EU AI Act Article 50 โ€” 20 days to seal | Get passport
๐Ÿ‰

Security Architecture Deep-Dive

DEFONEOS โ€” Zero-trust, quantum-safe, auditable-by-design sovereign defence AI

JP 936 READY PQC READY
33
BFT Council Agents
Ed25519
SIGIL Audit Chain
ML-DSA-65
Post-Quantum Ready
0-Trust
Network Model
7
Security Layers

๐Ÿ›ก๏ธ The 7-Layer Security Stack

Layer 7 โ€” AI Governance (BFT Council)
33-Agent Byzantine Fault Tolerant Decision Council

Every AI decision with operational impact passes through a 33-agent BFT council. Quorum of 23/33 required for execution. Any agent can veto. Council deliberations are SIGIL-logged. Prevents single-point-of-failure AI decisions and adversarial manipulation.

COUNCIL VOTE: deploy_drone_swarm_to_grid_S4 QUORUM: 23/33 required VOTE: 29 FOR / 3 ABSTAIN / 1 AGAINST โ†’ APPROVED SIGIL: f3a8b2c1...4e5f (Ed25519 signed)
Layer 6 โ€” Audit Trail (SIGIL Chain)
Ed25519 Hash-Chained Execution Ledger

Every action โ€” API call, AI inference, drone command, sensor reading โ€” is logged to the SIGIL chain. Each entry is Ed25519-signed and hash-chained to the previous entry. Tampering breaks the chain. The full ledger is replayable for after-action review and regulatory audit.

SIGIL ENTRY: ts: 2026-07-06T06:45:00Z actor: jeeves-agent-001 action: mcp_federation_call tool: sentinel-hub-mcp/get_satellite_imagery params: {bbox: [53.8, -1.5, 53.9, -1.4], date: "2026-07-06"} result_hash: sha256:a3f7e2... prev_sig: 763521b2d0... signature: cef92dd24c... (Ed25519)
Layer 5 โ€” Compliance (JSP 936 Generator)
Automated AI Assurance Report Generation

Every deployed AI model gets an auto-generated JSP 936 compliance report. Covers: model provenance, training data, bias testing, adversarial robustness, human-in-the-loop requirements, edge cases, decommissioning plan. Maps to UK AI Bill 2025, EU AI Act, and ISO 42001.

Layer 4 โ€” Cryptography (Quantum-Safe)
ML-DSA-65 (Dilithium) + ML-KEM-768 (Kyber) Ready

DEFONEOS implements NIST post-quantum cryptography standards. Digital signatures use ML-DSA-65 (CRYSTALS-Dilithium, security level 3). Key encapsulation uses ML-KEM-768 (CRYSTALS-Kyber). 90-day rotation cycle. Current deployment uses Ed25519 (classical) with PQC as dual-signing overlay โ€” ready for the quantum threat.

AlgorithmTypeNIST StandardSecurity LevelKey Size
ML-DSA-65 (Dilithium)SignatureFIPS 2043 (192-bit)1952 bytes pub
ML-KEM-768 (Kyber)Key ExchangeFIPS 2033 (192-bit)1184 bytes pub
Ed25519Signature (current)RFC 8032128-bit classical32 bytes pub
SHA-256HashFIPS 180-4128-bit32 bytes
Layer 3 โ€” Network (Zero-Trust)
mTLS + SPIFFE Identity + Microsegmentation

Every service-to-service connection uses mutual TLS. Each service has a cryptographic identity (SPIFFE/SPIRE). No implicit trust โ€” every request is authenticated, authorised, and logged. Network is microsegmented: sensor MCPs cannot talk to each other directly, only through the fusion engine. C2 commands flow through a dedicated control plane.

ComponentProtocolPortAuth
Sensor MCP โ†’ Fusion EnginegRPC + mTLS9090SPIFFE ID
Fusion Engine โ†’ Cesium COPWebSocket + TLS443JWT (Ed25519)
C2 (FreeTAKServer) โ†’ DronesCoT + DTLS8087/8089Pre-shared key + cert
SIGIL Ledger โ†’ StoragegRPC + mTLS9091SPIFFE + Ed25519
BFT Council โ†’ AgentsgRPC + mTLS9092SPIFFE + vote token
Admin / DashboardHTTPS + OAuth2443OIDC + RBAC
Layer 2 โ€” Platform (Hardened Containers)
Distroless Containers + seccomp + Read-Only Rootfs

All DEFONEOS services run in distroless containers (no shell, no package manager, no attack surface). Root filesystem is read-only. seccomp profiles restrict syscalls to a minimal whitelist. Each container runs as non-root (UID 65534). AppArmor profiles enforce additional MAC constraints.

Hardening ControlImplementationVerified
Container base imagegcr.io/distroless/python3 (no shell)โœ…
Root filesystemRead-only (readOnlyRootFilesystem: true)โœ…
Usernonroot (UID 65534)โœ…
seccompRuntimeDefault + custom deny-listโœ…
AppArmorCustom profile per serviceโœ…
CapabilitiesAll dropped (drop: ALL)โœ…
Privileged modeNever (privileged: false)โœ…
Image scanningTrivy + Grype on every buildโœ…
SBOMCycloneDX generated per imageโœ…
Layer 1 โ€” Physical (Sovereign Cloud)
UK Sovereign Cloud (MOD Cloud / Crown Commercial)

DEFONEOS runs on UK sovereign cloud infrastructure. No foreign data centres. No foreign jurisdiction. Data residency guaranteed under UK GDPR + DPA 2018. Options: MOD Cloud (preferred), UK Crown Commercial Service approved cloud (AWS London, Azure UK South, GCP London), or on-premise at MOD establishment.

