In CyberNEMO, we’re building a Zero Trust Network Access (ZTNA) solution where every access decision is based on verifiable evidence. One of the core building blocks of this architecture is the Notary component, powered by our Transparent Notary Service (TNS).
What is the Transparent Notary Service (TNS)?
The TNS is essentially a digital notary for network evidence. Its job isn’t to decide whether a piece of evidence is good or bad, but to make sure that once evidence is registered, it stays immutable, timestamped, and cryptographically verifiable.
The TNS uses a lightweight append-only ledger. Each signed statement (such as a configuration attestation, event log, or policy proof) is stored in an immutable data structure like a Merkle tree. This allows anyone to verify inclusion and consistency without having to trust the notary itself.
How it works
- Issuers sign statements using IETF’s COSE (CBOR Object Signing and Encryption) with algorithms like ECDSA or EdDSA.
- The Notary logs the statement, storing it in the append-only ledger.
- A receipt is generated that acts as proof of inclusion
- A Transparent Statement is generated including the original statement along with its receipt
- Relying parties can verify the statement’s authenticity and timestamp independently using the TNS public key
This design ensures that if someone tries to tamper with evidence or hide a log entry, it becomes immediately detectable.
Why this matters for ZTNA
ZTNA is all about “never trust, always verify.” But verification needs to be trustworthy too. By introducing a tamper-evident, verifiable notary into CyberNEMO, we:
-
Create strong audit trails for security events.
-
Improve accountability and compliance by preserving evidence.
-
Allow independent verification of access decisions without centralizing trust.
In other words, the Notary helps make our Zero Trust architecture provably trustworthy.