| 2.3 Risk
02. Risk Free Data | |
|---|
| 2.3.02. Risk Free Data: | | 1. It is a business requirement to be able to store business data in a way that it is 100% safe and secure from every criminal attack. | | 2. Because all business data is 100% encrypted and stored as meaningless images in a forest of images, the real business data cannot be stolen. | | 3. Because every data breach must be reported to the regulator who will impose fines, the threat of a data breach must be made to be impossible. | | 4. The foolish may wish to state that 100% data security is not possible, but that is because the foolish are still using spreadsheets. |
| 2. Legal Data Breach Disclosure: | | 1. When any personal data is lost or copied for any reason, then the data breach must be reported to the Information Commissioners Office who will assess the compensation due to customers and impose fines. | | 2. The majority of data breaches are because a laptop containing emails with attachments is stolen. | | 3. Inside people are the cause of some data breaches because people have access to data that is not encrypted. Like Snowden, emails containing attachments provide a wealth of business data that can be accumulated over years and sold to earn extra income. Nationwide was fined 1.5 million pounds for a laptop that was stolen in a burgulary because the laptop contained a complete set of customer records. |
| 3. Risk Elimination: | | 1. The way to eliminate the risk of a data breach is to ensure that no business data can be identified because its totally encrypted and hidden as an image. | | 2. Business data cannot be stolen if nobody can tell that a set of images has the payroll data contained within an image. A data breach can only take place if the data stolen can be proven to be business data. | | 3. All stored data is stored in folders with numeric names holding files with numeric names that hold what looks like PNG images and no other identifying information. A criminal is free to copy the folders, files and view the meaningless contents. The same folders may contain lots of other files that contain lots of iamges to obfuscate the criminal. |
| 4. How does it work: | | 1. Business data can be represented in a spreadsheet as rows of fields. | | 2. Three kinds of fields may exist as (1) text value like a company name, (2) drop down list value like a cost code and (3) a numeric value like the net amount. | | 3. Each text value is replaced in the row with a numeric token and the text value encrypted that is stored in a reference file with its token. | | 4. Each list value is stored in the row as a numeric token and the text value encrypted that is stored in a reference file with its token. | | 5. Each numeric value is stored in the row as an encrypted string. | | 6. This technique known as "pseudonymisation" is a data protection act recommended "privacy-by-design" method. Many different layers of GZ encryption are deployed to cause the encrypted data to look like an image. |
| 5. Result: | | 1. Each business spreadsheet is reduced to rows of encrypted data without field separation that have no meaning. | | 2. Each reference file contains rows of encrypted data that have no meaning and look like images. | | 3. File names are simplified as a long number with a PNG file type - each show as a simple image. | | 4. Millions of similar image files name are stored in the same folders. |
| 6. Return on Investment: | | 1. Security has a high cost of deployment to offset the risk from threats of a data breach. | | 2. It is possible that in the event of a data breach, income from each customer involved would stop. The cost of a data breach could be a total loss of revenue for each project involved - project survival is being threatened. Such a risk means that the possibility of a data breach must be eliminated, no matter what it costs. | | 3. Where a project earns one-thousand pounds per year for ten years, then the security cost may well exceed one-thousand pounds over that ten year period. Even a cost of ten-thousand pounds over the ten year period is still sustainable and profitable. | | 4. The cost of security training and annual certification is very high, but such costs can be shared by one-hundred customers, then it is very cost effective. An in-house certified security engineer may have a salary-benefit package costing more than one-hundred-thousand pounds per year - a million pounds over ten years. In addition, security equipment and services may double that in-house cost to over two-million pounds over ten years. | | 5. It is very easy for the bespoke application service business to dramatically undercut such in-house costs and deliver a more effective service. The era for in-house IT experts in retail, manufacturing, transport, insurance and other market sectors is as logical as running an in-house steam engine or water wheel. |
| 6. Plausible Deniability: | | 1. Plausible deniability is a steganographic technique for the lack of evidence to prove an alleged data breach. A reportable data breach is deniable because nobody can prove that any Personally Identifiable Information has been lost or stolen. Fully Undetectable (FUD) is where PII cannot be seen to exist. | | 2. Stenanography is the method of hiding, concealing and storing encrypted data in an image. Cryptography makes PII unreadable, while stenanography conceals the cryptographic data in plain sight. | | 3. Sudoku is a means to communicate 81 digits by purposefully excluding digits that must be created using standard Sudoku rules. Each 81 digit puzzle is a token or common set of incomplete tokens. |
