Presentation on theme: "Securing the Worlds Information Andre Brisson Whitenoise Laboratories Inc. and the Telecommunications Value Chain."— Presentation transcript:
Securing the Worlds Information Andre Brisson Whitenoise Laboratories Inc. and the Telecommunications Value Chain
Killer applications and killer technology present business opportunities. Last year Texas Instruments sold more chips than Intel. They sold an old wireless chip that Nokia uses. Vision for consideration Consider Blackberry phenomena. A mobile network of choice. We can do the same with a secure wireless hand held OS and a software/firmware/chips solution!
An economical, efficient and scalable secure encryption option An economical, efficient and scalable secure network architecture – one that can be deployed side-by-side with existing network topologies like PKI, that can be an alternative to the PKI topology, or can augment PKI topologies by adding robust prevent and malfeasance detection coupled with immediate revocation The Big Questions – What if you had ……..?
Presentation Methodology The changing telecommunications industry Successful business model key points VOIP as a business model example for value chain Whitenoise value proposition and competitive advantage We will use the above study as a template for examination.
Business success is all about control, which is why the focus of the initial investigations was on the identification of control points and their implementation within a particular communication architecture. The issue of control is key for evaluating the success of innovation. The sudden strike type of innovation became possible through being able to flexibly place control points throughout the communication infrastructure. Value Chain Dynamics in the Telecommunications Industry 2004 The changing telecommunications industry Innovation anywhere/anytime/anybody service and solutions providers consumers and clients
Extreme speed Extreme strength Smallest footprint and lowest processing requirements No additional hardware, services, or accelerators – lowest cost - highest margins Provides paradigm for expanding services/products on same architecture Whitenoise Company Overview Secure technologies to protect data at rest and in transmission Patent licensing company – core technology Whitenoise encryption We provide an opportunity to control the value chain Same solution for now and the foreseeable future – 3g, 4g and Ng We provide the most secure encryption and the easiest to deploy network architecture Our value proposition becomes greater as the devices get smaller, the network perimeters get larger, the Internet is more relied upon and as the volume of content increases. Whitenoise overview –
Interchangeability : How easily can other players in the market provide this control point or the entire product? WN cannot be duplicated or copied without infringing patent rights. Demand: The greatest problems across all information technologies are privacy and the ability to protect data and content from pandemic theft. Consumers demand privacy. Providers demand efficiency and security. Value: Absolute data security without any change in consumer use or behavior Time: The competitive advantages are sustainable over time because of the uniqueness of the technology and its patent protection Points to determine success and sustainability Scarcity – this is the most significant advancement in cryptography in 50 years. The algorithm is internationally patent (pending) protected. It is possible to restrict access to the algorithm to prevent new entrants.
Traditional Telecommunication Architecture Just 20 years ago almost all telecom innovations were controlled by the carrier. Now, more and more often, the carrier is just the pipe to push data through. This is creating new business models.
VOIP in the backbone - provided by the carrier – Facility based VOIP – Voice over cable, VoDSL, voice over wireless VOIP over broadband – consumers who already have broadband – ISPs and VOIP service provider are different entities Peer-to-peer VOIP – any form of Internet connection – download free voice- enabled application – Skype – (NOT preferred model – it is tough to start charging for something that you have given for free.) Value Chain Dynamics in the Telecommunications Industry 2004 Four example business models for VOIP Todays Distributed Telecommunications Architecture
iPod and iTunes as a model Proprietary technology but there were other formats and devices Strong digital rights management (protect revenue generation by preventing theft of content) The technology ties the content to the device media is tied to the device (protects publishers) the device and hence the media is portable (protects the consumer) iPods market dropped from 77% in 2004 to 14% in 2006 as cell phones and MP3 players have entered the market. Whitenoise ties encrypted media to a device because the keys are manufactured using the unique, device specific serial or NAM number. This prevents theft of the key, the content and spoofing. Whitenoise the algorithm is unique where a music player was not.
A secure distributed topology is identical to todays architecture An exact match!
