Deakin University researchers prove TIDE's tech breakthrough into ZeroTrust cyber security
Media release
Cyber-attacks are a $7 trillion global liability, best described as modern-day terrorism in a digital form.
Now, Deakin researchers, in partnership with IT deep-tech start-up, the TIDE Foundation, have proved the security of TIDE's new technology, known as PRISM. PRISM promises to remove the Achilles Heel currently leaving all organisations vulnerable.
"TIDE's Zero Trust decentralised authentication turns humans from being a system's greatest vulnerability to an extra layer of added security," said Deakin University Director of the Centre for Cyber Resilience and Trust (CREST), Professor Robin Doss. "This forces a bad actor to breach the core of a system and each of the users' credentials, that are spread across a network of other systems, to obtain complete access – adding complexity orders of magnitude greater than today’s best practice."
Cyber breaches have not only crippled critical organisations for extended periods of time (Colonial Pipeline 2021) but also placed corporations at the mercy of demands from anonymous virtual intruders, resulting in subsequent customer class actions (Optus 2022) and the exposure of personal information (Medibank 2022).
"Right now, everything from our health system to telcos to the Australian government is fair game for cyber attackers," said Professor Doss. "We have little choice but to blindly trust the identity system of a corporation to closely guard our most private information and yet if that identity system or the people who administer it are compromised, or even if someone just makes a mistake as all humans do, then every digital asset of that organization is at risk.
This poses significant risk of liability and identity theft to every user. However, this breakthrough presents a new reality."
Today, user authentication mechanisms largely rely on implicit trust in those systems and the staff that manage it, with no way of verifying whether the system has been compromised by a supply-chain attack or by a privileged administrator account.
In response, new approaches in cryptography – securing something mathematically – have gained traction as the most effective promising approach to mitigate trust-dependant threats.
"Current user authentication and authorization systems are not fool proof," said Professor Doss. "They're managed by humans and are at high risk of compromise. We may as well print our passwords or passkeys on a billboard and broadcast to the hackers, such is the ease with which attackers seem to currently gain access."
PRISM has been developed by the TIDE team with a very simple aim – to take the power away from IT systems and super-users and to ensure the privacy and security of the registration and authentication process is guaranteed to be outside anyone's reach.
"Credentials and passwords are enhanced by taking those secrets, that are only known to the users and combining it with a secret that no one will ever know, turning the resulting algorithm into a virtual personal key that never exists in any one particular place," said Tide Foundation Co-Founder Yuval Hertzog. "The subsequent cryptographic key is held by no one – not even us, the creators of the technology – and managed by an ether of decentralized servers."
"PRISM is purposefully unpredictable and essentially makes the task of hacking too laborious," said Professor Doss. "Layers of resistance and a multi-party approach makes hacking simply economically unviable, to either defraud or destabilise a corporation."
Here is how it works: Users wishing to access a critical resource, log in through TIDE's decentralized network and their identity is transformed into a digital authority – represented as a cryptographic key. The resource gets unlocked without ever exposing that key. In simpler terms, imagine being able to open your front door with just a touch of your finger, without anyone knowing how your finger turns into a key or how that key unlocks the door.
"It gives even humble passwords the effective strength of a Bitcoin wallet, but with absolutely no change to the user experience. We believe any platform used by businesses or agencies that adopt it can effectively take the 'mass' out of mass data breaches," said Mr Hertzog. "The outcome is a win/win, with significantly reduced liability for organisations and data sovereignty for individuals."
About Tide Foundation
Tide is a deep-tech startup developing true zero-trust technology, allowing platform developers to lock their systems with keys nobody holds. Led by a team with leadership experience in cyber intelligence and enterprise software development, Tide is backed by a high-profile advisory and investor base of tech veterans, cryptography professors, and policy makers. Tide is a research partner of Deakin and RMIT University, an Australian Research Council grant recipient, has been championed by global bodies like the Organization for Economic Co-operation and Development (OECD) and the U.K.s Competition and Markets Authority, and won numerous deep tech awards.
For more visit: Tide.org
The collaboration between TIDE and Deakin is soon to have an industry partner, a leading global password manager.
A paper on PRISM has been accepted to the Critical Infrastructure and Manufacturing System Security conference in June, Kyoto, Japan.