Over a year ago I wrote a blog post about how we protect users’ privacy when signing in to a GOV.UK service with GOV.UK Verify. In that post I gave an overview of some of the things we do to protect your data. Now I’m going to dig a little deeper into why we go further than most digital services where security is concerned.
Most users will know from headline news stories that cybercrime is an ever-growing threat, not just to big business and government, to all of us. In recent weeks articles in national newspapers have highlighted the risks of identity fraud in relation to online services resulting in the theft of personal information. What many people are unaware of is that malware is very widespread and an unprotected browser and device can be infected in just a few minutes.
There are precautions we can all take and sites such as Get Safe Online have some great advice. But even the most cautious of individuals can be fooled by a well crafted phishing attack or a simple public wifi hack so simple children can do it.
For GOV.UK Verify our basic assumption is that your device has already been compromised. That doesn’t mean you have been attacked or malware installed, it just means we can’t take the risk that something isn’t lurking in your browser trying to steal personal information. By taking this approach, we can best protect everyone from loss of data and identity fraud, whether or not their device has been compromised.
Protection beyond the browser
Our security is in multiple layers. Firstly, there are the more usual precautions you would expect to find in any digital service. These include designing GOV.UK Verify with security in mind and always using web standards such as HTTPS and TLS. This means we don’t expose your data unduly or ask you for data we don’t need. It also means we protect what is called the ‘transport layer’, the way data moves between your browser and a web server.
The next layer is concerned with the messages and data we use specifically for signing in to GOV.UK Verify and the service you’re trying to access. To protect your data in transit we use strong cryptography techniques to encrypt your data before it leaves one of our trusted companies or when we send that information on to the government service you are trying to access. So that we can trust the integrity of the data in each message passed between government services and our trusted companies, we also use those techniques to create a digital signature for each message and each data payload.
Why do we do all of this? Because we care about the integrity of those messages. For example, we want to know who created them and that they haven’t been changed as they pass from system to system. We also want to encrypt the personal data so that even if your browser or PC is compromised malware won’t be able to read that data either as it won’t be able to decrypt it without private keys that only the intended recipient has access to.
The final layer is monitoring. This monitoring is split into two areas: protective monitoring and transactional monitoring. Protective monitoring allows us to set controls and alerts across our infrastructure to identify anomalies in the use of GOV.UK Verify or to help in the identification of potentially fraudulent activity. Our transactional monitoring capability analyses the messages being sent through our infrastructure, as well as the devices being used to send those messages, helping our analysts and services to better detect attacks.
Security is an ongoing task
It doesn’t stop there. We are continually adding to our defences such as Cyber Threat Intelligence that alerts us to potential and known attacks or vulnerabilities, and monitoring and responding when a known compromised credential is being used. We also work with experts to continue to understand and respond quickly and effectively to rapidly developing security threats, technologies and approaches - we’ll be blogging more about that shortly.
Subscribe to the blog to keep up to date with GOV.UK Verify's ongoing development