Hi Richard
Dynamic Trust is a great name. In fact what keeps me up at night is that without being deeply technical, deeply business, and having been around since the year dot, how on earth does the average security punter know what to trust and what not to.
There are so many protocols that claim to be secure, that I think are insecure. And I do validate my thinking by trawling the vulnerability reports. e.g. TLS 1.2, certificates and handshake, NOT secure alone or with mTLS - plenty of exploits in the wild. Network protocols IPSec, client VPN, NOT secure alone. Plenty of evidence for innovative exploits and old exploits being reused. OAuth 2.0 NOT secure, ways to renegotiate handshakes, lots of pilot error in implementation - complex, and originally for developers to trust IdP like Google, not having to roll their own. On premises data centre network firewalls and security groups. NOT secure only, plenty of bypasses, particularly in organisations with legacy applications, new and old network escape routes are being exploited.
What is the lesson here????? Once you build communication protocols without security as part of the design principles, it is impossible to close all the loop holes. And we are talking 1990s protocols, when userID and password was secure enough.
So, am I big on trust? No. I constantly use my 25 years experience to evaluate each service, each network hop, each authentication, each authorisation for vulnerabilities. And so my philosophy is to make it really difficult to hack my applications. The simplest way to do this, is to encrypt the data at the field level prior to transit. So the only person who sees the data, owns the data. And use as many security methods such as firewalls, security groups, keep TLS up to date, Perfect Forward Security, add a client VPN, doublecheck identity JWT tokens, evaluate the trust horizon of all end users (persons, applications and devices) for risk, and if there is risk, encrypt the payload. Make Multi Factor Authentication as secure as possible, then only require once per day sign in, because the JWT is auto rotated daily, therefore trusting that devices can stay secure for a day before requiring another sign in (much less tedious than Google). Unless of course I was designing a solution for the Ukrainian armed forces to communicate their drone targets, then I would autorotate JWTs every hour, or every 10 minutes if I knew there were Russian hackers on my trail. (Russians and Ukrainians are all pretty good at mathematical algorithms, and analysing security posture).
So in fact I despair at getting the security services buyer to understand much of this. They will be repeating what someone told them about Active Directory, or Ping or Okta, which would have been the positive spin on their security measures, which I personally think are insufficient because they've been broken. I also get a lot of stuff from IBM X-Force as well as CVEs.
So a Zero Trust governance mechanism, could not come at a better time. And yet do we really understand the deployment context well enough to provide advice? That is why a few of us are privately setting up a ZT PoC, complete with design principles in the context of a couple of standard Use Cases. We'll publish to this circle when we have something to show, and certainly share the set of practical ZT design principles we come up with.
We have to start somewhere, because Identity Fraud is so easy for criminal rings, because most organisations are very careless with private data of customers and employees. This opinion is based on experience with a number of customers over the past 5 years, which I consider to be the most dangerous for cybersecurity. And it's not going to get better by itself, because hackers are much better paid than we are.
BTW, really enjoying reading everyone's POV because I really think we are putting some issues on the table here.
Best
Nya
------------------------------
Nya Murray
Director
Trac-Car
------------------------------
Original Message:
Sent: Nov 01, 2022 07:44:10 AM
From: Richard Baker
Subject: Using Blockchain Technology to strengthen Zero Trust architectures
Nya,
I agree with your thinking in a number of areas, in particular how we manage trust and risk. So many times in zero trust discussions we still seem to get back to a black and white view of the security world. Whereas what I think you are saying is that we have to balance trust and risk depending on who we are dealing with and what is at stake. This seems to be a conversation that is often lost in our discussions.
If we had to live our lives trusting no one, i.e. no assumed trust at the start of EVERY transaction life would get VERY expensive and consume a great deal of energy. That is one reason why we have professional and business standards to provide short cuts / signals.
So part of the challenge that we have as security professionals is to help users and organisations negotiate a new set of technical and social ques. But at the same time, as technologists, we should not make their life so frustrating that they refuse to engage or actively circumvent the technologies provided. Yet we need to provide meaningful signals/ friction to challenge the user to pay attention to a higher level of risk.
As for a better name for Zero Trust – I would suggest "Dynamic Trust" as a qualification when discussing with users/ organisations as this reflects what we have do in human interactions.
Richard
Original Message:
Sent: 11/1/2022 10:03:00 AM
From: Nya Murray
Subject: RE: Using Blockchain Technology to strengthen Zero Trust architectures
AWS has the same approach, Jonathan - IAM independently applied as policy to role to access. And role can be attached to any service. I think that people still confuse personal identity with identity as it's applied to IT systems, which is basically an access claim, could be an automated device or application access, equally there could be a button press by a person, but in essence it is a service that allows/denies access based on policy info, credentials, and I would like to see a risk profile added there.
