EU AI Act Article 50 โ€” 20 days to seal | Get passport

๐Ÿ” Security Architecture

Post-quantum cryptography. Zero Trust networking. JSP 440 compliance. Air-gapped deployment. Ed25519 SIGIL chain. Every byte sovereign British. Every action auditable.

PQC

Post-Quantum Crypto

NIST ML-DSA-65 (Dilithium) signatures + ML-KEM-768 (Kyber) key exchange. Quantum-resistant by design.

Zero Trust

Network Model

No implicit trust. Every request authenticated, authorised, logged. Microsegmentation per service.

JSP 440

Compliance

UK MoD JSP 440 security policy. OFFICIAL-SENSITIVE ready. Air-gap capable deployment.

Ed25519

SIGIL Chain

Hash-chained, Ed25519-signed audit trail. Every API call, vote, and decision cryptographically verifiable.

๐Ÿ›ก๏ธ Threat Model
๐Ÿ” PQC Cryptography
๐ŸŒ Zero Trust Network
โšก Air-Gap Deploy
๐Ÿ“‹ JSP 440 Controls

๐Ÿ›ก๏ธ DEFONEOS Threat Model

DEFONEOS assumes a hostile environment. The system is designed to operate under active cyber attack, with compromised nodes in the network, and adversarial AI attempting to manipulate decisions.

ThreatVectorMitigationResidual Risk
Quantum decryptionHarvest-now-decrypt-laterPQC (ML-DSA, ML-KEM)๐Ÿ”ด None
Byzantine agentsCompromised AI agent votes maliciouslyBFT 33-agent council (tolerates f=11)๐ŸŸข Low
Supply chain attackMalicious MCP server or packageMorris-II worm scanner + Aegis gate๐ŸŸก Medium
Prompt injectionAdversarial input via sensor dataInput sanitisation + BFT human-gate on lethal action๐ŸŸก Medium
Insider threatOperator with credentials goes rogue2-person rule + BFT consensus + SIGIL audit trail๐ŸŸข Low
Network compromiseMITM on command data linkEd25519 signed MAVLink + TLS 1.3๐ŸŸข Low
Side-channelPower/EM analysis on edge nodeTEMPEST hardening + air-gap option๐ŸŸก Medium
Data exfiltrationSovereign data sent to foreign cloudSovereign VMs only. DORADO foreign-access detector.๐ŸŸข Low

STRIDE Analysis

S

Spoofing

Ed25519 DID identity for every agent. No anonymous actions. API keys are Ed25519-signed JWTs.

T

Tampering

SIGIL hash chain. Any tampering breaks the chain and is immediately detectable by verify_chain.

R

Repudiation

Every action is signed and logged. Agents cannot deny their actions โ€” cryptographic proof.

I

Information Disclosure

PII redaction layer. Sovereign VMs only. No data leaves the sovereign network without explicit authorisation.

D

Denial of Service

BFT consensus tolerates 33% offline nodes. Edge nodes operate autonomously if cloud link severed.

E

Elevation of Privilege

Least-privilege per tool. Tier-based access. Lethal-force tools require BFT consensus + human authorisation.

๐Ÿ” Post-Quantum Cryptography

DEFONEOS uses NIST-standardised post-quantum algorithms to protect against harvest-now-decrypt-later attacks. A quantum adversary recording today's traffic cannot decrypt it once a quantum computer becomes available.

Cryptographic Stack

LayerAlgorithmNIST StandardUse
Signatures (primary)ML-DSA-65 (Dilithium)FIPS 204SIGIL chain, DID identity
Key ExchangeML-KEM-768 (Kyber)FIPS 203TLS 1.3 PQ hybrid
Signatures (fallback)Ed25519RFC 8032Fast path, backwards compat
HashingSHA-3-256FIPS 202SIGIL chain links
SymmetricAES-256-GCMFIPS 197Data at rest
TLSTLS 1.3 + KyberRFC 9320Transport security

Key Rotation

Automated 90-day key rotation cycle via DORADO:

# Check rotation status dorado_key_rotation(action="status") โ†’ {last_rotation: "2026-06-15", next_due: "2026-09-13", algo: "ML-DSA-65"} # Rotate now (requires BFT consensus) dorado_key_rotation(action="rotate") โ†’ {old_key_revoked: true, new_key_active: true, sigil: "..."}

Sovereignty Proof (ZK-SNARK)

# Prove data stayed sovereign without revealing contents dorado_prove_sovereignty(data_id="mission-001") โ†’ {proof: "zk1q...", verified: true, "Proves data never left UK sovereign VMs"}

๐ŸŒ Zero Trust Network Architecture

DEFONEOS implements a Zero Trust security model. No entity is trusted by default. Every request is authenticated, authorised, encrypted, and logged.

1

Identity (DID + Ed25519)

Every agent, service, and user has a W3C DID with an Ed25519 keypair. No anonymous access. Identity verified on every request.