What problem does Whitenoise solve? Provide prevention and detection and immediate revocation capacity Secures IP, content, and data at rest and in motion Best encryption security, speed and performance with the lowest computational overhead and smallest footprint (either software or chips) Easiest scalability of network with fewest resources Provides an architecture (distributed) that is the most common and the simplest with the fewest parts (ie it requires fewer services and players to make it work than PKI paradigms). Allow easy creation of secure networks moving forward Allow the inclusion of legacy appliances like smart phones/routers One solution for all contexts Easiest scalability of strength and speed of protection and easiest scalability of secure networks and secure services Co-exist with existing technologies like compression and systems that Telecoms currently use i.e. PKI systems Provide world-class security with the smallest costs and largest margins
What target markets have you identified? wireless device (handhelds, OS, chips), service and network providers Symbian Nokia Siemens Intel Texas Instruments Microsoft CE Motorola Samsung Lenova Fijitsu Panasonic LG Cisco Nortel Telcoms Service Content All your clients are easy to place in the value chain!
What products are you creating and who will buy them? Whitenoise is a core technology that secures both the products and content of other technology providers – we want to work with communications OS makers and core architecture players.
What products are you building that can use the competitive advantage of security? Secure hand held devices static deployment, point-to-point and network security Building security – (DIVA – preventing Identity Theft) Handheld OS - ( target client) Utility Monitoring –(telematic – low energy space) Surveillance – (media streaming) Financial – ecommerce, banking, digital commerce Media Streaming – movies, music, gaming Tunnel – static point-to-point and dynamic tunneling Secure hardware deployments – chips Routers (target client)
Secure File Interchange – Dynamic Distributed Key systems Movie on demand Music on demand Games on demand File exchange on handhelds Secure financial transactions from handheld devices Secure many-to-one and one-to-many connections i.e teleconferencing Robust and secure connectivity with scalability Enabling a high performance OS will facilitate secure:
Who are the eventual end users for the core WN technology? Our target end-users are the hand held operating systems manufacturers, chips/boards manufacturers, and software applications developers. Our end-users, like hand held operating system developers, target hardware mfgs (handset mfgs) Handset mfgs target backbone service providers (like telecoms) and content providers Collectively, we all provide the general consumers the greatest flexibility, privacy, and secure applications/solutions/products that are inherently safe and dont require training for inoculation Collectively we streamline the delivery of secure services and minimize provision costs The Value Chain
What does the deliverable consist of and what will an end user see? The consumer will Have a choice between secure and insecure communications and services They will have increased confidence in their privacy and identity protection Their use and viewing experience will remain the same (no latency, no slow downloads etc.) Your clients will see The ease and economies of deploying most secure solutions in software (Symbian, MS CE, SMS) The ease of exploiting the underlying distributed architecture for secure content delivery like games, movies and music Scalable architecture for new services and products (network providers) Reduction in theft (content and application providers) Control of channel/property/value (core OS players) End user - no impact on their experience – impact on delivery security
Who does WNL sell this deliverable too? OS manufacturers like Symbian and Microsoft CE Flexible handheld monitoring platforms Video surveillance equipment manufacturers (bit independence critical) Multimedia delivery platforms (content providers) Chip makers like Intel, ATI, Texas Instruments, OMAP, Samsung, PMC Sierra, Free Scale Device manufacturers that need secure enterprise solutions (ie handset makers Nokia, Ericsson etc.) Computers for education market and control class content and value (remote learning) Telematic component manufacturers – ie utilities, energy consumption monitors Applications for fleet management and mobile workers Wireless building monitoring, maintenance and surveillance Mobile computing solutions providers Defense contractors – mobile and mesh wireless network solutions
Characteristics of Whitenoise that make it ideal for wireless Highly secure Extreme speed so that voice, applications and media have no perceptible latency caused by encrypting/decrypting process Bit independence – a flipped bit does not corrupt balance of the transmission - Economical architecture – easily scalable (multi server – multi-control points) – vend in to secure static appliances, peer-to-peer and network appliances Scarcity - this is a new generation encryption algorithm – proprietary and protected by patents (pending) and licensing
The balance of this presentation is an addendum taken from a presentation given at the West Coast Security Forum This addendum covers two cell phone topologies or approaches on a wireless network. Examples of these wireless network topologies are provided in the West Coast Security Forum Presentation and Dynamic Distributed Key Infrastructures at
