We use internet-connected devices to access our bank accounts, keep our transport systems moving, communicate with our colleagues, listen to music, undertake commercially sensitive tasks – and order pizza. Digital security is integral to our lives, every day.
As our IT systems become more complex, the potential for vulnerabilities increases. More and more organizations are being breached, leading to financial loss, interrupted supply chains, and identity fraud.
The current best practice in secure technology architecture used by major businesses and organizations is a “zero trust” approach. In other words, no person or system is trusted and every interaction is verified through a central entity.
Unfortunately, absolute trust is then placed in the verification system being used. So breaching this system gives an attacker the keys to the kingdom. To address this issue, “decentralization” is a new paradigm that removes any single point of vulnerability.
Our work investigates and develops the algorithms required to set up an effective decentralized verification system. We hope our efforts will help safeguard digital identities, and bolster the security of the verification processes so many of us rely on.
Never trust, always verify
A zero-trust system implements verification at every possible step. Every user is verified, and every action they take is verified, too, before implementation.
Moving towards this approach is considered so important that U.S. President Joe Biden made an executive order last year requiring all U.S. federal government organizations to adopt a zero-trust architecture. Many commercial organizations are following suit.
However, in a zero-trust environment, absolute faith is (counter-intuitively) placed in the validation and verification system, which in most cases is an Identity and Access Management (IAM) system. This creates a single trusted entity, which, if breached, gives unencumbered access to the entire organization’s systems.
An attacker can use one user’s stolen credentials (such as a username and password) to impersonate that user and do anything they’re authorized to do – whether it’s opening doors, authorizing certain payments, or copying…