projects are an important part of maintaining and protecting your home. Whether you're repairing storm damage, replacing an ageing roof, or ...

Chatswood Tutoring And Its Role In Academic Achievement

Academic success often requires more than classroom attendance alone. Students face increasing expectations as they progress through school, particu...

Why Laser Hair Removal Treatments Continue Growing In Popularity

Managing unwanted hair can become time-consuming and frustrating for many people, especially when shaving, waxing, and other temporary methods requi...

Choosing the Right Devices for a Flexible Workplace

For IT leaders managing large fleets, the device layer is where workforce productivity and security policy meet. The shift towards flexible and hybrid...

How Business Advisory Services Help Companies Achieve Sustainable Growth

Every business owner aims to build a profitable and sustainable organisation. While dedication, innovation, and hard work are important, achieving l...

Why Body Contouring Has Become A Popular Cosmetic Treatment

Many people maintain healthy lifestyles through regular exercise and balanced eating habits but still struggle with stubborn areas of fat that are d...

How to Choose the Right POS Hardware for Your Business in Australia

A lot of Australian business owners spend weeks researching POS software but buy hardware almost as an afterthought. That's a mistake. The wrong har...

Why Material Handling Hose Is Critical for Industrial Efficiency

A high-performance material handling hose is an essential component in industries that transport abrasive, dry, or bulk materials on a daily basis...

How to Choose the Right Lawyer in Melbourne for Your Situation

Choosing legal support can feel difficult, especially when the stakes are personal or business-related. The right lawyer in Melbourne should underst...