How can remote access to sensitive Defence Networks over public network be protected against intrusion.

UK Ministry of Defence wanted to enable remote access over public data network to their existing sensitive networks.

Clearly there would be needed a high grade solution that could provably resist envisaged attacks. In particular, the problem of complicit Users denying access by alluding to possible compromise in access needed to be eliminated.

Obliterating the repudiation denial also resulted in a powerful deterrent. In order to eliminate vulnerabilities in existing authentication products, a radical approach to federated Identity Assurance was developed.

The logical start is to critique the weakness in existing products. For example, Passwords, Out of Band and One Time Generators are regarded as having weak security and have proven failures; refer to NIST Digital Identity Guidelines. Software only techniques based on machine learning and artificial intelligence has intrinsic flaws. The most permissive usage – usually required by C level executives, become the easiest targets and you have to have a very busy administrative team on call to handle legitimate exceptions. Importantly, there is no detection of compromise.

FIDO and similar variants are designed to remove passwords as they are linked to the URL to be accessed not to the User. If stolen, they continue to work- making an excellent excuse for repudiation of access. Zero Knowledge methods work as long as the algorithm and data points have not be leaked by the Service provider; if they have been, compromise is undetectable.

In both FIDO and Zero Knowledge methods, since there is no link to specific user, they cannot be immediately suspended and personal usage analytics are not possible. We designed a system that did not depend on having fixed secrets so they was nothing for a hacker to target or for a complicit Insider to disclose.

Value was delivered by:

• Reduce Risk of fines and reputational damage as no vulnerability in the access method could allow repudiation of liability
• Enable Better Business Agility remote users could access, from remote locations, legacy applications hosted in sensitive networks
• Enhanced Reputation as overall risk to the Network was greatly diminished.
• Make more informed, data driven decisions as data was timely updated

• cyber security
• Network Security
• cloud technologies
• digital transformation
• Identity Platforms
• Identity Assurance

• Organisational Agility & Effectiveness
• BI & Analytics
• Purpose to Portfolio