Is integrity more imperative than encryption?
Money disappearing from your bank account is more of a major concern than exposing your bank details over the internet. Failure of your heart is a more of a major concern than exposing your medical data over the internet. Hackers shutting down your server is more of a major concern than exposing your server’s content over the internet. So does integrity matter more than encryption?
Modern and next-generation security postures are crowded with encryption technology everywhere, such as at end-point security malware detection, anti-virus, firewalls, IDS/IPS, sandboxes, big data analytics, AI, proxies and TLS encryption.
Regardless of encryption everywhere, still unnoticed reconnaissance activities are flourishing and undetected, data breaches or compromises cannot be proven or verified, hackers are one step ahead of any kind of complex or advanced cybersecurity encrypted technologies that emphasize encryption more than integrity.
Unforeseen cyberattacks or data breaches cannot be prevented until known in a form of signatures, malware or bad files feeding into threat intelligence engines. Even the AI must learn before ready in order to tackle the zero-day or new attack types.
AI logic, “if else” works based on learnt information, and any not learnt information will consider the subject for inspection that creates more false positive – and could be overwhelming in some cases.
Modern cyber technology is very reactive or defensive, only reacting to the cyberattacks and data recovery led to the problem definition, identification, analysis and remediation. And changes may be applied to prevent the same type of attacks in the future. Even the offensive cyber tools are based on known vulnerabilities, targets, events and methods.
Deterrent control technology – a barking dog – is more important in today’s dimension of Advanced Persistence Threats (APT).
I want my cyberdogs on the loose, even with the entire cyber-army and logistic sleeping, the gang of cyberdogs would still bark on the Trojan horse to discourage!
API, code, people, process and technology have vulnerabilities or design flaws, termed as weakest security links. Leverage of the weakest security links exploitation may occur, and the breach or attempt to break the verified state of infrastructure components or data may be experienced. So a detection and deterrent mechanism should be in place.
KSI with blockchain (DLT: Distributed Ledger Technology) enables baseline infrastructure, or data state, and continues with each legitimate updates or events related to infrastructure equipment and its components by replacing with new hashed tag over the initial state of devices and functions, data or events that provides greater sense of integrity.
What is KSI?
Keyless Signature Infrastructure (KSI) instruments the digital assets and their components that made up systems and volatile status of the real-time data. For instance, binaries, configuration parameters, routing tables, data stores, event logs, net flow data – all are hash tagged at each instance at each intervals of time. The hashed tags are blockchain-generated values that protect the state of monitored objects in real-time (called data integrity) that are impossible to tamper.
Once KSI ingests a hash value representing asset data, it returns a KSI signature called authentication that can be used for independently asserting the existence of data integrity along with authentication with signing time and signing entity of that data. If unauthorized modification or tamper detected, the state of the object will trigger an alarm and changes the state of work to non-functional, fail-close or hard freeze.
KSI is based on two fundamental mechanisms:
- Signing with unique signature that are irreversible, fingerprint DNA (integrity)
- Context of timing and identity or signing combined in-built analytic with past history (real-time audit and authentication)
KSI innovation and blockchain
KSI blockchain is scalable, efficient and effective as it can process billions of transactions per second at a fixed constant rate over time. Since the global nodes are required to have common consensus to accept or verify the transactions, fast convergence and reliable network infrastructure are a must.
RSA (PKI) dominated centralized security verification for decades, but it is insecure as it shares a secret across an insecure channel (internet or intranet or extranet). Encryption key compromise triggers massive data leaks, and in some cases reputation damage, as experienced in the March 2016 FBI hacking Apple iPhone.
Data at rest authentication and encryption is complex and causes key management challenges of RSA scalability. Alternatively, KSI uses only strong hash functions for non-repudiation that will still remain secure upon the advent of quantum computers available for commercial practice.
KSI’s independent verification supersedes hierarchical trusted authorities, and centralized PKI types’ cumbersome level of verification will be replaced with a distributed consensus-based chained public leger, called blockchain technology. Each data flows and transitions within the networked nodes and perform intensive verification against the hashed value using the public, private or consortium ledger.
For instance, an artificial system is made up of various components, trusted and verified by various components owners. If a plane crashes, who would be liable – the plane manufacturer; the software supplier; a pilot; other hardware manufacturer; carrier; or traffic controller? Keyless data authentication does not rely on keys, secrets or trusted third parties, so the data is verified on its own by comparing hashed values without the need of trusted third parties.
KSI use cases
KSI is being adopted across global governments, and the technology is being standardized as real-time authentication and monitoring is made possible for IoT assets – including IoT devices, firmware, software, configurations, data stores, events and logs, data flows and location postures in compliance with regulatory risk management and framework guidance (NIST SP 800-53, CNSSI 1253, and ICD 503).
- IoT and using centralized PKI key is bad idea as PKI infrastructure is not scalable for large amounts of IoT devices and users’ certificate and key management. For hackers, everything is locked but once access is gained, stealing is piece of cake.
- Data at motion encryption and integrity have been a major emphasis over data at rest. Due to this stealing and espionage of data at rest over past years, KSI would have prevented mass extinction of data originality.
- In the enterprise arena, each infrastructure device, such as firewalls, IDS/IPS, routers, switches, proxies will be marked with asset hashed tag along with their firmware, event logs, binaries, memories and storage even configuration. Any alternation attempted on these devices and components will be considered subject or risks. These incidents are easily tagged, tracked and located for quick analysis.
- Real-time awareness is activated with KSI signature-based approach applied to data while any data modification or transitioning of data to an unintended party.
- Configurations are in digital objects, KSI signed, and if undetected malware infects or backdoor programs starts modifying configuration at the background, alarms are generated and SOC systems will instantly notify, trace the incident and terminate the ongoing malware activities.
KSI implication to IoT and network infrastructure
Sensing, detecting and reacting to events or logs intelligently in real-time is an important detection capability. An event is a change in state of the object or its components. So the latest updates with new hashing values are applied to each event to protect integrity.
For each event, hashed historical data are recorded and played back over time to discover and provide analysis against the hashed value for various purposes.
Each data must be verified to maintain the reliability and integrity by preserving time and authenticity or originality of data until its full destruction.
Authentication and authorization of IoT devices’ uniqueness and uniform state or status. For any firmware, OS or updates to flash, BIOS must be comply with regulations to preserve integrity, quality and originality and to mitigate the disorders.