Cloud OptionRegionSovereigntyClassification
MOD CloudUK (Farnborough)โœ… UK SovereignUp to SECRET
AWS London (eu-west-2)UK (London)โœ… UK Data ResidencyUp to OFFICIAL
Azure UK SouthUK (London)โœ… UK Data ResidencyUp to OFFICIAL
GCP London (europe-west2)UK (London)โœ… UK Data ResidencyUp to OFFICIAL
On-Premise (MOD Est.)UK (Site-specific)โœ… Full Air-GapUp to TOP SECRET

๐Ÿ” Threat Model & Mitigations

ThreatLikelihoodImpactMitigation
Adversarial AI input (poisoned sensor data)MediumHighMulti-source cross-validation (30 sources), anomaly detection (statistical + YOLOv8), BFT council veto
Model extraction attackLowMediumRate limiting, API authentication, no raw model weights exposed (inference only)
Supply chain compromise (MCP dependency)MediumHighSBOM per container, Trivy/Grype scanning, signed images (cosign), dependency pinning
Insider threatLowCriticalRBAC + least privilege, SPIFFE identity per service, SIGIL audit trail, BFT council for sensitive actions
Quantum computing (future)Low (5-10 yr)CriticalPQC ready (ML-DSA-65, ML-KEM-768), Ed25519 โ†’ PQC migration path defined
EM jamming / spoofingMediumHighMulti-frequency comms, MQTT bridge fallback, GPS/GNSS spoofing detection, INS dead-reckoning
Container escapeLowCriticalDistroless images, seccomp, AppArmor, no privileged containers, read-only rootfs
SIGIL chain tamperingVery LowCriticalEd25519 signatures, hash-chaining, external chain verification tool, PQC overlay
Drone hijackMediumCriticalDTLS encrypted C2, pre-shared keys per mission, geofence enforcement on-drone, failsafe RTL

๐Ÿ“‹ Compliance Mapping

FrameworkArticle / ControlDEFONEOS ImplementationStatus
JSP 936 (AI Assurance)Chapter 4 โ€” AI System Governance33-agent BFT council + SIGIL audit + JSP 936 report generatorโœ… Compliant
UK AI Bill 2025Section 3 โ€” TransparencySIGIL Ed25519 hash-chain for every AI decisionโœ… Compliant
UK GDPR / DPA 2018Article 22 โ€” Automated Decision-MakingHuman-in-the-loop for all operational decisions, BFT council veto rightโœ… Compliant
EU AI ActArticle 50 โ€” TransparencyArticle 50 passport issued for all AI-generated contentโœ… Compliant
ISO 42001AI Management SystemFull AI lifecycle governance via BFT council + SIGILโœ… Compliant
SOC 2 Type IISecurity, Availability, ConfidentialityZero-trust network, mTLS, audit trail, encrypted storageโœ… Ready
Cyber Essentials Plus5 ControlsFirewall, secure config, access control, malware protection, patch managementPENDING (Nick)
NIS Regulations 2018Security MeasuresNetwork segmentation, incident response, SIGIL chain forensicsโœ… Compliant
National Security Act 2023Section 1-3 โ€” Foreign Power ThreatUK sovereign cloud, no foreign data, SPIFFE identity, audit trailโœ… Compliant
JSP 440 (MOD Info Security)Chapter 5 โ€” Defence InformationClassification handling, access control, cryptographic protectionโœ… Compliant
JSP 604 (Physical Security)Asset ProtectionSovereign cloud, on-premise option, air-gap capabilityโœ… Ready

๐Ÿ”ง Security Operations (SecOps)

Continuous Monitoring

ControlToolFrequencyAlerting
SIGIL chain integrityChain verifier (automated)Every 15 minP0 alert if hash mismatch
Container vulnerabilitiesTrivy + GrypeEvery build + daily scanP1 alert for CRITICAL CVE
API anomaly detectionStatistical baseline + MLReal-timeP2 alert for >3ฯƒ deviation
BFT council vetoCouncil quorum checkPer decisionP0 alert if veto overridden
Network intrusionSuricata IDSReal-timeP1 alert for known signatures
Key rotationAutomated (90-day cycle)QuarterlyP2 alert if overdue
Drone telemetry anomalyPX4 flight monitorReal-timeP1 alert for geofence breach

Incident Response

PhaseActionTimeline
DetectSIGIL chain monitor / IDS / anomaly detection triggersT+0
TriageAuto-classify severity (P0-P3), page on-callT+5 min
ContainAuto-isolate affected service (network policy), freeze drone commandsT+15 min
InvestigateSIGIL chain replay, container forensics, network captureT+30 min
RemediatePatch / rotate keys / revoke identities / update rulesT+2 hours
ReportAuto-generate incident report from SIGIL chain, submit to MODT+24 hours