Encryption: Prevents any non-authorized party from reading or changing data. The level of protection provided by encryption is determined by an encryption algorithm. In a brute-force attack, the strength is measured by the number of possible keys and the key size. 6 Sept 2005
Cellular Phone Setup xx Stream Cipher Encryption S/W or H/W Secure Session Key reception function Integration of Authentication Key Secure Transmission Button NB: Data and Multi-media not dealt with RT Circuitry Key Database CODEC (250 KB)
Encrypted Cellular Traffic Scenario 1 Cellphone contains unique Distributed Private key for Authentication Unsecured Point-to-point call is established Requests Secure Call Selects session Key from menu ( like selecting channel) Phone Sends Key identifier to called party Communication with user Via menu Accepts Secure call by pressing Secure button Secure Landline access requires point-of- presence equipment
1.Distributed Authenticated Key Key is manufactured specific to a device ie flash memory or device like a cell phone The key is made unique to that device by association with a device specific number ie serial # or NAM The Private Key is NEVER transmitted electronically. It is distributed once securely encrypted. The user is authenticated by possession of the key. Second and third factors are added for additional security ie Username and Password (additional unique identifiers). This is your Private key and it is already Authenticated by possession of the device that is pre-distributed. Private Authenticated Key Secured Key Vault 2.Secured Key Vault Firewalls, VPN, encrypted In some paradigms, a session key is required. A sends a request, encrypted with their private key to the key vault and a session key is generated or selected. This session key is then sent back encrypted in As private key which has Never been transmitted. 1. Request is transmitted with Private Key 2. Session key is distributed encrypted with As private key. The Private Key is distributed once encrypted. Session keys, when needed, are NEVER transmitted in an unencrypted state. This prevents Man-in-the-Middle and key piracy.
Enabling Distributed Session Keys Key Database Create a data base of pre-engineered session keys Cell phone owner selects Session keys from list Similar to Downloading Ring tones Database contains users NAM/Private Key pair Session Key is sent encrypted using Private Key to users handset & decrypted Prevents interception by third party User notifies other trusted parties which Session Key(s) he is using for them They go to database and choose same key(s) for communication with that individual Keys are transmitted encrypted in their Private Key and decrypted and reside in memory for the session. During secure call setup Session Key is selected and agreed upon between Cellphones Transmit/Receive orientation and offset is completed At the end of the session, the transmission key is disabled and this transmission key then resides on the handset in an encrypted state, so it cant be copied and used. (The transmission key is only decrypted into memory for use.) Subsequent Secure Sessions enabled without transmission of keys. The unique session key for that pair of communicants is decrypted into memory based on the handsets private encrypted authentication key and its unique NAM number which is used to set the offset for the session.
Encrypted Cellular Traffic Scenario 2 - No key exchange SD Cards created for predefined groups Security Key inserts encryption Alg & Key Conversation Point-to-Point Non-Tappable Secure
Summary of Distributed Key Authentication, Identity Management, and Identity data architectures 1. No lengthy delays in obtaining session keys as the authenticated key is carried with the individual. 2. No delay at all in the revocation of an assigned key, once reported lost or stolen, as the system is under the control of the in-house IT staff and can be deactivated with a simple command. 3. The ability to transmit information securely between trusted members of the network over virtually any digital media including the Internet, wireless, satellite etc. with full assurance that it is getting to the right individual. Transmitted data cannot be intercepted and read by a man in the middle, as they do not have the authentication key. 4. The system allows for the transmission of signals from one individual to many in one simple operation. The unique speed of the algorithm provides the ability of trans-encrypting signals from the originators key into a format that can be read by each of the recipients unique keys. 5. The transmission for telecommunications is fault tolerant since it is bit independent.
Securing the Worlds Information A Scalable Architecture for Authentication and Identity Management BCTIA Most Promising Start Up Award 2004 BCTIA Technology Award 2005
Securing the Worlds Information BCTIA Most Promising Start Up Award 2004 BCTIA Technology Award 2005 WCSF CIPS Vancouver Security Special Interest Group (Security SIG) Information Systems Audit and Control Association (ISACA) Information Systems Information System Security Association (ISSA)® Canadian Information Processing Society (CIPS) Associations – BCTIA and WinBC Schools – British Columbia Institute of Technology and University of Victoria Government – Industry Canada, the National Research Council, and Western Diversification Business – Deloitte & Touche