New cybersecurity tech treats keys like the Colonel's secret recipe
Cybersecurity is a growing concern as more and more critical infrastructure can be exposed to hacks through the internet. Now, Australian engineers have developed and demonstrated a new technique called “ineffable cryptography,” which treats keys like the Coca-Cola secret formula.
Traditional passwords are inconvenient to users, which may also contribute to them being fairly to crack. Other methods, like keys and multifactor authentication, can be expensive and overly complicated while still having their own vulnerabilities.
“Ultimately, these approaches blindly trust the secrets that protect a system to individuals that hold the keys to the kingdom, an Achilles’ heel that today’s state of the art doesn’t address,” said Michael Loewy, Co-Founder of tech startup Tide Foundation.
In a new study from Tide and RMIT University, scientists have demonstrated a new cybersecurity technology they call ineffable cryptography. Essentially, rather than storing keys on any one server, it splits them up and distributes them across the network, so that no single user – whether authorized or not – has a full key. That means each server doesn’t have full access to the processes or assets those keys unlock. In a way, it's similar to how the secret recipes for Coca-Cola or KFC reportedly remain secret by only ever giving individual insiders part of the formula.
“It means no single point of failure or compromise and ultimately, keys that you can’t steal, lose or misuse,” said Loewy. “The applications enabled by this technology go well beyond cybersecurity for critical infrastructure to include securing identities, health information, financial systems, and privacy in AI applications.”
The team tested its ineffable cryptography on the cloud supercomputing facility RACE, by integrating it with a method for remote infrastructure management. With the help of industry partners, the test runs proved successful.
“The resulting project moves from the theoretical to the commercial and elevates the security benefits beyond key-base access control, without the complexity and cost,” said Dr. Robert Shen, Director of RACE.
The team hopes that the technique could help protect businesses and critical infrastructure from the growing threat of cyberattacks.
The research is available in pre-print on ArXiv.
Source: RMIT University