What is Integrity Anyway ?
First of all we have to define what integrity is – as it is the most nebulous and least understood component of the CIA (Confidentiality, Integrity, Availability) security triad.
Ask a security veteran about the definition of integrity and they will mostly likely come up with data integrity i.e. overall completeness, accuracy and consistency of data. Part of the challenge is that this is a very narrow definition and misses the big picture of what integrity actually means in practice.
More broadly there is System Integrity, Process (or Supply Chain) Integrity and Governance (or Operational) Integrity. Indeed if we define “Integrity” as the absence of compromise across systems, networks and operations (and humans in in its traditional sense) its importance starts to become clear.
System Integrity often defined as “Anti-Tamper” in the military is about ensuring your systems are free of compromise. But what does that mean, how do you ensure it and what assumptions are necessary to verify it ? If you think about viruses or malware – they compromise the integrity of the systems they infect. If you think about the breaches that have occurred over the last years almost all of them have been driven by some form of malware exfiltrating customer records (Target) or disabling control systems (Stuxnet) to cause physical damage.
These are integrity attacks but we just haven’t had the language to recognize them as such. The status quo for dealing with such attacks is procedural – “we have procedures in place operated by trusted insiders to ensure our systems are in the correct state”. It's bullshit and everyone knows it. We just haven't had the tools to address the problem.
Process or Supply Chain Integrity is ensuring every step in a process is verifiable, replicable and accurate. Factories understand process and supply chain and as Jason Hoffman of Ericsson recently pointed out Cloud Computing represents the "new digital factories of our age". Take in inputs (network) manipulate them (compute) and either pass the results on to the next compute stage, return the results back to the user (network) or store them locally for future use (storage).
The challenge of course is that there is not a single Enterprise CIO who is willing to rely on an outsourced supply chain for mission critical processes. They have no visibility, no way to verify that those processes are correct, and limited legal recourse when things go wrong. The procedures they have relied on in the past are no longer theirs and the insiders have become outsiders. “Dynamic Attestation” or the ability to verify that the outsourced supply chain is correct and compliant in real-time is currently an unachievable goal but a necessary requirement for mission-critical processes to move to the cloud.
Operational or Governance Integrity is ensuring that the specified rules are being carried out correctly (eg in a factory don’t let a machine operate beyond specified limits). In cloud computing these governance rules are often specified in the PAAS (Platform As A Service) layer – rules for how operations should be carried out. The question then becomes how to ensure they are being enforced without again relying on procedure and trust. It’s ok to specify rules but as we have all know not everyone feels obliged to follow them.
Think about Edward Snowden – that was an operational integrity problem – he broke the rules of the system and it was not possible to detect his actions in time. Big Data also represents an interesting governance integrity problem. As many thought leaders such as Sandy Pentland have pointed out it is impossible to legislate around how data is collected and retained – there is simply too much of it being collected from a myriad of connected devices. The only thing that is realistically possible to legislate is how data is used – a governance problem. How then to enforce, verify and audit those rules.
Why Modern Solutions Fail
The harsh reality is that we haven’t had a technology to enforce and verify system, supply chain or operational integrity and instead industry attempts to address the symptoms of the problem not the root cause.
For security we search for integrity violations – but like searching for needles in a haystack there is no guarantee of success. Think of Geer’s law – “any security technology whose effectiveness cannot be empirically determined is indistinguishable from blind luck”.
You can have all the firewalls, malware detection, sandboxes and big data analytics in the world but you can’t prove they are working – your strategy ultimately comes down to hope that the attackers aren’t one step ahead. Unfortunately they always are.
Enter the Block Chain
One of the most important technologies over the last few years is the block-chain, a public ledger built on distributed consensus such that a transaction can be verified without need to referring back to a trusted centralized authority.
Two examples of block chain technology are bitcoin and KSI. We are huge believers in the bitcoin protocol and believe it can help transform financial services. Indeed some of us were very early bitcoin miners. Ahem.
Comparing Bitcoin and KSI
Bitcoin is based on a distributed consensus protocol that can currently process seven transactions per second, takes 10 minutes to settle, uses 10M USD of power every day and has O(n) space complexity (i.e. the block chain grows linearly with the number of transactions (currently at 20GB and growing).
KSI is based on a distributed consensus protocol that can currently process billions of transactions per second, has real-time settlement and verification, uses 1000 USD of power every day and has O(t) space complexity – i.e. the block-chain size grows at a fixed small rate over time independent from the number of transactions.
Bitcoin style digital currency settlement applications are in fact a subset of KSI applications. KSI could be used preventing double-spending of digital currency but that is not the focus. We are laser focused on cybersecurity and building a new framework with an integrity first approach based on different security assumptions; assumptions that can be empirically determined without reliance on centralized trust authorities.
If you can verify (and can thereby enforce) integrity – of systems, networks and operations without reliance on procedure and trusted human administrators it changes the focus; you can satisfy Geer’s law as your security is now based on empirical verifiability and any change in that integrity can be detected and acted upon. It is still impossible to prevent crime but it does become possible to detect it and mitigate its impact in real-time – 300 milliseconds to be precise.
This is our answer to Peter Thiel's question:
That in order to build secure systems you must start with integrity. Confidentiality is what you get when you have integrity. Focusing on confidentiality first leads to a road to nowhere.
A Vision of the Future
If we abstract a transaction to any event in the digital world i.e. any transport, compute, access or storage of electronic data (of which a financial transaction is one example) and if we build a block-chain of all those transactions then we can build a digital society where trust can be eliminated. You can still choose to trust, but you also have a means to verify the veracity of any statement. Truth not trust.
Peter Thiel in his book questions the viability of the lean startup movement popular in Silicon Valley in recent times i.e. the theory that we’re supposed to listen to what customers say they want, make nothing more than a “minimum viable product,” and iterate our way to success.
At Guardtime we agree. In his terms we are definite optimists i.e we are building the future we envision. We have never pivoted. We want to transform society by enabling transparency and accountability through a block-chain approach to system, process and operational integrity.
If Google organizes the world’s information and makes it universally available then Guardtime validates that information and make it universally reliable.
That vision is why we show up to work every day.