Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secure File Interchange (SFI) A Managed Security Solution Whitenoise Laboratories Inc. November 24, 2006 For use in your enterprise A service offering.

Similar presentations

Presentation on theme: "Secure File Interchange (SFI) A Managed Security Solution Whitenoise Laboratories Inc. November 24, 2006 For use in your enterprise A service offering."— Presentation transcript:

1 Secure File Interchange (SFI) A Managed Security Solution Whitenoise Laboratories Inc. November 24, 2006 For use in your enterprise A service offering to your clients and customers

2 Canadian Security Market $1B in 2004$1B in 2004 $1.5 B 2007$1.5 B 2007 –Yankee Group, Gartner, IDC, Data Monitor, Merrill Lynch and Goldman Sachs Key market drivers include:Key market drivers include: -Technology evolution: IP networking, VoIP, WLAN -Extension of the network perimeter to include partners and mobile workers -Regulatory compliance (PIPEDA), (HIPAA), (Gramm Leach Bliley), (Sarbanes Oxley), (Ontario Bill 198, BC Bill 38) -Identity Management and Access Control : Emerging requirement

3 1 out of 10 Laptop computers purchased will be stolen within 12 months, 90% will never be recovered. 2005 CSI/FBI report 200,000 HP staff exposed as laptop loss party continues.200,000 HP staff exposed as laptop loss party continues. The Register 22 March 2006 Ameriprise: Laptop Stolen With Data on 158,000 ClientsAmeriprise: Laptop Stolen With Data on 158,000 Clients Associated Press Wednesday, January 25, 2006 Unauthorized access showed a dramatic cost increase and replaced denial of service as the second most significant contributor to computer crime losses during the past year at $31,233/ incident. 2005 CSI/FBI report Unauthorized access showed a dramatic cost increase and replaced denial of service as the second most significant contributor to computer crime losses during the past year at $31,233/ incident. 2005 CSI/FBI report The Problem

4 Encryption Prevents any non-authorized party from reading or changing data. The strength is measured by the algorithm, the number of possible keys and the key size. Identity Management Identity Management (IDM) is comprised of electronic records that represent people, machines, devices, applications, and services. Jamie Lewis CEO Burton Group 77 % of respondent C-level execs & IT managers of large US enterprises view IDM as the primary means of protecting against network intrusions resulting from identity theft and as key to compliance efforts in safeguarding sensitive information. - Unisys survey. Definitions

5 The Whitenoise Proposition An End-to-End Solution:An End-to-End Solution: –Protects data in storage on: Desktop, Laptop ComputersDesktop, Laptop Computers External hard drives or other storage mediaExternal hard drives or other storage media –Secures data in transit on: IP Networks, the Internet, Wireless, SatelliteIP Networks, the Internet, Wireless, Satellite Our differentiator:Our differentiator: –Provide Systems that are: Simpler to useSimpler to use – Less Training Expense/ Resistance Less expensiveLess expensive Easier to implement & maintainEasier to implement & maintain More secureMore secure Regulatory Compliance Corporate/Personal Data Security Extends the Network Perimeter: Partners / Mobile Employees Increase security of standards compliant technology with Whitenoise IP

6 Traveling Employee Supplier Inter/Intranet Wireless SFI Server Application NT 2003 The Company Executive Accounting Marketing HR Provides a strong corporate Identity Management & Secure Document Exchange system over any digital media Internet, Wireless, Satellite Co. Location B Sales System is managed by IT personnel SFI Secure File Interchange for Business Sensitive information downloaded as required not stored on PC

7 Secure File Interchange (SFI) Shrink-wrapped Computer based application + keysShrink-wrapped Computer based application + keys –Windows NT 2003,.NET, C#, C++ Secure exchange of documents over insecure networks (Internet, Satellite, Wireless)Secure exchange of documents over insecure networks (Internet, Satellite, Wireless) –Global reach –Economical –Documents of all types including multi-media Address weaknesses of other topologiesAddress weaknesses of other topologies –SFI is more economical –SFI minimizes complex multiple servers –SFI does not require trusted 3 rd parties –Easy end user adoption and use –Security – prevention and detection [rapid revocation] Self containedSelf contained –No special skills –Little training

8 Two factor authentication to gain access to secured network Something you have in your possession – The key Something that you know – A strong password The key impractical to duplicate Billions of bytes in length – Digital Fingerprint Incorporates Serial Number & Mfg Information Whitenoise US Patent pending DIVA guards against spoofing You then remove the key & take it with you Key structure tested by cryptographic experts at the Univ of California – Berkeley and the Univ of Victoria USB Based Identity Key

9 PKI SFI Simple AES Encryption No 3 rd Party Rapid Key Revocation Spoofed Keys Protection (DIVA) US Pat Pend Simple Management One Time AES Session Keys Affordable Non-Repudiation Service Comparison

10 Applications SFI is implementer centric –No trusted 3 rd parties –Membership assigned by Enterprise –Strong Identity Management Current Version –High Speed encryption –Very fast at end user Supports multiple documents of varying types Simultaneous operation –Perfect for large file transfers Printers, Movies, Banks, etc. SFI(2) –Standards Compliant (AES SHA 256) –Government and large organizations –FIPS Compliant Both have maintenance and management subsystems.

