3-D Authentication

January 26, 2018 | Views: 2232

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

3-D Authentication by Jeff P. Godoy

Executive Overview

We are at war for the domination of cyberspace. Every day we as a nation are attacked literally millions of times, often by nation state cyber-terrorism. More and more cyber weapons are being added at a constant rate, often free to download from the internet. Computer Network Defense is getting harder and harder. We have multi-factor authentication, something you have and something you know or something you are. Even that is not enough, we are always in the dark wondering if the person’s credentials are real or not.

This is why I am proposing 3-D authentication. What is 3-D authentication? It is authentication with the use of a Geo-Positioning Satellite (GPS). Before, when a person authenticates with a smart card and a PIN, they authenticate where they are standing and what their GPS coordinates are. This does not replace your smart card and your PIN, it enhances it.

If a person is working in a specialized military Network Operations Center (NOC) or at a critical infrastructure such as a Dam or a Power Grid, they are probably not going to be connecting from Russia or China. By first authenticating that a person is physically in the correct location and verified by a GPS satellite, they are ready to use their smart card and PIN. Protecting our infrastructure is critical, an attacker could flood an entire region ore shut down critical power to multiple states or regions.

By authenticating with a GPS satellite, there is an additional layer of security. An attack will be hard to spoof or compromise. This is because not only does the attacker have to hack the facility network, but now they would have to hack the GPS satellite. This amounts to a digital iron wall around your network and facility.

Methodology

This is accomplished by a series of steps, as described below.

1.       3-D Authentication is designed to be used by the military/government. That is why it requires an encrypted GPS satellite connection. This makes it impossible to hack due to the encryption.

2.       The coordinates become a SHA-256 hash and then a Private Key. This allows the unit to validate the position and provides non-repudiation. The private key is stored at the location in an HSM (Hardware Security Module).

3.       The process relies on certificate transfer during the authentication process. Once both ends sync, it authorizes the location.

4.       Once the location is authorized it moves to a standard CAC secure-login.

5.       The person is certified as being in the correct location and with his CAC, his identity is validated.

Use Case One:

For use Case One, we will look at an example using a large dam. This is controlled with a SCADA based computer system. A compromise could be devastating. Whole areas could be flooded and lives lost. An infrastructure facility like this typically has one control area and is not usually controlled remotely. This is a perfect location for 3-D authentication. If you are not physically in the control room, why are you trying to connect and who are you really?

Use Case Two:

For Use Case Two, we will look at a highly sensitive classified Network Operations Center (NOC) or Intelligence facility. This facility has a critical need for secrecy and protection. This would not only add an additional layer of authentication, the GPS could be used to identify where the attacker is located for further investigation. This provides both an offensive and defensive approach to cyber protection. Defending the facility and network and identifying a potential compromise agent is critical to the mission. A system could be added for military use that would allow coordinates from remote locations to be used additionally for special mission capability.

Conclusion:

This paper illustrates the need for constantly evolving cyber-defense. This system would be useful not only to the US government and military but also to major corporations and financial institutions. These have become the main focus of global attack and cyber-financial war. Our growing cyber-defense needs to focus on all avenues and 3-D authentication would open a new page in the search for those weapons and capabilities.

 

Share with Friends
FacebookTwitterGoogle+LinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterGoogle+LinkedInEmail
Ready to share your knowledge and expertise?
2 Comments
  1. I like the idea of the additional authentication factor. And for stable systems like SCADA this makes sense. But how do you defend against meaconing or jamming as a form of Denial of service? If the authorized user needs valid GPS to log in, I can attack the GPS and keep the sys admin from logging in.

    • On a military basis, you are using am isolated network.The satellite link is encrypted with a key that is different from the authentication key for the GPS location. This is beyond a simple GPS login, I am discussing a highly secure network link, that theoretically is next to impossible to use a DOS attack or spoof the GPS location. Military networks have had solutions for DOS attacks for a long time, they are busy fighting state-sponsored actors which reach far beyond a simple DOS attack.

Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel