Transcript Web Presentation - Unbreakable security

Securing the World’s Information
Whitenoise Laboratories Inc. and the
Telecommunications Value Chain
Andre Brisson
[email protected]
[email protected]
Vision for consideration
• Killer applications and killer technology present business
opportunities.
• Last year Texas Instruments sold more chips than Intel.
They sold an old wireless chip that Nokia uses.
• Consider Blackberry phenomena. A mobile network of
choice.
We can do the same with a secure wireless hand
held OS and a software/firmware/chips solution!
The Big Questions – What if you had ……..?
An economical, efficient and scalable secure encryption
option
An economical, efficient and scalable secure network
architecture – one that can be deployed side-by-side with
existing network topologies like PKI, that can be an
alternative to the PKI topology, or can augment PKI
topologies by adding robust prevent and malfeasance
detection coupled with immediate revocation
Presentation Methodology
• The changing telecommunications industry
• Successful business model key points
• VOIP as a business model example for value chain
• Whitenoise value proposition and competitive advantage
http://cfp.mit.edu/groups/core-edge/docs/Core-Edge_story.pdf
We will use the above study as a template for examination.
The changing telecommunications industry
“Innovation anywhere/anytime/anybody”
• service and solutions providers
• consumers and clients
“Business success is all about control, which is why the focus of the initial
investigations was on the identification of control points and their
implementation within a particular communication architecture.”
“The issue of control is key for evaluating the success of innovation. The
“sudden strike” type of innovation became possible through being able to
flexibly place control points throughout the communication infrastructure.”
Value Chain Dynamics in the Telecommunications Industry 2004
Whitenoise Company Overview
• Secure technologies to protect data at rest and in transmission
• Patent licensing company – core technology Whitenoise encryption
• We provide an opportunity to control the value chain
• Same solution for now and the foreseeable future – 3g, 4g and Ng
• We provide the most secure encryption and the easiest to deploy network
architecture
Whitenoise overview –
• Extreme speed
• Extreme strength
• Smallest footprint and lowest processing requirements
• No additional hardware, services, or accelerators – lowest cost - highest margins
• Provides paradigm for expanding services/products on same architecture
Our value proposition becomes greater as the devices get smaller, the
q
network perimeters get larger, the Internet is more relied upon and as
the volume of content increases.
Points to determine success and sustainability
Scarcity – this is the most significant advancement in cryptography in 50 years.
• The algorithm is internationally patent (pending) protected.
• It is possible to restrict access to the algorithm to prevent new entrants.
• Interchangeability: How easily can other players in the market provide this control
point or the entire product? WN cannot be duplicated or copied without infringing
patent rights.
• Demand: The greatest problems across all information technologies are privacy
and the ability to protect data and content from pandemic theft. Consumers
demand privacy. Providers demand efficiency and security.
• Value: Absolute data security without any change in consumer use or behavior
• Time: The competitive advantages are sustainable over time because of the
uniqueness of the technology and its patent protection
Traditional Telecommunication Architecture
Just 20 years ago almost all telecom innovations were
controlled by the carrier. Now, more and more often, the
carrier is just the pipe to push data through. This is creating
new business models.
Four example business models for VOIP
Today’s Distributed Telecommunications Architecture
• VOIP in the backbone - provided by the carrier –
• Facility based VOIP – Voice over cable, VoDSL, voice over wireless
• VOIP over broadband – consumers who already have broadband – ISPs and VOIP
service provider are different entities
• Peer-to-peer VOIP – any form of Internet connection – download free voiceenabled application – Skype – (NOT preferred model – it is tough to start charging
for something that you have given for free.)
Value Chain Dynamics in the Telecommunications Industry 2004
iPod and iTunes as a model
iPods market dropped from 77% in 2004 to 14% in 2006 as cell
phones and MP3 players have entered the market.
• Proprietary technology but there were other formats and devices
• Strong digital rights management (protect revenue generation by
preventing theft of content)
• The technology ties the content to the device
• media is tied to the device (protects publishers)
• the device and hence the media is portable (protects the
consumer)
Whitenoise ties encrypted media to a device because the keys are
manufactured using the unique, device specific serial or NAM
number. This prevents theft of the key, the content and spoofing.
Whitenoise the algorithm is unique where a music player was not.
A secure distributed topology is identical to today’s architecture
An exact match!
What problem does Whitenoise solve?
• Provide prevention and detection and immediate revocation capacity
• Secures IP, content, and data at rest and in motion
• Best encryption security, speed and performance with the lowest
computational overhead and smallest footprint (either software or chips)
• Easiest scalability of network with fewest resources
• Provides an architecture (distributed) that is the most common and the
simplest with the fewest parts (ie it requires fewer services and players to
make it work than PKI paradigms).