| 7. Legal Assult: | | 1. A court order can compel an officer of the business to divulge the encryption key. An encryption key is divulged that will result in the decryption of a nursary rhyme or character of similar length to the hidden message. A different encryption key will result in the decryption of the real message. | | 2. This twin outcomes is designed by using many layers of encryption so the output of one encryption layer using the divulged key results in a plausible but false result. The twin outcomes are a factor of the original encrypted message length and the divulged encryption key length. "Mary had a little lamb" is a plausible result from messages with a divulged key of up to 128 characters. | | 3. A third encryption key is used to change all messages and keys to "1"s as a doomsday action. This doomsday encryption key is hidden in many places that criminals may look at and discover. In fact, any encryption key with the wrong pattern may be classified as the doomsday key. | | 4. Encryption keys have a CRC suffix, but the real encryption key has a slight defect in the CRC that is plausibly due to short integer calculations. |
| 8. Doodle: | | 1. For the benefit of humanity. Open source in the public domain. | | 2. Tokens on one reference file are the same as tokens in any other reference file so the identification of a token value cannot imply its reference file. | | 3. Any error in any file for any reason will show the hello world message and no other error message. A strategy of decryption by creating errors and analysing the consequenced will not work. | | 4. All data is stored as images. Small abstract shapes that are hard to distinguish are the target. It is nice that the list of town names and the list of county names have similar images - hard to tell which is which. | | 5. Every file has a CRC that is algorithmically used to derive the file name holding that files unique encryption key. Every file is an image with an 8 digit file name and PNG suffix. | | 6. Every file is a PNG image - ISO 15948 open source specification. Data is stored as IDAT, ITXT, TEXT and most importantly ZTXT. "Software" and "Comment are the only keywords used at the current time. LZ77 compression is used - inflate according to RFC-1950 for less than 32768 bytes. Private chunks are not used, but could be used in the future. Every chunk must have a valid 4-byte unsigned length (not the length or CRC), a 4 byte identifier and a valid 4-byte (32-bit) CRC of the data only, but may be identifier only. CRC conforms with ISO 3309 using bit algorithms. Criminals and Governments cannot mess with ISO standards for their own benefit. |
| 9. Systems are always being hacked: | | 1. Correction: email is always being hacked. Microsoft Outlook-Exchange is no longer fit for purpose because email was designed before security was an issue. | | 2. HRM consisted of a SQL three level hierarchy as Office (UAD), Person (UAP) and Sign-In (UAS) table-pairs using a database design that originated in the 1970s. This was easy to search, sort and filter, until it was encrypted and then SQL queries fail to have any purpose because SQL was designed before security was an issue. | | 4. HRM will consist of many PNG images where each image conceals one or more encrypted and compressed field values that can rapidly be loaded into decrypted arrays. The benefits are considerable and may include:- | | (1) Encrypted data is unreadable and cannot suffer a data breach. | | (2) Stenagraphic data is concealed in a way that it cannot be seen. | | (3) Compressed data takes up less disk space with performance improvements. | | (4) Data can quickly be decrypted and stored in internal arrays that are easy to search, sort, fiilter, edit and process. | | (5) Images can be hidden in a massive library of images with no easy way to know which hold encrypted compressed business data. | | (6) Each image may hold one column of field values so even if was found and decrypted, only one column of field values is known with no context. | | (7) SQL stored rows of many field values; Eliza stores each column of field values in an image so unique values are stored once with disk space reduction that gives performance improvements. | | (8) Every image has its own set of unique encryption methods so if one method is cracked, other layers continue to protect the business data. | | (9) Eliza images form an "inverted" database by field column rather than row with the elimination of SQL system software threats - may be known as NOSQL with files that cannot be accessd from the Internet. | | (0) Flexibility is that any field can be changed, removed or added as and when needed without impacting any other field - a field may be shared by many table views. |
| 0. Benefit Analysis: | | 1. An Eliza image holds all town names once - all 1500 names like "Bishop's Storford" are encrypted, compressed and concealed in a specific image. | | 2. A CRM application needs to hold the address, including town name, for each branch office, for each contact person, the persons next-of-kin, the persons registered doctor, each delivery-pickup address and each billing address. With SQL, this could be a lot of repeated text, but with Eliza this is all reduced to a token number that indexes a town name stored once in an image. | | 3. This technique is a natural eolution of the existing reference (option) data method that has been used for decades. The benefit is that all reference codes have become a meaningless integer and all reference descriptions are encrypted and concealed in a random image. | | 4. Every text data entry field is treated as if it was a drop down list in that every field value is stored as a reference description with a token. Where a name was stored as text in a record, it is now stored as a reference token number that is an index to a name array that is stored in an image - a technique known as pseudomysation. | | 5. The mission is to ensure that bespoke application services cannot suffer a data breach - NOSQL images and just one extra step on that journey. |
