Learning from Internet History
“Those who cannot remember the past are condemned to repeat it”- George Santayana
When the inventors of the Internet implemented their ideas for communication they weren’t thinking about security. Indeed at the time there was little justification for thinking about security and no one could ever have predicted the profound impact and trillion dollar industries that have been built based on their invention.
The reality is that there has been little fundamental innovation in security in the last 40 years. PKI still remains the only tool in the cryptographic toolshed for authenticating data but the model is based on centralized trust authorities which is in direct opposition to distributed open systems such as the Internet.
PKI relies on trust authorities (a Certificate Authority, CA in the case of identity or a Time Stamp Authority (TSA) in the case of time). As we outlined in a previous post, if all you have is a PKI hammer, then everything looks like a nail.
PKI was invented so that two parties can share a secret across an insecure channel – and for that purpose and that purpose alone it has been a massive success, as implemented in protocols such as TLS.
For everything else, and especially for authentication of data at rest the complexities and cost of key management make it impossible to scale. 1990 to 2000 were the “Years of PKI”. Nothing materialized then and in 2014 nothing much has changed. Like eating spaghetti with a spoon, it is the wrong tool for the job.
What is Keyless Signature Infrastructure?
After suffering a crippling, prolonged national-scale cyberattack, Estonia recognized that a new approach was needed to restore and guarantee trust in digital systems.
Under the auspices of the Estonian Government and the small country’s private sector, in 2007 a team of Estonian cryptographers, network architects, software developers and security specialists designed a digital signature system that could provide exabyte-scale real-time authentication for all the world’s networked digital assets.
The new approach was designed from the ground up using only hash-function cryptography with dimensions of verification including time, integrity and identity and with the following design goals:
Scale-Free: The system should be able to sign and verify an exabyte per second.
Trust-Free: Does not rely on key-stores, administrators or trusted third parties.
Portable: Data can be verified even after that data has crossed organizational boundaries.
Real-Time: The signatures should be able to be verified in real-time.
Indefinite Expiry: The signatures should not have an operational lifetime.
Carrier Grade: The system should be able to deliver 99.999% availability.
Offline: The system should not require network connectivity for verification.
Post-Quantum: The system should be work assuming functioning quantum computers i.e. they cannot rely on traditional asymmetric key or elliptic curve cryptography.
Implications for the Industrial Internet: Audit, Compliance, Security, Forensics and Identity
Audit: Immutable and Self Auditing InfrastructureFor instance, applications are now becoming independent of the infrastructure components relying on IaaS, PaaS and obviously SaaS. Growing from there, Software Defined Data Centers are now being created where an application can be fully independent of an Infrastructure and could move from one to another without any code revision.
This snapshot in time is completely inadequate for a world of continuously communicating 50 billion machines. Dynamic attestation, on other hand can provide real-time assurance that the state of security and controls and the virtual environment itself is in the correct state independently from any auditor or trusted party.
Security
Subsequently with this real-time awareness, real-time incident response, real-time data-loss prevention, investigation, and/or network resilience it is now possible to detect and react to any misconfiguration, network and/or component/application failure.
Let’s look at possible integrity and confidentiality breaches for the Industrial Internet.
|
Integrity Breach |
Confidentiality Breach |
Your Car |
Your braking system stops working. |
Your braking patterns are exposed. |
Your Flight |
Your plane’s instruments report that you are 1,000 feet lower than you actually are |
Your flight plan is posted on the Internet. (note: it already is) |
Your Local Power Station |
Critical systems compromised leading to shutdown or catastrophic failure |
Your electricity bill is published online. |
Your Pacemaker |
Shutdown and death |
Your heatbeat becomes public knowledge. |
Your Home |
Your security system is remotely disabled |
The contents of your fridge are “leaked”. You drink how much beer? |
Reality is that because of history the focus of almost all security to date has been on confidentiality of data in motion when in reality what is needed for the Industrial Internet is integrity of data at rest. Indeed confidentiality and integrity are opposite problems and because of the lack of tools available security professionals have been limited to a single tool to address both (PKI). Indeed most modern attacks are caused by integrity breaches - which then leads to a data or confidentiality breach - in essence confidentiality is what you get when you have integrity. Don't take our word for it - here is what the US military have to say about integrity in cyberspace:
"The nation’s top military officer said the United States lacks a strategy for cybersecurity, and data integrity remains one of the biggest security concerns for the Defense Department."
Speaking today at a conference on disruptive military technologies, sponsored by the Atlantic Council, Joint Chiefs Chairman Gen. Martin Dempsey warned the nation remains unprepared for a major cyber-attack."
Indeed it feels that digital forensics hasn’t advanced much since the 1980s. The status quo is still for an investigator to use imaging tools and try and figure out what happened after the fact.
By integrating KSI in to the fabric of cloud computing everything that happens automatically comes with independent verification, chain of custody and portability of evidence across organizational and service provider boundaries baking in mathematically provable and legally admissible evidence.
It’s a change in mindset from “ex post-facto” i.e. forensics done after the incident, to one of “in situ” i.e. “in place”, forensic auditability is intrinsic to the system.
Extending Ronald Reagan’s doctrine to Cyberspace
Today in Estonia we have the honor of hosting US President Barack Obama and presenting to him our view of cybersecurity and how a nation like Estonia can defend itself in the digital realm.
However it was in fact a previous US President, Ronald Reagan who paved the way for thinking about verification and mutual auditability between actors where trust is low (such as cloud computing). Reagan’s solution was “доверяй, но проверяй” a Russian saying that was translated for Ronald Reagan and became his signature phrase “Trust, but Verify”.
This worked in the physical world of nuclear weapons because it was possible to have extensive verification procedures to monitor compliance on both sides.
What however of the digital world? How to verify anything at all when all activity is represented in digital form and easily manipulated without leaving a trace?
KSI achieves exactly that for the digital world – it is possible for outsiders to verify everything that happens to data, independently from those who manage the data.
When presented with KSI the first reaction of most technicians is disbelief – how can you prove time without a trusted time source? How can you authenticate an exabyte of data within a single second?
Typically, after the multi-hour math fight the understanding dawns and the implications are understood – for cyber security, for insurance, for financial transactions, for health-care and for governance – it is now possible to eliminate the need for trusted authorities to validate electronic information.
Quantum-Immune Machine Identity Management
PKI was designed for humans to authenticate themselves across insecure channels - not for a world of 50 billion continuously on, continuously communicating machines.
Even more significant for PKI is that the underlying signature algorithm, RSA, will be comprehensively broken in a world of practical quantum computers. Whatever your view on quantum-computing, the world's leading nation states have put an end of life date on RSA as 2016 - and there is no alternative - yet.
Conclusion
The cost of ineffective cybersecurity, the lack of transparency, the inability to conduct forensic audits, the inability to implement effective governance are challenges that need to be addressed for as the global industrial system converges with the power of advanced computing and analytics to create the Industrial Internet.
KSI, delivered as a core network service to world governments and global corporations via their telecommunication and mobile infrastructure partners it is possible to meet all the security, audit, integrity and compliance requirements that are so desperately needed for the dawn of the age of machines.
To quote Victor Hugo: “Nothing is as powerful as an idea whose time has come”.
For KSI and the Industrial Internet that time is now.