Post-quantum cryptography. Zero Trust networking. JSP 440 compliance. Air-gapped deployment. Ed25519 SIGIL chain. Every byte sovereign British. Every action auditable.
NIST ML-DSA-65 (Dilithium) signatures + ML-KEM-768 (Kyber) key exchange. Quantum-resistant by design.
No implicit trust. Every request authenticated, authorised, logged. Microsegmentation per service.
UK MoD JSP 440 security policy. OFFICIAL-SENSITIVE ready. Air-gap capable deployment.
Hash-chained, Ed25519-signed audit trail. Every API call, vote, and decision cryptographically verifiable.
DEFONEOS assumes a hostile environment. The system is designed to operate under active cyber attack, with compromised nodes in the network, and adversarial AI attempting to manipulate decisions.
| Threat | Vector | Mitigation | Residual Risk |
|---|---|---|---|
| Quantum decryption | Harvest-now-decrypt-later | PQC (ML-DSA, ML-KEM) | ๐ด None |
| Byzantine agents | Compromised AI agent votes maliciously | BFT 33-agent council (tolerates f=11) | ๐ข Low |
| Supply chain attack | Malicious MCP server or package | Morris-II worm scanner + Aegis gate | ๐ก Medium |
| Prompt injection | Adversarial input via sensor data | Input sanitisation + BFT human-gate on lethal action | ๐ก Medium |
| Insider threat | Operator with credentials goes rogue | 2-person rule + BFT consensus + SIGIL audit trail | ๐ข Low |
| Network compromise | MITM on command data link | Ed25519 signed MAVLink + TLS 1.3 | ๐ข Low |
| Side-channel | Power/EM analysis on edge node | TEMPEST hardening + air-gap option | ๐ก Medium |
| Data exfiltration | Sovereign data sent to foreign cloud | Sovereign VMs only. DORADO foreign-access detector. | ๐ข Low |
Ed25519 DID identity for every agent. No anonymous actions. API keys are Ed25519-signed JWTs.
SIGIL hash chain. Any tampering breaks the chain and is immediately detectable by verify_chain.
Every action is signed and logged. Agents cannot deny their actions โ cryptographic proof.
PII redaction layer. Sovereign VMs only. No data leaves the sovereign network without explicit authorisation.
BFT consensus tolerates 33% offline nodes. Edge nodes operate autonomously if cloud link severed.
Least-privilege per tool. Tier-based access. Lethal-force tools require BFT consensus + human authorisation.
DEFONEOS uses NIST-standardised post-quantum algorithms to protect against harvest-now-decrypt-later attacks. A quantum adversary recording today's traffic cannot decrypt it once a quantum computer becomes available.
| Layer | Algorithm | NIST Standard | Use |
|---|---|---|---|
| Signatures (primary) | ML-DSA-65 (Dilithium) | FIPS 204 | SIGIL chain, DID identity |
| Key Exchange | ML-KEM-768 (Kyber) | FIPS 203 | TLS 1.3 PQ hybrid |
| Signatures (fallback) | Ed25519 | RFC 8032 | Fast path, backwards compat |
| Hashing | SHA-3-256 | FIPS 202 | SIGIL chain links |
| Symmetric | AES-256-GCM | FIPS 197 | Data at rest |
| TLS | TLS 1.3 + Kyber | RFC 9320 | Transport security |
Automated 90-day key rotation cycle via DORADO:
DEFONEOS implements a Zero Trust security model. No entity is trusted by default. Every request is authenticated, authorised, encrypted, and logged.
Every agent, service, and user has a W3C DID with an Ed25519 keypair. No anonymous access. Identity verified on every request.
Ed25519-signed JWTs for session auth. ML-KEM key exchange for PQC-safe TLS. Tokens expire in 1 hour. Refresh requires re-authentication.
Four tiers: Free (read), Pro (tools), Governance (BFT + council), Enterprise (multi-region + PQC). Each tool declares minimum tier.
Each MCP server runs in its own container with minimal network access. Service mesh (Istio/Linkerd) enforces mTLS between services.
DORADO monitors every API call. Foreign IP access attempts flagged. Bot detector scores each request. Anomalies trigger SIGIL alerts.
Every action written to immutable, hash-chained, Ed25519-signed SIGIL ledger. Regulators can replay the entire chain with dorado_replay.
| Zone | Trust Level | Access | Example |
|---|---|---|---|
| Edge (tactical) | Zero | Air-gapped or tactical radio | PX4 drone companion computer |
| Fog (field) | Low | Tactical network + mTLS | Field command post (TAK server) |
| Cloud (sovereign) | Medium | UK sovereign VMs only | MCP federation, BFT council |
| Sovereign Core | High | Physical access required | Key management, HSM |
DEFONEOS can operate fully air-gapped for classified environments. No internet dependency. All models, data, and tools run on-premise.
| Component | Size | Delivery |
|---|---|---|
| SOV3 Ollama models (4x) | 7 GB | USB / secure courier |
| DEFONEOS MCP servers (30) | 50 MB | Python packages on encrypted USB |
| Cesium globe tiles (UK) | 2 GB | Pre-cached OS OpenData |
| DEM data (OS Terrain 5) | 1.5 GB | Pre-cached |
| RL swarm policies | 200 MB | Pre-trained ONNX models |
| SIGIL chain snapshot | Variable | Last known-good chain |
Updates delivered via encrypted USB. Two-person rule for insertion. SHA-3-256 integrity check on every file. SIGIL logs the update event.
JSP 440 is the UK MoD manual of security documents. DEFONEOS maps its security architecture to JSP 440 requirements for defence accreditation.
| JSP 440 Area | Requirement | DEFONEOS Implementation | Status |
|---|---|---|---|
| Ch. 2: Personnel Security | SC clearance for operators | RBAC enforces clearance level. Unclassified users get read-only. | ๐ก Configurable |
| Ch. 3: Physical Security | Physical access controls on core | Sovereign Core zone requires physical access. HSM for keys. | ๐ก Site-specific |
| Ch. 4: Info Security | Classification marking + handling | Every SIGIL tagged with classification. OFFICIAL / OFFICIAL-SENSITIVE / SECRET. | ๐ข Implemented |
| Ch. 5: COMSEC | Key management + crypto | PQC key rotation 90-day. HSM-backed. ML-DSA-65. | ๐ข Implemented |
| Ch. 6: TEMPEST | EM emanation control | TEMPEST-hardened edge nodes available. Air-gap option for SECRET. | ๐ก Hardware-dependent |
| Ch. 7: Audit | Tamper-evident audit trail | SIGIL hash chain + Ed25519 signatures. verify_chain tool. | ๐ข Implemented |
| Ch. 8: Incident Response | Incident detection + reporting | DORADO real-time monitoring. Auto-SIGIL on anomalies. | ๐ข Implemented |
| Ch. 9: Accreditation | RMADS (Risk Management) | Full RMADS template generated by jsp936_generate tool. | ๐ข Implemented |