Print this Page
2.3 Risk
11. Risk Analysis
Close this Page

Risk Analysis:
Risk analysis is undertaken to identify every point where a criminal may attack to gain access.
It is a business requirement to minimise the attack surface - the one-program application stack is deployed to ensure that only one program is available to the Internet.
The sign-in page is the primary application service access point and an attack point for criminals.
It is a business requirement to eliminate every other application service access point.
Policy: The normal sign-in page must be used as the only access point that must be defended.   Backdoors to the application service are not permitted for any purpose or any reason.   The session is regenerated at sign-in time so a criminal cannot know the signed-in session identity.

Eliza:
Eliza is the name of the Artificial Intelligent Assistant (AIA) that provides the application service.   Eliza is the "Data Provider" in compliance with the Data Protection Act.
Every request by a person is received and processed by Eliza who decides what response would be applicable.   No person is able to directly communicate with any application service facility.   Eliza is the only decision making authority that can trigger an application service facility.   Eliza has eliminated the need to have an application program stack, eliminated the need for program testing, reduced the cost of penetration testing and give the criminal very little to attack.

Pass-Phrase:
Eliza shall assign every persons pass-phrase to ensure that it is fit-for-purpose and not used by any other system.   Risk analysis shows that Eliza is best suited to assign adequate pass-phrases than any other method.   Nobody can manually assign a pass-phrase. Nobody except the authorised person can see their own pass-phrase.   System administrators only have access to encrypted data and do not have keys to unlock any encrypted data.

UAS:
UAS holds the one-time pass-phrase with the date and time that it was issued.   Eliza will check the normal pass-phrase and if needed will check the one-time pass phrase (and date-time).   Where the one-time pass-phrase has been used, Eliza will switch (the session) from the normal welcome page to the first-time welcome page.

Comparative Analysis:
Competitors may have an application stack with thousands of application programs - any one of them could be attacked by a criminal.   Eliza is the only program that a criminal can attack - no other application program exists.
Competitors have to do penetration tests for thousands of programs - any program may have a vulnerability.   Only Eliza needs to be tested and Eliza has only five points where a criminal can attack as:-
(1) URL: the address bar is the primary attack vector that is a fully encrypted string of digits.
(2) Handle: SQL injection and similar attacks have been eliminated.
(3) Email: SQL injection attacks have been eliminated.
(4) Pass Phrase: SQL injection attacks have been eliminated.
(5) Mode: the drop down list values are predefined.
Benefits:.
External penetration tests are needed on these five attack vectors - nothing else exists to be attacked.   Competitors need to spend a thousand pounds a day for many weeks because every application program needs to be individually tested.   Eliza is the only thing that can be tested - Eliza is the only thing that a criminal can attack.

Internal Penetration Tests:
The application service is provided as web pages containing reusable controls as:-
(1) Text: data entry is sanitised to eliminate SQL injection and other attacks.
(1b) Area: is just a multi-line text control with identical sanitation.
(2) List: drop down list of permitted values that are encoded (as digits) to eliminate attacks.
(2b) Date: is just a multi-list control with identical sanitation.
No matter what data is entered, Eliza will validate it according to expected values.   Eliza will accept a value and reply "saved" or will reject the value and reply "no change".   Only Eliza can change a field value in the database and every such change is subject to dual-interlocking audit trails.
Benefits:.
Internal penetration tests are needed on a reusable text control and list control.   Eliza testing can be completed in a few hours with little point in testing thousands of forms that only contain the same two controls.   Competitors need to spend a thousand pounds a day for many weeks because every application program needs to be individually tested.

New User Procedure:
It is a business requirement for an authorized person to approve the creation of a new user.   This is a high risk procedure that must be professionally managed to eliminate fraud and ensure no leak of critical information.   Specifically; sign-in details must not be communicated using email or any public communication method.
(1) An Approved Manager must sign-in and access the support dashboard to click the "new user" button - the new user form is shown.
(2) The Approved Manager must enter all relevant new user details, and when correct, will be shown a one-time pass-phrase.
(3) The one-time pass-phrase is valid for one hour and may be communicated to the new user by email, telephone, print or any other means.
(4) The new user is directed to use the normal sign-in page with their assigned handle, email and one-time pass-phrase.
(5) When the new user signs in (using encrypted communications) a first-time welcome page pops up to show their permanent pass-phrase that is never shown to any other person.
Benefits:.
The one-time pass-phrase may be communicated using any means because it expires within the hour.
Where a person does not yet have an email service, they can be given a one-time pass-phrase by their manager so they can sign-in without delay.
A new user is shown their permanent pass-phrase by the first-time welcome page using encrypted communications - nobody else can see this permanent pass-phrase.
Warning: no two people can have the same handle and email address - it is not permitted to add a new user as a person who is already known to the application service.

