Learning from Internet History

“Those who cannot remember the past are condemned to repeat it”

            - George Santayana                                    

When the inventors of the Internet implemented their ideas for communication they weren’t thinking about security. Indeed at the time there was little justification for thinking about security and  no one could ever have predicted the profound impact and trillion dollar industries that have been built based on their invention. 

The reality is that there has been little  fundamental innovation in security in the last 40 years. PKI still remains the only tool in the cryptographic toolshed for authenticating data but the model is based on centralized trust authorities which is in direct opposition to distributed open systems such as the Internet. 

PKI relies on trust authorities (a Certificate Authority, CA in the case of identity or a Time Stamp Authority (TSA) in the case of time). As we outlined in a previous post, if all you have is a PKI hammer, then everything looks like a nail

PKI was invented so that two parties can share a secret across an insecure channel – and for that purpose and that purpose alone it has been a massive success, as implemented in protocols such as TLS.

For everything else, and especially for authentication of data at rest the complexities and cost of key management make it impossible to scale. 1990 to 2000 were the “Years of PKI”.  Nothing materialized then and in 2014 nothing much has changed. Like eating spaghetti with a spoon, it is the wrong tool for the job.

What is Keyless Signature Infrastructure?

After suffering a crippling, prolonged national-scale cyberattack, Estonia recognized that a new approach was needed to restore and guarantee trust in digital systems. 

Under the auspices of the Estonian Government and the small country’s private sector, in 2007 a team of Estonian cryptographers, network architects, software developers and security specialists designed a digital signature system that could provide exabyte-scale real-time authentication for all the world’s networked digital assets. 

The new approach was designed from the ground up using only hash-function cryptography with dimensions of verification including time, integrity and identity and with the following design goals:

Scale-Free: The system should be able to sign and verify an exabyte per second.

Trust-Free: Does not rely on key-stores, administrators or trusted third parties.

Portable: Data can be verified even after that data has crossed organizational boundaries.

Real-Time: The signatures should be able to be verified in real-time.

Indefinite Expiry: The signatures should not have an operational lifetime.

Carrier Grade: The system should be able to deliver 99.999% availability.

Offline: The system should not require network connectivity for verification.

Post-Quantum: The system should be work assuming functioning quantum computers i.e. they cannot rely on traditional asymmetric key or elliptic curve cryptography.

Implications for the Industrial Internet: Audit, Compliance, Security, Forensics and Identity

Audit: Immutable and Self Auditing Infrastructure

After a couple of decades of consumerization of the internet, the manual efforts to maintain technologies and underlying infrastructures became unsustainable. As a result, new technologies were developed to reduce these manual efforts and provide “everything as a service”.  

For instance, applications are now becoming independent of the infrastructure components relying on IaaS, PaaS and obviously SaaS. Growing from there, Software Defined Data Centers are now being created where an application can be fully independent of an Infrastructure and could move from one to another without any code revision.  

The cost savings of developing an application once and being able to move it anywhere in your ecosystem are simply massive.  Additional technology innovations such an analytics and big data are enabling our ability to self-learn from customers behaviors and drive improved consumerization of products across the world.  Further self-learning technology allows IT operators to predict when infrastructure or applications approach failing states and even newer technologies allow them to “self-heal” before an impacting incident.  

We now have self-learning, self-analyzing, self-healing systems but the process of auditing them remains complex, particularly in environments where compliance controls are inherently important.  

And therein lies the value of KSI technology where you not only can provide self-auditing capabilities to these systems, but you can further enable the growth of self-managed systems that compliance and control concerns were previously limiting.

Compliance: Dynamic Attestation

The state of the compliance art in cloud computing is for third party auditors to conduct an infrastructure and security audit once per year and certify that a provider is in compliance with specified regulations and guidelines. 

This snapshot in time is completely inadequate for a world of continuously communicating 50 billion machines. Dynamic attestation, on other hand can provide real-time assurance that the state of security and controls and the virtual environment itself is in the correct state independently from any auditor or trusted party.

Security

By integrating KSI into the fabric of the Industrial Internet every component, configuration, and digital asset can be tagged, tracked, and located with real-time verification no matter where that asset is transmitted or stored. 

Subsequently with this real-time awareness, real-time incident response, real-time data-loss prevention, investigation, and/or network resilience it is now possible to detect and react to any misconfiguration, network and/or component/application failure. 

Integrity and Confidentiality

Let’s look at possible integrity and confidentiality breaches for  the Industrial Internet. 
  