• Allow easy creation of secure networks moving forward
• Allow the inclusion of legacy appliances like smart phones/routers
• One solution for all contexts
• Easiest scalability of strength and speed of protection and easiest
scalability of secure networks and secure services
• Co-exist with existing technologies like compression and systems that
Telecoms currently use i.e. PKI systems
• Provide world-class security with the smallest costs and largest margins
What target markets have you identified?
• wireless device (handhelds, OS, chips), service and network
providers
Symbian
Nokia
Siemens
Intel
Texas
Instruments
Microsoft CE
Motorola
Samsung
Lenova
Fijitsu
Panasonic
LG
Cisco
Nortel
Telcoms
Service
All your clients are easy to place in the value chain!
Content
What products are you creating and who will buy them?
Whitenoise is a core technology that secures both
the products and content of other
technology providers –
we want to work with communications OS
makers and core architecture players .
What products are you building that can use the
competitive advantage of security?
• Secure hand held devices
static deployment, point-to-point and network security
• Building security – (DIVA – preventing Identity Theft)
• Handheld OS - ( target client)
• Utility Monitoring –(telematic – low energy space)
• Surveillance – (media streaming)
• Financial – ecommerce, banking, digital commerce
• Media Streaming – movies, music, gaming
• Tunnel – static point-to-point and dynamic tunneling
• Secure hardware deployments – chips
• Routers (target client)
Secure File Interchange – Dynamic Distributed Key systems
Enabling a high performance OS will facilitate secure:
• Movie on demand
• Music on demand
• Games on demand
• File exchange on handhelds
• Secure financial transactions from handheld devices
• Secure many-to-one and one-to-many connections
i.e teleconferencing
• Robust and secure connectivity with scalability
Who are the eventual end users for the core WN technology?
The Value Chain
• Our target end-users are the hand held operating systems manufacturers,
chips/boards manufacturers, and software applications developers.
• Our end-users, like hand held operating system developers, target hardware
mfgs (handset mfgs)
• Handset mfgs target backbone service providers (like telecoms) and content
providers
• Collectively, we all provide the general consumers the greatest flexibility,
privacy, and secure applications/solutions/products that are inherently safe
and don’t require training for “inoculation”
• Collectively we streamline the delivery of secure services and minimize
provision costs
What does the deliverable consist of and what will an end
user see?
The consumer will
• Have a choice between secure and insecure communications and services
• They will have increased confidence in their privacy and identity protection
• Their use and viewing experience will remain the same (no latency, no slow
downloads etc.)
Your clients will see
• The ease and economies of deploying most secure solutions in software
(Symbian, MS CE, SMS)
• The ease of exploiting the underlying distributed architecture for secure content
delivery like games, movies and music
• Scalable architecture for new services and products (network providers)
• Reduction in theft (content and application providers)
• Control of channel/property/value (core OS players)
• End user - no impact on their experience – impact on delivery security
Who does WNL sell this deliverable too?
• OS
manufacturers like Symbian and Microsoft CE
• Flexible handheld monitoring platforms
• Video surveillance equipment manufacturers (bit independence critical)
• Multimedia delivery platforms (content providers)
• Chip makers like Intel, ATI, Texas Instruments, OMAP, Samsung, PMC
Sierra, Free Scale
• Device manufacturers that need secure enterprise solutions (ie handset
makers Nokia, Ericsson etc.)
• Computers for education market and control class content and value
(remote learning)
• Telematic component manufacturers – ie utilities, energy consumption
monitors
• Applications for fleet management and mobile workers
• Wireless building monitoring, maintenance and surveillance
• Mobile computing solutions providers
• Defense contractors – mobile and mesh wireless network solutions
Characteristics of Whitenoise that make it ideal for wireless
• Highly secure
• Extreme speed so that voice, applications and media have
no perceptible latency caused by encrypting/decrypting
process
• Bit independence – a flipped bit does not corrupt balance
of the transmission • Economical architecture – easily scalable (multi server –
multi-control points) – vend in to secure static appliances,
peer-to-peer and network appliances
• Scarcity - this is a new generation encryption algorithm –
proprietary and protected by patents (pending) and
licensing
The balance of this presentation is an addendum taken from a
presentation given at the West Coast Security Forum 2005.
This addendum covers two cell phone topologies or
approaches on a wireless network.
Examples of these wireless network topologies are provided in the West
Coast Security Forum Presentation and Dynamic Distributed Key
Infrastructures at http://www.wnlabs.com/technology.html.
Streaming Encryption and Distributed
Identity and Authentication
In The
Cellular and Communications
Environment
6 Sept 2005
Encryption:
Prevents any non-authorized party from reading or changing data. The level of
protection provided by encryption is determined by an encryption algorithm. In a
brute-force attack, the strength is measured by the number of possible keys and the
key size.