Forgotten Pass-Phrase Procedure:
It is a business requirement for an authorized person to request to be reminded of their permanent pass-phrase.   This is a high risk procedure that must be professionally managed to eliminate fraud and ensure no leak of critical information.   Specifically; pass-phrase details must not be communicated using email or any public communication method.
(1) The persons approved manager must sign-in and access the support dashboard to click the "forgotten sign-in" button - the forgotten form is shown.
(2) The person approved manager must select the person who has forgotten their sign-in details - a one-time pass-phrase is shown.
(3) The one-time pass-phrase is valid for one hour and may be communicated to the person by email, telephone, print or any other means.
(4) The person is directed to use the normal sign-in page with their assigned handle, email and one-time pass-phrase.
(5) When the person signs in (using encrypted communications) a first-time welcome page pops up to show their permanent pass-phrase that is never shown to any other person.
Benefits:.
The one-time pass-phrase may be communicated using any means because it expires within the hour.
When a person forgets their pass-phrase they must request their Manager to give them a one-time pass-phrase.
A person is shown their permanent pass-phrase by the first-time welcome page using encrypted communications - nobody else can see this permanent pass-phrase.

Expired Account Procedure:
It is a business requirement for normal user pass-phrase to expire in a selected number of days after it was last used.   It is also a business requirement for an expired pass-phrase to be rapidly reset in the event that the person has not left and still remembers their assigned pass-phrase.   Eliza shall automatically identify the expired pass-phrase and shall email the person with a link to their first-time welcome page.   The envelope with link to encrypted letter will expire within the hour.
Benefits:.
No human action is needed, Eliza can handle such events automatically using email.
As an alternative, the forgotten pass-phrase procedure may be used.

Expiry Reminder Procedure:
It is a business requirement for person to be sent an email reminder before their sign-in account expires.   Eliza will email a person a few days before their pass-phrase expires as a gentle reminder.   The email envelope contains a link to encrypted contents that invite them to sign in as normal.   The person may request a one-time pass-phrase so they can sign-in to view their permanent pass-phrase.
Benefits:.
No human action is needed, Eliza can handle such events automatically using email.
As an alternative, the expired account or forgotten pass-phrase procedures may be used.

Memory Threat:
1. A new kind of CPU execution defect has been identified in Intel and AMD processors that are used in some servers.   A rogue application program can cause an execution error that will disclose the memory content for other prosess threads.   The disclosed member could hold encryption keys or passwords.
2. The threat is dependent on a rogue application running on a server that is multi-processing passwords and encryption keys.
  (1) No application programs are permittted to execute on any server.
  (2) Every server does one job and only one job - no multi-tasking.
  (3) Passwords are stored and so passwords will not be in memory.
  (4) A very large number of different encryption keys are deployed at the field level - disclosing any one random key has no significance.

Data Hierarchy:
1. Eliza is about a knowledge base mathematically processing numbers that represent business data.   Privacy-by-design means is may not be practical to reverse engineer the inner mathematics of Eliza.
2. Business data is stored in three states as:
  (1) Displayed business data is a set of fields showing permitted values that only disclosed to an approved person using an authorised device in a known place.
  (2) Internal data is arrays of field fragments represnted by numbers. One or more numbers will represent a permitted field value.   Eliza processing never needs to know the permitted display values for these numbers. Business knowledge has evolved to process numbers using the Eliza mathematical notation.   Each field is encrypted using many layers of different encryption methods that are dependent on the context of how and where the data is processed.   Monitoring memory dumps will not disclose passwords or encryption keys.
  (3) Stored data are fragments of encrypted field values that are scrambled and hidden as offsets inside images and photographs.   Images are stored in encrypted folders that are hidden in encrypted partitions in a large number of distributed data centers.   Encryption methods have multiple possible decryption solutions that are sprinkled with fake data.
3. Privacy-by-Design has been demonstrably deployed by:
  (1) Replacing application programs with Eliza as an artificial Intelligent Assistant that cannot be hacked.
  (2) Reducing the criminal attack surface to a single authentication sign-in page.
  (3) Not permitting any application program (or malware) to run on any secure server.
  (4) Encrypting all business data, no matter of its classification or significance.
  (5) Encrypting all encrypted data with multiple layers of encryption so if one layer is cracked the other layers still protect the data.   This may not be legal in the USA.
  (6) Processing and gathering business knowledge about tokens and fields that are represented by meaningless numbers.
  (7) Storing encrypted data in secret images that are hidden in a massive library of images, rather than a database that can be hacked.   It is expected that the image library will be copied by agencies.
  (8) Continual monitoring 24*7 to detect and instantly stop criminal behaviour.
  (9) URL encryption to deploy one-time transactions that cannot be replayed by criminals who have recorded what an approved person did.
  (10) Ten-factor authentication so a criminal cannot reuse the pass-phrase used by an approved person.
4. Protection-by-Design:
  (1) Encrypt all business data so readable data cannot be stolen. A reportable data breach is not possible.
  (2) Relicate all encrypted data so data cannot be lost. Encrypted data can be recreated from many different places.
  (3) Authenticate and monitor approved people so criminal behaviour is instantly stopped.