| Research: | | * Business data concealed in an image may be assigned more than one decryption key. The simple key decryptes the message to show some casual business factoid. An alternative key physically changes every file it can find to all ones, including system files. The real key key (on the right network and using the right OS) decrypts the message to show the real business secret. | | * A file named "financial" in a folder as "wp-admin" is stored as a honeypot (on any other server) that will destroy any computer that accesses the file. | | * Agencies have the legal right to install monitoring software in every kind of computing device - every device has a computer. ISP provided "free" firewall routers are a back-door. Microsoft provided "free" antivirus and download applications are a back-door. Vendor provided "free" email and media services are a back-door. Every microphone and camera can be switched on by agents. Every smart TV is listening and watching. IoT (CCTV, Amazon Echo, Google Home) is a back-door for agents. | | * Espionage is the biggest revenue market in the world because it plays with what people fear the most. As the world fragments towards the next world war, espoinage must grow exponentially. Gaming is evidence of what pleases the human mind and that evidence does not imply cooperation, colaboration, peace and tranquility. | | * Can "democracy" exist in a world where most work is done by computers and most people do not have a job and will never have a job? Is it democratic that a few get very rich while most are poor? What will the poor people vote for? How can a "free" health care system be sustained when most people are retired and computers do most of the work? |
| How are authentication details secured? | | 1. Sign-in authentication is dependent on a number of factors such as:- | | * Handle as a persons first name and family name. | | * Email as a persons prefix and domain name. | | * Pass Phrase and Retry Date and Retry Count. | | * Geo-Location and Network Name. | | * Day of Week and Hour of Day. | | * Operating System and Browser Edition. | | * Screen size and resolution. | | * Date and Time the person was first approved to sign in. | | * Persons unique key and the approving managers unique key. | | * Cookie and local storage data. | | 2. The persons handle is split into a first name and family name, and each part is tokenised, encrypted, compressed and concealed in an image - stored as two tokens. | | 3. The persons email is split into a prefix and domain name, and each part is tokenised, encrypted, compressed and concealed in an image - stored as two tokens. | | 4. The persons pass phrase is not stored, but algorithmically derived from many other field values such as the approving managers key, this persons key, email and creation datetime as number of seconds since a private event. | | 5. The persons geo-location is tokenised, compressed and concealed in an image. This is not encrypted because the number of unique geo-locations supported is a small number. | | 6. The persons network name is tokenised, compressed and concealed in an image. This is not encrypted because the number of unique networks approved is a small number. | | 7. The persons days of the week is tokenised, compressed and concealed in an image as a meaningless number. | | 8. The persons hours of the day is tokenised, compressed and concealed in an image as a meaningless number. | | 9. The persons retry is a number and date are algorithmically merged and stored as a meaningless number. | | 10. The persons operating system is tokenised, compressed and concealed in an image. | | 11. The persons browser edition is tokenised, compressed and concealed in an image. | | 12. The persons screen size and resolution are algorithmically merged and stored as a meaningless number. | | 13. The person profile date and time created are algorithmically merged and stored as a meaningless number. | | 14. The person profile was approved by a manager who has a unique key that is stored with this persons unique key. | | 15. A criminal may need to decrypt each and every field value to give them the minimum information they need to impersonate a specific person. This excessive level of encryption exceeds what others are able to provide and what criminals will ignore. This authentication stored data cannot suffer a reportable data breach because it does not contain any Personally Identifiable Information. |
| Document Control: | | 1. Document Title: Risk Free Data. | | 2. Reference: 162302. | | 3. Keywords: Risk Management, Data Breach, Risk Free Data, Encryption, Steganography, Data Commpression. | | 4. Description: Data is encrypted, compressed and concealed in images that prevent a data breach. | | 5. Privacy: Public education service as a benefit to humanity. | | 6. Issued: 8 Dec 2016. | | 7. Edition: 1.2. |
|
|