January 26, 2018
January 26, 2018
3-D Authentication by Jeff P. Godoy
We are at war for the domination of cyberspace. Every day we as a nation are attacked literally millions of times, often by nation state cyber-terrorism. More and more cyber weapons are being added at a constant rate, often free to download from the internet. Computer Network Defense is getting harder and harder. We have multi-factor authentication, something you have and something you know or something you are. Even that is not enough, we are always in the dark wondering if the person’s credentials are real or not.
This is why I am proposing 3-D authentication. What is 3-D authentication? It is authentication with the use of a Geo-Positioning Satellite (GPS). Before, when a person authenticates with a smart card and a PIN, they authenticate where they are standing and what their GPS coordinates are. This does not replace your smart card and your PIN, it enhances it.
If a person is working in a specialized military Network Operations Center (NOC) or at a critical infrastructure such as a Dam or a Power Grid, they are probably not going to be connecting from Russia or China. By first authenticating that a person is physically in the correct location and verified by a GPS satellite, they are ready to use their smart card and PIN. Protecting our infrastructure is critical, an attacker could flood an entire region ore shut down critical power to multiple states or regions.
By authenticating with a GPS satellite, there is an additional layer of security. An attack will be hard to spoof or compromise. This is because not only does the attacker have to hack the facility network, but now they would have to hack the GPS satellite. This amounts to a digital iron wall around your network and facility.
This is accomplished by a series of steps, as described below.
1. 3-D Authentication is designed to be used by the military/government. That is why it requires an encrypted GPS satellite connection. This makes it impossible to hack due to the encryption.
2. The coordinates become a SHA-256 hash and then a Private Key. This allows the unit to validate the position and provides non-repudiation. The private key is stored at the location in an HSM (Hardware Security Module).
3. The process relies on certificate transfer during the authentication process. Once both ends sync, it authorizes the location.
4. Once the location is authorized it moves to a standard CAC secure-login.
5. The person is certified as being in the correct location and with his CAC, his identity is validated.
Use Case One:
For use Case One, we will look at an example using a large dam. This is controlled with a SCADA based computer system. A compromise could be devastating. Whole areas could be flooded and lives lost. An infrastructure facility like this typically has one control area and is not usually controlled remotely. This is a perfect location for 3-D authentication. If you are not physically in the control room, why are you trying to connect and who are you really?
Use Case Two:
For Use Case Two, we will look at a highly sensitive classified Network Operations Center (NOC) or Intelligence facility. This facility has a critical need for secrecy and protection. This would not only add an additional layer of authentication, the GPS could be used to identify where the attacker is located for further investigation. This provides both an offensive and defensive approach to cyber protection. Defending the facility and network and identifying a potential compromise agent is critical to the mission. A system could be added for military use that would allow coordinates from remote locations to be used additionally for special mission capability.
This paper illustrates the need for constantly evolving cyber-defense. This system would be useful not only to the US government and military but also to major corporations and financial institutions. These have become the main focus of global attack and cyber-financial war. Our growing cyber-defense needs to focus on all avenues and 3-D authentication would open a new page in the search for those weapons and capabilities.