Security Model
The QECNet security model is built on defense-in-depth principles with cryptographic sovereignty as the foundational guarantee. The system assumes adversarial conditions at every network boundary.
Threat Model
The threat model assumes nation-state-level adversaries with capability to intercept network traffic, compromise endpoint devices, and conduct sustained multi-vector campaigns. The system is designed to maintain operational integrity even under partial compromise conditions.
All inter-node communication encrypted with post-quantum algorithms. Key material rotated on configurable schedules. Forward secrecy enforced.
Compromised nodes automatically isolated from the mesh. Key material on compromised nodes revoked. Neighboring nodes re-key independently.
Hardware trust anchors validated at boot. Firmware integrity verified against signed manifests. No remote provisioning of trust material.
All operator actions logged to immutable audit chain. Assisted mode requires explicit authorization. No single operator can override autonomous decisions.
Post-quantum key exchange (ML-KEM) deployed alongside classical algorithms. Hybrid mode ensures security against both classical and quantum adversaries.
Encryption Layers
QECNet implements encryption at four distinct layers. Each layer operates independently, ensuring that compromise of one layer does not expose data protected by other layers.
LAYER 4: APPLICATION AES-256-GCM (data-at-rest)
│ Per-record encryption keys
│ Hardware-backed key storage
│
LAYER 3: SESSION TLS 1.3 + ML-KEM-1024
│ Forward secrecy per session
│ Certificate pinning enforced
│
LAYER 2: MESH QKD-distributed symmetric keys
│ Continuous key refresh
│ Entanglement-verified channels
│
LAYER 1: TRANSPORT WireGuard tunnels (ChaCha20-Poly1305)
Point-to-point node encryption
Hardware entropy sourcesZero-Trust Enforcement
Every interaction within the QECNet mesh is authenticated and authorized independently. There is no implicit trust based on network position, previous authentication, or organizational hierarchy. Trust is established per-request through cryptographic proof.
Every API call, inter-node message, and operator action requires cryptographic authentication. Session tokens are non-transferable and scope-limited.
Node permissions are derived from function type. Grid nodes cannot issue defense commands. Operator roles are narrowly scoped to operational necessity.
The system continuously evaluates node integrity. Anomalous behavior triggers automatic re-authentication. Compromised nodes are isolated without consensus.
Network segmentation prevents lateral movement. Each sovereign boundary maintains independent authentication state. Cross-boundary traversal requires explicit key exchange.
Autonomous Response Framework
The autonomous response framework enables the decision engine to execute countermeasures without operator intervention. Response actions are constrained by pre-defined policy rules and are subject to post-execution audit review.
When assisted mode is enabled, autonomous actions require operator confirmation before execution. The decision engine still classifies and recommends, but execution is held pending manual approval. This mode is recommended during initial deployment and post-incident review periods.
Incident Classification
Active compromise confirmed. Autonomous response authorized. All affected nodes subject to immediate isolation. Key rotation initiated across sovereign mesh.
Strong indicators of attack. Correlation engine engaged. Pre-authorization of countermeasures pending threat classification completion.
Anomalous activity detected. Under investigation by classification engine. Monitoring posture elevated for affected segments.
Informational events. Baseline telemetry variations within acceptable parameters. Logged for trend analysis.
Boundary Controls
System boundaries enforce strict data flow controls. No data crosses a boundary without cryptographic envelope verification. Boundary controllers maintain independent audit logs and can operate autonomously during network partitions.