Monday, October 14, 2024

Aussie tech breakthrough to protect critical infrastructure from cyber attacks

Must read

Decentralised authority means no-one holds the key

Tide Foundation Co-Founder, Michael Loewy, said traditional password-protected approaches to infrastructure access-control had proven insecure. 

Alternatives such as multifactor authentication and key-based access are expensive, carry their own vulnerabilities and can be overly complicated for users.  

“Ultimately, these approaches blindly trust the secrets that protect a system to individuals that hold the keys to the kingdom, an Achilles’ heel that today’s state of the art doesn’t address,” he said.

Tide’s ineffable cryptography, on the other hand, allows data and devices to be locked with keys that no-one will ever hold. 

It works by generating and operating keys, in secrecy, across a decentralised network of servers, each operated by independent organisations. 

Each server in the network can only hold part of a key: no one can see the full keys, nor the entirety of the processes they are partially actioning, nor the assets they are unlocking.

By spreading the process invisibly across the network, the keys that would-be hackers are seeking are never exposed.

“It means no single point of failure or compromise and ultimately, keys that you can’t steal, lose or misuse,” Loewy said.

“The applications enabled by this technology go well beyond cybersecurity for critical infrastructure to include securing identities, health information, financial systems, and privacy in AI applications.”

Industry collaboration to build a cutting-edge solution

RMIT has been collaborating for three years with Tide – which amongst other accolades won Australian Information Security Association’s Cyber Startup of the Year in 2021. 

The technology’s bold claims have been scientifically validated during this collaboration, which has involved RMIT’s own Chief Information Security Officer, top mathematicians and cybersecurity experts in the School of Science and Centre for Cyber Security Research and Innovation.

Most recently, a select group of cybersecurity students, supported by the RMIT Cloud Innovation Centre and RMIT’s AWS Cloud Supercomputing Hub (RACE), worked with industry partners to help them test the technology and prove its ability to solve critical infrastructure security challenges in ways that weren’t previously possible.  

RACE is Australia’s first university cloud supercomputing facility, allowing researchers, students and industry partners to test ideas and solutions together more than 100 times faster than existing on-site servers.

RACE Director Dr Robert Shen said the student project, ‘KeyleSSH’, focused on integrating the Tide technology with SSH – a method for remote infrastructure management – then testing it with multiple industry partners. 

“The resulting project moves from the theoretical to the commercial and elevates the security benefits beyond key-base access control, without the complexity and cost,” Shen said.

“This project showcases a key element of what RACE brings to RMIT: empowering our researchers and industry partners with the tools and infrastructure necessary to enhance operational efficiency and accelerate innovation.”

Latest article