Cellular Phone Setup
RT
Circuitry
CODEC
x
Secure
x
Stream Cipher Encryption
S/W or H/W
(250 KB)
Key Database
Session Key reception function
Integration of Authentication Key
Secure Transmission Button
NB: Data and Multi-media not dealt with
Encrypted Cellular Traffic Scenario 1
• Cellphone contains unique “Distributed Private” key for Authentication
• Unsecured Point-to-point call is established
• Requests Secure Call
• Selects session Key from menu ( like selecting channel)
• Phone Sends Key identifier to called party
• Communication with user Via menu
• Accepts Secure call by pressing Secure button
Landline access requires point-ofpresence equipment
Secure
The Private Key is distributed once encrypted. Session keys, when needed, are NEVER
transmitted in an unencrypted state. This prevents Man-in-the-Middle and key piracy.
1. Request is transmitted with Private Key
Private
Secured Key Vault
Authenticated
Key
2. Session key is distributed encrypted with A’s private key.
1.
Distributed Authenticated Key
•
Key is manufactured specific to a device ie flash memory or device like a cell phone
•
The key is made unique to that device by association with a device specific number ie serial # or NAM
•
The Private Key is NEVER transmitted electronically. It is distributed once securely encrypted. The user is
authenticated by possession of the key. Second and third factors are added for additional security ie
Username and Password (additional unique identifiers).
•
This is your Private key and it is already Authenticated by possession of the device that is pre-distributed.
2.
Secured Key Vault
•
Firewalls, VPN, encrypted
•
In some paradigms, a session key is required. “A” sends a request, encrypted with their private key to the key
vault and a session key is generated or selected. This session key is then sent back encrypted in A’s private key
which has Never been transmitted.
Enabling Distributed Session Keys
• Create a data base of pre-engineered session keys
• Cell phone owner selects Session keys from list
• Similar to Downloading Ring tones
Key Database
• Database contains user’s NAM/Private Key pair
• Session Key is sent encrypted using Private Key to user’s handset & decrypted
• Prevents interception by third party
• User notifies other trusted parties which Session Key(s) he is using for them
• They go to database and choose same key(s) for communication with that
individual
• Keys are transmitted encrypted in their Private Key and decrypted and reside in
memory for the session.
• During secure call setup Session Key is selected and agreed upon between
Cellphones
• Transmit/Receive orientation and offset is completed
• At the end of the session, the transmission key is disabled and this transmission
key then resides on the handset in an encrypted state, so it can’t be copied and
used. (The transmission key is only decrypted into memory for use.)
• Subsequent Secure Sessions enabled without transmission of keys. The unique
session key for that pair of communicants is decrypted into memory based on the
handsets private encrypted authentication key and its unique NAM number
which is used to set the offset for the session.
Encrypted Cellular Traffic Scenario 2 - No key exchange
Cards created for predefined groups
Security Key inserts encryption Alg & Key
Conversation Point-to-Point Non-Tappable
SD
Secure
SD
SD
Summary of Distributed Key Authentication, Identity
Management, and Identity data architectures
No lengthy delays in obtaining session keys as the authenticated key is
carried with the individual.
1.
2.
No delay at all in the revocation of an assigned key, once reported lost or
stolen, as the system is under the control of the in-house IT staff and can be
deactivated with a simple command.
3.
The ability to transmit information securely between trusted members of
the network over virtually any digital media including the Internet, wireless,
satellite etc. with full assurance that it is getting to the right individual.
Transmitted data cannot be intercepted and read by a man in the middle, as
they do not have the authentication key.
4.
The system allows for the transmission of signals from one individual to
many in one simple operation. The unique speed of the algorithm provides
the ability of trans-encrypting signals from the originator’s key into a format
that can be read by each of the recipient’s unique keys.
5.
The transmission for telecommunications is fault tolerant since it is bit
independent.
BCTIA Most Promising Start Up
Award 2004
BCTIA Technology
Award 2005
Securing the World’s Information
A Scalable Architecture for Authentication and
Identity Management
BCTIA Most Promising Start Up
Award 2004
Securing the World’s Information
BCTIA Technology
Award 2005
WCSF
CIPS Vancouver Security Special Interest Group (Security SIG)
Information Systems Audit and Control Association
(ISACA) Information Systems
Information System Security Association (ISSA)®
Canadian Information Processing Society (CIPS)
Associations – BCTIA and WinBC
Schools – British Columbia Institute of Technology and University of Victoria
Government – Industry Canada, the National Research Council, and Western Diversification
Business – Deloitte & Touche