Integrity Breach

Confidentiality Breach

Your Car

Your braking system stops working.

Your braking patterns are exposed.

Your Flight

Your plane’s instruments report that you are 1,000 feet lower than you actually are

Your flight plan is posted on the Internet. (note: it already is)

Your  Local Power Station

Critical systems compromised leading to shutdown  or catastrophic failure

Your electricity bill is published online.

Your Pacemaker

Shutdown and death

Your heatbeat becomes public knowledge.

Your Home

Your security system is remotely disabled

The contents of your fridge are “leaked”. You drink how much beer? 


Reality is that because of history the focus of almost all security to date has been on confidentiality of data in motion when in reality what is needed for the Industrial Internet is integrity of data at rest. Indeed confidentiality and integrity are opposite problems and because of the lack of tools available security professionals have been limited to a single tool to address both (PKI). Indeed most modern attacks are caused by integrity breaches - which then leads to a data or confidentiality breach - in essence  confidentiality is what you get when you have integrity.  Don't take our word for it - here is what the US military have to say about integrity in cyberspace:

"The nation’s top military officer said the United States lacks a strategy for cybersecurity, and data integrity remains one of the biggest security concerns for the Defense Department."

Speaking today at a conference on disruptive military technologies, sponsored by the Atlantic Council, Joint Chiefs Chairman Gen. Martin Dempsey warned the nation remains unprepared for a major cyber-attack."

Forensics

As the computing paradigm shifts from the traditional on premise model with enterprises owning and controlling their own infrastructure to an outsourced cloud model where compute, storage and networking are all shared resources the need for a forensics rethink becomes ever more apparent – traditional forensics technologies are struggling to keep up with technological progress. 

Indeed it feels that digital forensics hasn’t advanced much since the 1980s. The status quo is still for an investigator to use imaging tools and try and figure out what happened after the fact.

A Change in Mindset: From Ex Post Facto to In Situ

By integrating KSI in to the fabric of cloud computing everything that happens automatically comes with independent verification, chain of custody and portability of evidence across organizational and service provider boundaries baking in mathematically provable and legally admissible evidence.

It’s a change in mindset from “ex post-facto” i.e. forensics done after the incident, to one of “in situ” i.e. “in place”, forensic auditability is intrinsic to the system.

Extending Ronald Reagan’s doctrine to Cyberspace

Today in Estonia we have the honor of hosting US President Barack Obama and presenting to him our view of cybersecurity and how a nation like Estonia can defend itself in the digital realm. 

However it was in fact a previous US President, Ronald Reagan who paved the way for thinking about verification and mutual auditability between actors where trust is low (such as cloud computing). Reagan’s  solution was “доверяй, но проверяй” a Russian saying that was translated for Ronald Reagan and became his signature phrase “Trust, but Verify”. 

This worked in the physical world of nuclear weapons because it was possible to have extensive verification procedures to monitor compliance on both sides. 

What however of the digital world? How to verify anything at all when all activity is represented in digital form and easily manipulated without leaving a trace? 

KSI achieves exactly that for the digital world – it is possible for outsiders to verify everything that happens to data, independently from those who manage the data. 

When presented with KSI the first reaction of most technicians is disbelief – how can you prove time without a trusted time source? How can you authenticate an exabyte of data within a single second? 

Typically, after the multi-hour math fight the understanding dawns and the implications are understood – for cyber security, for insurance, for financial transactions, for health-care and for governance – it is now possible to eliminate the need for trusted authorities to validate electronic information.

Quantum-Immune Machine Identity Management

PKI was designed for humans to authenticate themselves across insecure channels - not for a world of 50 billion continuously on, continuously communicating machines.  

Even more significant for PKI is that the underlying signature algorithm, RSA, will be comprehensively broken in a world of practical quantum computers. Whatever your view on quantum-computing, the world's leading nation states have put an end of life date on RSA as 2016 - and there is no alternative - yet. 

Conclusion

The cost of ineffective cybersecurity, the lack of transparency, the inability to conduct forensic audits, the inability to implement effective governance are challenges that need to be addressed for as the global industrial system converges with the power of advanced computing and analytics to create the Industrial Internet.

KSI, delivered as a core network service to world governments and global corporations via their telecommunication and mobile infrastructure partners it is possible to meet all the security, audit, integrity and compliance requirements that are so desperately needed for the dawn of the age of machines.

To quote Victor Hugo: “Nothing is as powerful as an idea whose time has come”.

For KSI and the Industrial Internet that time is now.