2

Authentication (JWT + PQC)

Ed25519-signed JWTs for session auth. ML-KEM key exchange for PQC-safe TLS. Tokens expire in 1 hour. Refresh requires re-authentication.

3

Authorisation (Tier-based RBAC)

Four tiers: Free (read), Pro (tools), Governance (BFT + council), Enterprise (multi-region + PQC). Each tool declares minimum tier.

4

Microsegmentation

Each MCP server runs in its own container with minimal network access. Service mesh (Istio/Linkerd) enforces mTLS between services.

5

Continuous Verification

DORADO monitors every API call. Foreign IP access attempts flagged. Bot detector scores each request. Anomalies trigger SIGIL alerts.

6

Audit (SIGIL Chain)

Every action written to immutable, hash-chained, Ed25519-signed SIGIL ledger. Regulators can replay the entire chain with dorado_replay.

Network Segmentation

ZoneTrust LevelAccessExample
Edge (tactical)ZeroAir-gapped or tactical radioPX4 drone companion computer
Fog (field)LowTactical network + mTLSField command post (TAK server)
Cloud (sovereign)MediumUK sovereign VMs onlyMCP federation, BFT council
Sovereign CoreHighPhysical access requiredKey management, HSM

โšก Air-Gapped Deployment

DEFONEOS can operate fully air-gapped for classified environments. No internet dependency. All models, data, and tools run on-premise.

Air-Gap Package Contents

ComponentSizeDelivery
SOV3 Ollama models (4x)7 GBUSB / secure courier
DEFONEOS MCP servers (30)50 MBPython packages on encrypted USB
Cesium globe tiles (UK)2 GBPre-cached OS OpenData
DEM data (OS Terrain 5)1.5 GBPre-cached
RL swarm policies200 MBPre-trained ONNX models
SIGIL chain snapshotVariableLast known-good chain

Deployment Steps

# 1. Install on air-gapped machine sudo dpkg -i defoneos-offline-1.0.deb # 2. Import models defoneos models import --from /media/secure-usb/models/ # 3. Import MCP packages defoneos mcp install --from /media/secure-usb/mcps/ # 4. Initialize SIGIL chain defoneos sigil init --sovereign # 5. Launch substrate (no internet needed) defoneos launch --offline # 6. Verify defoneos health check โ†’ โœ“ 30 MCP servers running โ†’ โœ“ 4 models loaded โ†’ โœ“ SIGIL chain initialized โ†’ โœ“ Cesium globe cached โ†’ โœ“ Swarm policies loaded

Sneaker-Net Updates

Updates delivered via encrypted USB. Two-person rule for insertion. SHA-3-256 integrity check on every file. SIGIL logs the update event.

๐Ÿ“‹ JSP 440 Security Controls Mapping

JSP 440 is the UK MoD manual of security documents. DEFONEOS maps its security architecture to JSP 440 requirements for defence accreditation.

JSP 440 AreaRequirementDEFONEOS ImplementationStatus
Ch. 2: Personnel SecuritySC clearance for operatorsRBAC enforces clearance level. Unclassified users get read-only.๐ŸŸก Configurable
Ch. 3: Physical SecurityPhysical access controls on coreSovereign Core zone requires physical access. HSM for keys.๐ŸŸก Site-specific
Ch. 4: Info SecurityClassification marking + handlingEvery SIGIL tagged with classification. OFFICIAL / OFFICIAL-SENSITIVE / SECRET.๐ŸŸข Implemented
Ch. 5: COMSECKey management + cryptoPQC key rotation 90-day. HSM-backed. ML-DSA-65.๐ŸŸข Implemented
Ch. 6: TEMPESTEM emanation controlTEMPEST-hardened edge nodes available. Air-gap option for SECRET.๐ŸŸก Hardware-dependent
Ch. 7: AuditTamper-evident audit trailSIGIL hash chain + Ed25519 signatures. verify_chain tool.๐ŸŸข Implemented
Ch. 8: Incident ResponseIncident detection + reportingDORADO real-time monitoring. Auto-SIGIL on anomalies.๐ŸŸข Implemented
Ch. 9: AccreditationRMADS (Risk Management)Full RMADS template generated by jsp936_generate tool.๐ŸŸข Implemented

Classification Handling

# Every SIGIL carries a classification marker sigil_emit(line="C|mission|launch|Area SE-1444 sweep", classification="OFFICIAL") sigil_emit(line="C|target|detect|Hostile UAV bearing 142ยฐ", classification="OFFICIAL-SENSITIVE") sigil_emit(line="C|bft|vote|Engage Alpha-7 FOR", classification="SECRET") # Export only declassified events sigil_export(classification_max="OFFICIAL-SENSITIVE") โ†’ "SECRET events remain on sovereign chain, not exported"
DEFONEOS Security Architecture ยท PQC ยท Zero Trust ยท JSP 440 ยท Air-Gap ยท SIGIL ยท UK Sovereign ยท CSOAI Certified