Request access > provide/prove identity claim > request further authentication (e.g. MFA, TOTP, > validate claim with service policy/policies > open the gateway > review access on a periodic basis.
What I dislike about Google is their uber reliance on behavioural characteristics, and their review period being so annoyingly short. I am extremely annoyed at having to type in my Google credentials multiple times every day on my devices. Because their poor management means that people save their credentials on their devices so they are not being annoyed by Google so often. And I am not sure they don't leak credentials in transit.
Also we are missing the taking of responsibility by organisations of systems review of passwords/ secrets/ token rotation. Internal resources tend to take the marketing hype of their identity supplier as gospel.
Blockchain is useful as a primary definition of trust on creation. For heavens sake, I am often tempted to change the term Zero Trust because of its negative linguistic and NLP connotations for the term Foundation of Trust. Last time I looked, we are all individuals who are part of the collective Gestalt (human identity) dealing with a common Zeitgeist ( the meaning of the life and times). Why are we lacking the fundamental social skills to identify what can be trusted and what cannot? I'd say we have a collective disorder and we are stopping ourselves from experiencing our potential. I bet this gets a few defensive responses out of the woodwork :) :) :)
------------------------------
Nya Murray
Director
Trac-Car
Original Message:
Sent: Nov 01, 2022 05:55:34 AM
From: Jonathan Flack
Subject: Using Blockchain Technology to strengthen Zero Trust architectures
Richard,
We already see this with some CSP's like Google Cloud, where Identity and IAM are purposefully independent services, and this concept is fundamental when your requirements include a SDP.
But one of the other key reasons is that role bindings should be a component of your infrastructure, and maintained with state, so that you can continuously evaluate that state for drift.
If you adhere at all to the philosophy as articulated by John Kindervag, securing the protect surface in a resource level is a bespoke undertaking. This means that the role bindings can be logically and specifically associated with resources they control access to.
------------------------------
Jonathan Flack Managing Director, ACM, CNCF, CSA
Original Message:
Sent: Nov 01, 2022 04:18:50 AM
From: Richard Baker
Subject: Using Blockchain Technology to strengthen Zero Trust architectures
Nya, I can agree that management of identity needs to be independent of both the data and control planes, but what is also missing in the discussion is the management of access policy. In many cases access policy and authorisation is seen as an extension of the idenity of the individual, this is I believe is an error in thinking. Access Policy needs to be managed independently by the organisation/ business that has ultimate responsibility for the org operations and outcomes.
So while an organisation might draw upon multiple ID (and supporting attributes) sources (its own employees, partners, external consumer ID etc) it is the responsibility of that organisation to govern that access policy and to ensure it is alligned to the business and regulatory needs and published in a consistent across an organisations infrastructure. The idea that policy or identity can be managed more appropriately using blockchain to provide distributed management is falacious and will make demonstration of coherent corporate governance impractical.
Therefore like a number of people on this thread I remain a blockchain skeptic.
Richard
------------------------------
Richard Baker
Security Innovation Consultant
Independent
Original Message:
Sent: Oct 28, 2022 03:12:56 AM
From: Nya Murray
Subject: Using Blockchain Technology to strengthen Zero Trust architectures
Hi Richard
Re requiring ZT to control ZT, I agree, this is the nub of the matter. So what controls the controller, because clearly this is the dangerous single point of failure. My thought has always been that if I were a state funding hacking organisation, I would set up a controller, either SDP or ZT and mirror the data flows. :)
That is why I have focused on demonstrably independent identity management as the way to mitigate the risk of hostile control of the control plane.
------------------------------
Nya Murray
Director
Trac-Car
Original Message:
Sent: Oct 20, 2022 08:26:27 AM
From: Richard Baker
Subject: Using Blockchain Technology to strengthen Zero Trust architectures
Hi Denis, all,
Both the application of Blockchain to support ZT and the use of ZT to further secure Blockchain raise interesting use cases.
In the case of the former I responded on Draft NISTIR 8403 - Blockchain for Access Control Systems https://nvlpubs.nist.gov/nistpubs/ir/2021/NIST.IR.8403-draft.pdf earlier this year that was positing how Blockchain could be used as a transport mechanism for Access Control Policy. The paper highlighted a number of challenged to be resolved, the most pressing (for me and highlighted also by Denis) being interoperability of policy across different both technologies and geography. Not because this is an issue specific to a blockchain based solution, but is true for all multi-vendor/ multi-tech ZT solutions and the architectures that inform them.
It has also uncovered that we need to ZT to secure ZT. We often discuss the use of ZT security in the data plane, but as the discussion in this thread is uncovering, there is need for ZT in the control plane of the multi-vendor / multi-party architectures we evolve more complex interoperable solutions, this needs to be explicitly discussed in any operational architecure. I would therefore agree that BC based systems (and interop with Non BC systems) should also be within the scope of any architecture discussion. The challenge for the group is to find the appropriate blend of interoperability, resilience and performance for multiple levels of customer maturity and to support their respective roadmaps.
