Australian not-for-profit's encryption solution to privacy breaches

An Australian open source foundation is introducing a new approach to encryption called splintering, TechRepublic's Karen Roby talks with the Tide Foundation's co-founder.

Australian not-for-profit's encryption solution to privacy breaches

TechRepublic's Karen Roby talks with Yuval Hertzog, the co-founder of the Tide Foundation. The following is an edited transcript of their interview.

Yuval Hertzog: Tide Foundation is a not-for-profit, open source foundation that was established in Australia by a group of industry veterans coming from many areas of technology, commerce, sales, marketing, and with decades of experience in the industry. Now we have developed a set of tools, what we call the infrastructure, to address the cure for the privacy breach epidemic in the world. The way that we approach it is quite different, I would say, than many other solutions are doing it, is by utilizing the new wave of technology that we categorize as trustless technology. Trustless technology is part of the movement that was created based on blockchain, cryptocurrency, and other innovative technology.

One of the main aspects of addressing or curing the privacy breach epidemic is to gain back control and management over personal data. Where we see the aspect of giving back consumer some control, all of the control, and the accountability for their personal data that's stored on digital space, and what we developed is a set of tools that allows an entire economy of consumers, businesses and marketers to interact in harmony and in a way move the world to a more privacy aware interaction. 

Karen Roby: Talk specifically about splintering, what it is, how it works. 

Yuval Hertzog: In the world of trustless blockchain technology, one of the biggest problems is proving your identity, or even claiming identity. The current solutions in the marketplace provide solutions that are cryptographically based on a private or public key or a set of unique identifiers which are extremely hard to store in a decentralized manner, in one way, or extremely hard for a human being to manage without digital tools that are on him all the time. We decided to approach it by saying, "Do you know what? Why don't we go back to the simple, most common way that people authenticate on the internet?" And that's using a username and password. And it is not that we believe that that's the most secure and reliable way to identify a person, but simply because this is the most prevalent mechanism currently used in the world, and until people move to a more advanced or secure mechanism, we still believe that password identification is the easiest, the most convenient for a consumer to continue their engagement with businesses. And we thought, "We're going to utilize that to help people embrace trustless technologies in a way that doesn't change their behavior." One of the problems is how to allow for possible identification without a centralized entity that stores or verifies the original password, and we came up with a scheme, with an encryption scheme that distributes password authentication across a decentralized network, hence the splintering mechanism. 

SEE: Launching a career in cybersecurity: An insider's guide (free PDF) (TechRepublic)

Karen Roby: How do you plan on getting this message across to everyone?

Yuval Hertzog: One of the key aspects that drove us to develop this is we wanted to develop a solution that is as secure today as the existing username and password identification, which I must say, it's not that secure, but it's working to some extent, and people still use it and are happy with that. What we found when we developed splintering is that it actually increases the security of the whole authentication process, and it increases not by a little bit but by a significant amount. I calculate it to be 40 million percent increase in security, and we've done a lot of research to calculate that number. 

But, as you said, this is not a magic bullet, this is not something that will solve all elements of password issues in the security space, but what it does do immediately, it narrows down the impact of a breach because of its decentralized nature. Let's assume that no breach is inevitable; once a breach happens in a centralized world, most likely the entire database of passwords and accounts will be breached and will be compromised. As opposed to a solution like ours that's decentralized, the most that can happen in a single breach is compromised of a single user record. So all the effort that needs to be put in a breach like that needs to be multiplied by the number of records. So our mechanism, while it's not solving all the password issues, is actually narrowing down the solution to at least make it extremely hard to steal a large number of passwords or accounts. 

Also see