The Times Australia
The Times World News

.

There are systems 'guarding' your data in cyberspace – but who is guarding the guards?

  • Written by Joanne Hall, Senior Lecturer in Mathematics and Cybersecurity, RMIT University
There are systems 'guarding' your data in cyberspace – but who is guarding the guards?

We use internet-connected devices to access our bank accounts, keep our transport systems moving, communicate with our colleagues, listen to music, undertake commercially sensitive tasks – and order pizza. Digital security is integral to our lives, every day.

And as our IT systems become more complex, the potential for vulnerabilities increases. More and more organisations are being breached, leading to financial loss, interrupted supply chains and identity fraud.

The current best practice in secure technology architecture used by major businesses and organisations is a “zero trust” approach. In other words, no person or system is trusted and every interaction is verified through a central entity.

Unfortunately, absolute trust is then placed in the verification system being used. So breaching this system gives an attacker the keys to the kingdom. To address this issue, “decentralisation” is a new paradigm that removes any single point of vulnerability.

Our work investigates and develops the algorithms required to set up an effective decentralised verification system. We hope our efforts will help safeguard digital identities, and bolster the security of the verification processes so many of us rely on.

Never trust, always verify

A zero trust system implements verification at every possible step. Every user is verified, and every action they take is verified, too, before implementation.

Moving towards this approach is considered so important that US President Joe Biden made an executive order[1] last year requiring all US federal government organisations to adopt a zero trust architecture. Many commercial organisations are following suit.

Read more: Zero-trust security: Assume that everyone and everything on the internet is out to get you – and maybe already has[2]

However, in a zero trust environment absolute faith is (counter intuitively) placed in the validation and verification system, which in most cases is an Identity and Access Management (IAM) system. This creates a single trusted entity which, if breached, gives unencumbered access to the entire organisations systems.

An attacker can use one user’s stolen credentials (such as a username and password) to impersonate that user and do anything they’re authorised to do – whether it’s opening doors, authorising certain payments, or copying sensitive data.

However, if an attacker gains access to the entire IAM system, they can do anything the system is capable of. For instance, they may grant themselves authority over the entire payroll.

In January, identity management company Okta[3] was hacked. Okta is a single-sign-on service that allows a company’s employees to have one password for all the company’s systems (as large companies often use multiple systems, with each requiring different login credentials).

Following Okta’s hack, the large companies using its services had their accounts compromised – giving hackers control over their systems. So long as IAM systems are a central point of authority over organisations, they will continue to be an attractive target for attackers.

Decentralising trust

In our latest work, we refined and validated algorithms that can be used to create a decentralised verification system, which would make hacking a lot more difficult. Our industry collaborator, TIDE[4], has developed a prototype system using the validated algorithms.

Currently, when a user sets up an account on an IAM system, they choose a password which the system should encrypt and store for later use. But even in an encrypted form, stored passwords are attractive targets. And although multi-factor authentication is useful for confirming a user’s identity, it can be circumvented.

If passwords could be verified without having to be stored like this, attackers would no longer have a clear target. This is where decentralisation comes in.

Instead of placing trust in a single central entity, decentralisation places trust in the network as a whole, and this network can exist outside of the IAM system using it. The mathematical structure of the algorithms underpinning the decentralised authority ensure that no single node that can act alone.

Decentralisation (the same concept which underpins the blockchain) refers to a transference of authority within a system, from a central point of control, to several different entities. Shutterstock

Moreover, each node on the network can be operated by an independently operating organisation, such as a bank, telecommunication company or government departments. So stealing a single secret would require hacking several independent nodes.

Even in the event of an IAM system breach, the attacker would only gain access to some user data – not the entire system. And to award themselves authority over the entire organisation, they would need to breach a combination of 14 independently operating nodes. This isn’t impossible, but it’s a lot harder.

But beautiful mathematics and verified algorithms still aren’t enough to make a usable system. There’s more work to be done before we can take decentralised authority from a concept, to a functioning network that will keep our accounts safe.

Read more https://theconversation.com/there-are-systems-guarding-your-data-in-cyberspace-but-who-is-guarding-the-guards-183041

Times Magazine

Building a Strong Online Presence with Katoomba Web Design

Katoomba web design is more than just creating a website that looks good—it’s about building an online presence that reflects your brand, engages your audience, and drives results. For local businesses in the Blue Mountains, a well-designed website a...

September Sunset Polo

International Polo Tour To Bridge Historic Sport, Life-Changing Philanthropy, and Breath-Taking Beauty On Saturday, September 6th, history will be made as the International Polo Tour (IPT), a sports leader headquartered here in South Florida...

5 Ways Microsoft Fabric Simplifies Your Data Analytics Workflow

In today's data-driven world, businesses are constantly seeking ways to streamline their data analytics processes. The sheer volume and complexity of data can be overwhelming, often leading to bottlenecks and inefficiencies. Enter the innovative da...

7 Questions to Ask Before You Sign IT Support Companies in Sydney

Choosing an IT partner can feel like buying an insurance policy you hope you never need. The right choice keeps your team productive, your data safe, and your budget predictable. The wrong choice shows up as slow tickets, surprise bills, and risky sh...

Choosing the Right Legal Aid Lawyer in Sutherland Shire: Key Considerations

Legal aid services play an essential role in ensuring access to justice for all. For people in the Sutherland Shire who may not have the financial means to pay for private legal assistance, legal aid ensures that everyone has access to representa...

Watercolor vs. Oil vs. Digital: Which Medium Fits Your Pet's Personality?

When it comes to immortalizing your pet’s unique personality in art, choosing the right medium is essential. Each artistic medium, whether watercolor, oil, or digital, has distinct qualities that can bring out the spirit of your furry friend in dif...

The Times Features

How much money do you need to be happy? Here’s what the research says

Over the next decade, Elon Musk could become the world’s first trillionaire[1]. The Tesla board recently proposed a US$1 trillion (A$1.5 trillion) compensation plan, if Musk ca...

NSW has a new fashion sector strategy – but a sustainable industry needs a federally legislated response

The New South Wales government recently announced the launch of the NSW Fashion Sector Strategy, 2025–28[1]. The strategy, developed in partnership with the Australian Fashion ...

From Garden to Gift: Why Roses Make the Perfect Present

Think back to the last time you gave or received flowers. Chances are, roses were part of the bunch, or maybe they were the whole bunch.   Roses tend to leave an impression. Even ...

Do I have insomnia? 5 reasons why you might not

Even a single night of sleep trouble can feel distressing and lonely. You toss and turn, stare at the ceiling, and wonder how you’ll cope tomorrow. No wonder many people star...

Wedding Photography Trends You Need to Know (Before You Regret Your Album)

Your wedding album should be a timeless keepsake, not something you cringe at years later. Trends may come and go, but choosing the right wedding photography approach ensures your ...

Can you say no to your doctor using an AI scribe?

Doctors’ offices were once private. But increasingly, artificial intelligence (AI) scribes (also known as digital scribes) are listening in. These tools can record and trans...