ISACA Journal Author Blog

ISACA > Journal > Practically Speaking Blog > Posts > Applying Chaos Theory to Security

Applying Chaos Theory to Security

Jean Jacques Raphael, CISA, CISM, ISO 27001 LI, Jean Claude Célestin, Eric Romuald Djiethieu, FCNSP, ISO 27002 Foundation, ITIL v3
| Published: 8/12/2019 2:59 PM | Category: Security | Permalink | Email this Post | Comments (0)

It has become almost impossible to face cybersecurity issues just by using the presently available countermeasures; hackers always find aways to bypass them. Whatever the future state of technology, some information related to people and national security must be kept secret. To propose a viable response to this situation, Octosafes Inc. conceived a theoretical system based on 5 hypotheses and mathematic chaos laws. The 5 hypotheses are:

  1. A child born today can be identified and authenticated by a computer without using the child’s name or a numerical identifier (SSN).
  2. On a certain scale, e.g., micron (micrometer) or microsecond, it is impossible for 2 people or 2 objects to be exactly the same, e.g., identical twins, fingerprints or 2 sheets of paper in the same ream.
  3. To become safer or even impenetrable, information systems must obey new laws and new logic (other than Boolean logic).
  4. The computer can protect people by protecting itself.
  5. Based on the previous hypotheses, it is now possible to design information systems with limited compatibility, i.e., it is impossible for 2 computers to communicate if there has not been some “physical” interaction (remotely or not) between these 2 systems.

The 2 essential laws of chaos theory are:

  1. Some degree of uniformity and order can be found in apparently erratic and uncontrollable phenomena.
  2. A phenomenon that is very controllable and predictable can become very unpredictable over a long time period

Based on these observations, mathematicians were able to create patterns they called strange attractors. They have also discovered dimensions of space that are no longer whole and that can be replicated to infinity.

Our recent Journal article is based on these 5 hypotheses and on the integration of chaotic models in information technology. However, it is rare for a mathematical abstraction to totally fit with reality, so we used a type of stratagem to integrate chaotic processes into the digital card that is at the center of our IT security project. Because this card will be made billions of times and the spatio-temporal coordinates of each card are unique, any attempt to clone or reproduce this card is doomed to failure.

The actual structure of each card is revealed and stored in the authentication server (AS) using a microlaser scanning the surface of each card at a specific frequency, which is determined at the time of initialization, i.e., from the first card and AS interaction. This single reading at submillimetric scales and microsecond time slots will be similar to the outline of a beach (designed at a millimeter scale) after each ebb and flow of the waves. Each grain of sand that moves changes the outline of this beach, and its analysis even with the most sophisticated devices becomes complex or even chaotic. With regard to our card, these ebb and flow movements have been replaced by frequency variations. At a frequency x, the microlaser can be in a hollow, and at a frequency y, it can be on a bump. Because these hollows and bumps are imperceptible to sight and touch, it is impossible for a human to control them for wrongdoing. In addition to these obstacles coming from the physical structure of the card, others that are equally unpredictable can be added, such as the biometric and genetic data of the card owner, the variations in the time of the records, the corrections after writing some wrong information, etc.

By introducing chaos mathematic laws in cybersecurity, the  hope is to initiate other logic and other electronic circuits that go beyond the Boolean algebra. In fact, the Boolean logic is still utilized in our system, but some other parameters (based on our 5 hypotheses) help to significantly modify this logic by introducing, for the first time, some notions such as “the computer can protect itself” or it is possible, thanks to the evolution of technology, to conceive “some systems with limited compatibility."

Read Jean Jacques Raphael, Jean Claude Célestin and Eric Romuald Djiethieu's recent Journal article:

"Chaos to the Rescue," ISACA Journal, volume 4, 2019.


There are no comments yet for this post.