“Human beings are cybersecurity’s weakest link”
What is “Cyber Herd Immunity” and “blind secret processing”? How does a decentralized system prevent vulnerabilities? We spoke with Yuval Hertzog, Co-Founder and Technology Head at the Tide Foundation about security-centric solutions, PRISM authentication, and more.
JAXenter: Considering recent security breaches, now more than ever, enterprises need to be focused on making security their first priority. What is the first action that companies should take when refocusing their efforts to be more security-centric?
Yuval Hertzog: It’s a fascinating question because on the surface, the answer has been consistent over the decades. Now the question is relevant because the base premise of cybersecurity has changed. The general consensus has been that in order to improve security, the number one priority of an enterprise is to raise awareness: you raise security consciousness with customers, employees and suppliers. Any CISO will tell you that — human beings are cybersecurity’s weakest link. What’s interesting about this today is the “why.”
It used to be that people just weren’t aware of cyber risks and how to mitigate them with behavioral change and better utilization of the defensive technology at their disposal. Now there is unprecedented awareness, but it’s still not helping. Global damages from cybercrime rose to an unprecedented $6 trillion this year, and despite the also-record-breaking $254bn investment in cybersecurity. This suggests that cybersecurity is simply unequipped to tackle modern threats, even with awareness.
These days, when the right person is compromised, the systems that person has authority over are compromised too. This is why humans are still the weakest link. The most important question companies should consider today to be more security-centric is “how much is your security strategy based on blind trust?” How much do you trust top executives with over-arching security credentials? How much trust is placed in their identity and access-management processes and systems? How much trust do they put their network perimeter security devices to operate as specified? Companies now must consider replacing this misplaced trust with the ability to continuously verify.
JAXenter: How does a decentralized system prevent vulnerabilities and protect crucial information?
Yuval Hertzog: Unlike a distributed system, a decentralized system can offer a solution to the underlying problem of reliance on blind trust. A properly designed and implemented decentralized system automatically assumes that a person with the highest authority has been or will be compromised by malicious parties – but the system is guaranteed to continue flawless and secure operations. Full trustlessness of a system (e.g. the reduction of trust to zero) is achieved when the nodes making it are evenly distributed across different and unaffiliated organizations, and every assumption regarding the operation of the system can be verified. When applying trustlessness on a system, vulnerabilities become irrelevant, not because they cease existing, but because they are assumed. When that same methodology is applied to information protection, the assumption is that malicious actors can indeed reach it, but there exists a native mechanism to verify they can’t access it.
JAXenter: Could you explain what “Cyber Herd Immunity” means?
Yuval Hertzog: As it became evident that the current cybersecurity approach just isn’t working, Tide introduced an entirely new paradigm that we call “Cyber Herd Immunity”. In a reality that forces us to accept that a breach is inevitable, imagine that if to breach a single organization, an attacker had to breach an entire network of organizations. Tide’s technology is the first to harness the scale of the internet and allow the mass aggregated strength of an entire network of organizations to protect each other against malicious attacks of any scale, whether they’re a multinational or a small business.
Tide’s “cyber herd immunity” tames the “herd” into a single, cohesive “guardian” that is virtually impossible to compromise. That guardian protects an organization’s most sensitive digital assets – whether it’s their data, funds or critical infrastructure – by managing the cryptographic keys securing these assets.
Having those keys handled exclusively by Tide’s guardian, outside of the organization, gives these organizations the assurance that even when breached, there’s nothing to find, because their assets remain locked. When anyone needs legitimate access to an asset, they make a request to the guardian, which authenticates and validates the request, and provides one-time access to the requester for the requested asset – allowing organizations to continue operating as they did before.
JAXenter: What is “blind secret processing” and what is its use case?
Yuval Hertzog: For an entire network of unaffiliated organizations to jointly cooperate as one cohesive entity that provides ironclad security, sophisticated coordination is required. To guarantee that no organizations in this network can pose a threat to others, whether maliciously or accidently, that coordination needs to be nothing less than miraculous. To achieve that, Tide invented “blind secret processing” – a breakthrough in cryptography that manages secrets that no one can ever access, not even Tide. Using this novel invention, each cryptographic key is created in an already fragmented state across a decentralized network of unaffiliated nodes and is never assembled. This introduces security levels that are orders of magnitude greater than anything on the market.
