Highly Assured Data-Centric Security (HADCS) goes beyond traditional perimeter-based security models by shifting the focus to securing the data itself, explained Keith Strini, the chief technical strategist for the Department of Defense and intelligence community at Dell Technologies.
Strini joined the AFCEA TechNet Indo-Pacific conference in Honolulu on Oct. 23 to explain how the proposed framework would provide end-to-end protection for sensitive data.
At the core of the framework, Strini said there are several advanced technologies, including identity-native security. This security approach emphasizes leveraging hardware-backed identities and cryptographic keys that are fused with the devices and workloads.
Each identity that interacts with the system – whether it is a device, workload, or user – carries what Strini referred to as a “root of trust” that is built on tamper-resistant hardware.
“We have a starting point. Everything runs on silicon, and so, we have a way to start building root of trust up from the silicon all the way up into the software, and then be able to create digital certificates that are the identity of that particular device, of those particular workloads that run on that device,” Strini said.
“Those things can then exchange and attest in a mutual authentication sort of way, that this API [Application Programming Interface] that’s calling me or this process that’s calling me over here has a provenance of the digital footprint that it has, that I can attest before I even establish the TLS [Transport Layer Security] communication between it and myself,” he explained.
Additionally, Strini said that another core component of HADCS is the need to integrate post-quantum cryptographic techniques. He pointed to the National Institute of Standards and Technology’s (NIST) three quantum-resistant algorithms, which the agency released for immediate use in August.
After nearly a decade of research, NIST designed these three encryption algorithms to withstand cyberattacks from a quantum computer. The three finalized standards include CRYSTALS-Kyber, CRYSTALS-Dilithium, and Sphincs+.
“Inside of those, Dilithium is the one that does the digital certs (certificates) that’s quantum resistant. So, now I [can] create a quantum-resistant identity for the particular device,” Strini said.
While these are just some of the ways to future-proof systems with HADCS, Strini said that the framework “allows you a great amount of flexibility” as an adversary would have to capture “a whole lot more … in order to spoof or in order to impersonate” workloads.
“These are the types of promises of the future, of looking at it from a data-centric security perspective, rather than a role-based access and user identity,” he concluded.