Regards
Richard Baker
Security Innovation Architect
Original Message:
Sent: 10/20/2022 1:51:00 AM
From: Denis Nwanshi
Subject: RE: Using Blockchain Technology to strengthen Zero Trust architectures
Hi all,
Great to see there is interest (and real-world projects) addressing this important topic. The diverse use cases and examples cited (supply chain, intent based networking, NFTs, crypto, digital contracts, IDM, IOT) highlight the opportunity for converging blockchain and ZT technologies for improved security outcomes.
At the same time, we know that in the absence of agreed international standards and lack of interoperability between the many blockchain protocols, scaling many of these decentralised network use cases will bring significant operational and maintainability risks.
I agree that understanding how blockchain protocols are using ZT at the protocol layer warrants further exploration.
With the onset of 5G network speed and scale, I also see value in devising a universal ZT security policy framework and standard technology mechanism that operates at the edge computing level and leverages the immutability and transparency attributes of blockchain.
Keen to ensure this discussion fits within the parameters of the ZT working group scope and we stay on course for the key deliverables, so further view points / leadership oversight would be appreciated.
PS. These are my opinions and do not in anyway represent the views of my current or future enterprise clients.
Thanks
Denis
------------------------------
Denis Nwanshi
Head of Digital Platforms
Bank of England
Original Message:
Sent: Oct 19, 2022 01:03:16 PM
From: T. Devon Artis
Subject: Using Blockchain Technology to strengthen Zero Trust architectures
Hi Alex, it is definitely a great conversation to have regarding Blockchain and Zero Trust. I think it would be ideal to dig deeper into how blockchain protocols are using Zero trust at the protocol layer it may help the broader conversation.
------------------------------
T. Devon D. Artis
DevSecOps Engineer/Blockchain Security Researcher
Divine Digital Transformation
Original Message:
Sent: Oct 19, 2022 09:29:16 AM
From: Alex Sharpe
Subject: Using Blockchain Technology to strengthen Zero Trust architectures
IMHO, it is hard to find a place where Zero Trust does not apply. IAM and the last mile problem (i.e., connecting the digital and physical worlds) are the hardest problems when developing a Blockchain solution. I also sit on a regulatory and policy committee trying to address these issues for cryptocurrencies, Non-Fungible Tokens (NFT), and Digital Contracts. Establishing identity in a global, decentralized world is not easy. Common regulatory requirements like AML/ KYC are not possible without it.
Please keep me in mind if you decide to have further discussions.
Cheers,
alex.
------------------------------
Alex Sharpe
Principal
Sharpe42
[email protected]
Original Message:
Sent: Oct 19, 2022 07:19:46 AM
From: Philip Griffiths
Subject: Using Blockchain Technology to strengthen Zero Trust architectures
Hey Denis,
Welcome to the community! I believe there is an overlap between Zero Trust and Blockchain indeed.
I personally do work on a UK Government & industry-funded initiative called Digital Sandwich (/https://www.digitalsandwich.co.uk/) which is building a blockchain-based system for food supply chain security and incorporates open source zero trust networking to make the system 'dark' and has a massively reduced attack surface while increasing visibility. I am also working with a university project which is building a Zero Trust intent-Based Networking and Blockchain-driven solution which uses the same open source zero trust networking technology - here is the presentation they will give at Linux One Summit in November - https://onesummit2022.sched.com/event/1Aafc.
I would personally love to have some further chats on this. There may be others in the community too who would like to understand more.
Regards
Philip
------------------------------
Philip Griffiths
Head of Business Development
NetFoundry
Original Message:
Sent: Oct 18, 2022 01:23:01 PM
From: Denis Nwanshi
Subject: Using Blockchain Technology to strengthen Zero Trust architectures
Hi all,
Thanks for the warm welcome.
My day job involves leading the design and implementation of digital platforms and products, and ensuring they are operationally resilient, so since joining, I've been reading the posts on Zero Trust with real enthusiasm.
As more and more organisations explore blockchain technology beyond crypto use cases, and mission-critical distributed ledger networks go live, the value of a decentralised, trustless architecture framework is no longer in question. Researchers in certain sectors (finance, healthcare) are taking a hard look at the viability of merging zero trust principles and blockchain to address the risk of data breaches during offchain / onchain transactions.
With the potential for blockchain to act as a secure and transparent ledger, a number of potential use cases have been cited for strengthening the Zero Trust ecosystem, but I'd be keen to hear of any previous thoughts on this.
------------------------------
Denis Nwanshi
Head of Digital Platforms
Bank of England
------------------------------