Using a simple API call, organizations can request each node to use its key fragment to perform a small part of a cryptographic operation, like authentication, decryption or signing. The nodes then reply with meaningless puzzle pieces that only an authorized requester can assemble into a meaningful result – leaving everyone else in the blind. All this, without any centralized coordination effort and with a mathematical guarantee that no single node can compromise the key, the asset or the process of the asset being unlocked – a guarantee that anyone can verify, whether it’s the organization’s platform developer, the security manager or the end-users using it.
JAXenter: Previously, Tide worked on a technology that splinters passwords into pieces. Could you tell us about that; how does it work?
Yuval Hertzog: Tide’s password splintering was the first breakthrough in fully decentralized user authentication technology. The current best practice for user authentication is achieved by organizations holding an artifact of the user’s password to compare to each time the user authenticates. Usually, these artifacts are a copy of the password, but are encoded in a cryptographic “hash,” “salt” and “pepper” to protect against theft. Unfortunately, any existing centralized mechanism like this is susceptible to takeovers by malicious actors – even and especially if that actor is a highly-privileged employee. Once such a takeover occurs, an attacker can perform “offline brute-force attacks” on all the artifacts and extract all users’ credentials from it. This has proven to be a reality, regardless of what technology or security level was employed.
The splintering concept was very similar to that best practice, but with a major difference — each artifact was split and distributed across a decentralized network – where each of the nodes would perform an authentication and reach a consensus between them. In a study Tide did, splintering was found to increase security levels by about 14,000,000 times. While that offered significant improvement, later research found that because artifacts of the password still remained in the network, it was theoretically possible to still perform an offline-brute-force-attack, although it would have taken far longer and yielded only one record.
JAXenter: What can you tell us about PRISM authentication? How does it work and what are its security benefits?
Yuval Hertzog: PRISM is the 3rd and latest iteration of Tide’s decentralized password authentication that superseded splintering and currently offers the strongest and most secure scheme, raising previous security levels by hundreds of orders of magnitude and bringing it very close to the strength of public-key cryptography.
In PRISM authentication the password never leaves the user’s environment, not in any form or even in an artifact of it. It thus removes all attack vectors external to the user’s environment, such as man-in-the-middle attacks, a compromised server, a compromised network, offline attacks, online attacks, brute-force/rainbow attacks, etc. Additionally, Tide introduced a strength previously non-existent in the market: resilience against a fully active man-in-the-middle (proxy) attack – even if that proxy is a malicious/compromised network node.
The way PRISM works, and the reason it is called PRISM, is by having the user’s password solve a challenge that requires a specific cryptographic key, with that key being the “reflection” of the password through a prism that only the server has. All this occurs without the password ever being revealed to the server, without the key ever being revealed to any party, without the prism ever being revealed to the user, and because of the decentralized nature of the “server”, the server’s prism is never revealed to any of the nodes (i.e. to itself!). The PRISM process is extremely efficient, fast and highly scalable. Tide developed it to work in a fully decentralized environment – so the prism itself is spread across a large cluster of unaffiliated servers.
JAXenter: Do you believe that the future could potentially be passwordless and depend on multi-factor authentication or other personal verification methods? Would that be an improvement on the current model?
Yuval Hertzog: I believe the discussion around the different factors of authentication is almost insignificant in the long run – as it’s not solving anything rather moving the problem elsewhere. It does indeed make the challenge of compromising the authentication harder for bad actors, but not without an additional burden on end users.
The purpose of any factor of authentication is to establish 3 elements: the identity of the user, their authorized privileges, and their intent to perform an action. All 3 are required to establish the momentary authority of a user in a certain activity within a system.
The problem this highlights is that when the user is granted with authority, it means it was bestowed or delegated by a higher or superior authority in that system – and therein lies the problem – because it requires the system to have absolute power over the user and its representation in that system. To put it simply: an administrator can easily masquerade freely as any user in that system. If that administrator is compromised or malicious, the implications are catastrophic.
An improvement on that model would be a move towards a Self-Sovereign Authority model based on trustless technologies that reveal nothing about the user or their identity, and prevents anyone from acting within a system without their verified authority. In a Self-Sovereign Authority model, authentication is handled outside the system, through an open, decentralized network that the user doesn’t need to trust. The number of factors being used for the authentication will solely depend on the sensitivity of the activity sought.
I personally believe that because authentication processes are required to establish intent, some integration with the human brain, together with the establishment of some sort of unique-brain-signature, would be the optimal method.