Feature story

New Approach to Secure Critical Infrastructure

Infrastructure Magazine - March 2024

INEFFABLE CRYPTOGRAPHY: A New Approach to Cybersecurity for Critical Infrastructure

As Australia’s critical infrastructure becomes more interconnected relying on digital networks, Internet of Things systems and smart technology developing effective and innovative means of keeping systems secure from cyber attacks has never been more important or more complicated.

The answer to this issue may lie in a breakthrough cybersecurity technology developed in a collaboration between a team of mathematics researchers from RMIT University’s Centre for Cyber Security Research and Innovation (CCSRI) and a tech startup called Tide Foundation.

The Dilemma

Whether a business is using software from a vendor, or relying on their IT team, or keeping keys with access, there’s always someone who has access to that authority. “And when that authority is compromised, it's game over,” Mr Loewy said.

“That's when you see the mass data breach. That's when you see these horrific breaches of infrastructure, and there will obviously be a lot worse to come. “We want to remove these Achilles heels by removing the need for blind trust. And the way that you do that is by providing some verifiability, something you can verify is trustworthy and reliable.”

Tide’s new technology, dubbed ‘ineffable cryptography’, offers a solution by allowing data and devices to be locked with keys that no-one will ever hold.

Paradigm Shift in Cybersecurity

“We are using a mathematical primitive that is very different to what is in use in current security frameworks. The algorithms and software that build on top of that are obviously quite different because, like I said, right down at its core it's completely different.”
Dr Joanne Hall, RMIT University.  

Mr Loewy said that the primary principle of the technology is to remove all instances of all-access, ‘godlike’ authority from the system, even from administrators.

“There’s usually something inside of a system, a key, that is granting godlike authority to whatever’s locked inside of it. Our approach is to take the key out of the platform and render it unreachable. Ineffable. “When required, the key will check, "Am I allowed to do that? I'll unlock that for you, but I'm not going to hand you the key. I'm just going to give you what you need at that point in time."

This technology doesn’t require organisations to rebuild their CRM system, ERP system or access control system. “You take this new capability and integrate it into an existing product, providing you with the security that even if the platform is breached, the authority to that godlike access no longer lives there. It lives outside in a place no-one can access it.”

Addressing Threats to Critical Infrastructure

Ineffable cryptography offers a new approach to cybersecurity for critical infrastructure, which can be especially vulnerable to hacking thanks to legacy systems and its interconnected nature.

“An organisation that manages infrastructure for not just themselves, but for all of their customers, they’re sitting on a huge liability,” Mr Loewy said. “If they get breached, every single one of their customers are now at risk of compromise. And if those are important industrial facilities or big businesses, the impact of that breach is just enormous. No organisation wants to sit on that kind of liability; and every organisation wants to be able to provide a product or service in a way that demonstrates to their own customers, ‘We don't present a risk to you even if we get breached’.

Put to the Test

Scientifically validating this technology has been a collaborative effort between RMIT’s own Chief Information Security Officer, top mathematicians and cybersecurity experts in the School of Science and CCSRI.

Most recently, a select group of cybersecurity students, supported by the RMIT Cloud Innovation Centre and RMIT’s AWS Cloud Supercomputing Hub (RACE), worked with industry partners to help them test the technology and prove its ability to solve critical infrastructure security challenges in ways that weren’t previously possible.

The Ineffable Cryptography has been incorporated into a prototype access control system specifically for critical infrastructure management, known as KeyleSSH, and successfully tested with multiple companies.

“Whether it's individual devices, whether it's access to a piece of infrastructure, a switch in a water facility or smart meter, we’re locking everything down with these keys that no one ever holds. Keys no-one can steal, lose, or misuse.”
Loewy said.  

Notably, this technology is an Australia sovereign capability, underscoring the country’s capacity to transform the cybersecurity landscape.

Read the full story here

Recent News

23 Nov 2023

RMIT, Tide, AWS Collab Unveiled

Tide's "Ineffable Cryptography" to secure critical infrastructure

25 May 2023

New breakthrough in Zero-Trust

Deakin University researchers prove Tide's tech breakthrough in ZeroTrust cyber security

26 May 2023

TideInside Dev Champion Crowned

Sean Nam Crowned Champion in the Prestigious TideInside Development Competition

5 Apr 2023

Interview with Dr Zero Trust

New Approach to Security Strategy with Decentralization

31 Mar 2023

Cybersecurity Predictions and Prescriptions

Cybersecurity in 2023 & Beyond: What to Expect and What Can Be Done

10 Mar 2023

Tide guests on TechStrongTV

Co-Founder Michael Loewy explains need for a more decentralized approach to managing identity and cybersecurity to enable the promise of zero trust.

14 Feb 2023

Tide guests on Zero Trust Podcast

This week we have a two-for-one special and feature our newest panel-style format.

24 Oct 2022

Financial Review Interviews Tide

The spate of recent data breaches headlined by Optus and Medibank has reinforced the urgency to rethink cybersecurity.

26 Aug 2022

Tide named world-changing startup

Revolutionary new technology to secure the future

16 May 2022

RMIT validates Tide’s breakthrough cryptography

New multi-party cryptography enables true zero-trust

16 Nov 2021

Tide win startup of the year

By AISA cybersec peak body

27 Nov 2021

JaxEnter interview Tide

Human beings are cybersecurity’s weakest link


Thanks for getting in touch. We'll get back to you as soon as possible!

Send another message