11 AES Key Generation & Document Transmission WN IDM Key (240,000 bits) User AES key (128 bits) WN RNG 128/256 AES Session Key Encrypt Session key w/user AES key Wrap/Encrypt in WN IDM key Header Place in Document Header SFI Key Server Encrypt Document Senders Desktop SHA 256 Ensures document is not altered between sender and receiver.

12 Transmission of Secure Document Server contains all user key pairs Header WN IDM Key User AES key Unwrap WN IDM key Decrypt Session key w/ sender AES Key AES Session key Wrap in receivers WN IDM key Re-Encrypt Session key in Rcvrs Unique AES key Place in Header & Send Receivers Desktop SFI Key Server Receiver advised through e-mail that file is waiting File may be sent via SFI or Encrypted E-mail

13 Low Server Overhead = Large Scalable AES Networks Client: Session key generation, encryption & IDM Wrap – WN RNG Client: File Encryption using Session Key –using either AES or WN Server: Decrypt session key + IDM recovers Session Key –< 160µ secs per transaction –Approx. 20 Million / Hr (Theoretical) The Documents are never decrypted –Employ one-time AES Session Keys

14 The Identity Management Key Offset The dynamic authentication calls happens between two end-points [i.e. server and device, card, flash memory, router etc.] periodically during each communication The critical characteristic is that each-end point can create the identical key stream from its distributed key structure and offset/vector that points to a specific index in the key stream [These have either never been transmitted or never been transmitted in an un-encrypted state.] –The key stream is like radio active decay: it is both random and deterministic –Radio activity is the most random natural event and yet the half-life is deterministic – The IDM key stream can be identically recreated and yet any segment of this stream is more random than even radio active decay [there were no statistical failures against the NIST test suite]. This dynamic authentication call is requesting and comparing random segments of the stream that have never to that point been created or transmitted. [The segments are never used twice.]

15 Dynamic Identity Verification Authentication (DIVA ) & etc.- 01100011001101001101010100101010000101011010101010 -etc. Last Session Ended Here (X) +n DIVA (Key) is instructed to begin her song at X + n DIVA remembers end point of session Password

16 Dynamic Identity Verification & Authorization (DIVA ) Unique keys assigned to individuals or network points Provide very strong identifier Possession of the key + strong password structure to activate it establishes user identity [An additional element of authentication is the unique device identifier.] DIVA uses these attributes to: –initially ensure that the individual accessing the network is who they say they are (references last point in key reached during last session) –alert registered user that account is being accessed –verify their identity throughout the session –ensure that a duplicate key (intruder) is not in existence –defend the network if intruder detected (deny access to both) Rapid threat vector detection and immediate revocation Continuous identity verification throughout a session (not just the beginning) DIVA Identity Management keys can be used in either distributed or public key topologies

17 How does DIVA protect? Super-length IDM Key = Lyrics of a user-specific song Only SFI Server & User key know lyrics of each users unique song Access = Sing next n lyrics of song from unique start point given by server for each session (last point + x- encrypted) Additional operations = Sing next n lyrics of song from last point 2 nd DIVA (Intruder) appears Reported Loss or theft of key = instant denial of access Operations of 2 DIVA = Loss of Sync for one, denial of access to both SFI

18 Simple Maintenance & Administration Administrator Screen Adding New Users

19 Maintenance & Administration Logs – (Non-Repudiation)

20 Additional User Security User advised over E-Mail/pager that account is being accessed Advised via e-mail that message waiting Click on provided link takes user to SFI server User sees last 15 logins and IP addresses on login Reported lost or stolen key killed instantly No 3 rd party notification required

21 Networked Systems (Phase 2) Secure network systems servers are capable of networking (Phase 2) Set up shared directories based on pre-selected (allowed) e-mail addresses Signaling path set up between servers with unique Whitenoise server keys Message encrypted in one-time AES session key Sent to server on which target receiver is resident encrypted in servers IDM key Receiving server packages session key in receivers IDM and AES keys Sends to receiver where it is decrypted No key information is electronically transmitted Message is never decrypted (readable) at any point between sender and receiver [trans-encryption occurs in real time in a streaming fashion in memory only] Vancouver Regina Toronto

22 Secure File Interchange (SFI) Review Add Managed Information Transfer and Storage to service offerings –Storage Space managed and chargeable –Per document/transaction charges Additional revenues through securing data storage and transfer Total solution from desktop/laptop to secured delivery over insecure networks –Internet, Wireless, Satellite One time session keys, DIVA - prevention, authorization, detection and revocation Manage service for SMEs –Far Less expensive –No skills requirement –Little to no training Target Legal, Medical, Financial sectors –Regulatory Compliance Uses industry/government standard Encryption (AES, SHA) + DIVA Provides Transaction Logs Cavalier Telephone to Add Comprehensive On-Demand Security Services to Business IP Offering MILFORD, Conn.--(BUSINESS WIRE)--Aug. 17, 2006-- Mid-Atlantic CLEC to Provide SMB Customers Complete and Cost Effective, On-Demand Security Services - No Assembly Required

23 Secure File Interchange (SFI) A Managed Security Solution Whitenoise Laboratories Inc. September 19, 2006

24 IP Security Tunnel A Managed Security Solution Whitenoise Laboratories Inc. September 19, 2006

25 Whitenoise IP Security Tunnel Shrink wrapped computer application + keys Encrypted point-to-point and multi-point tunnels Immediate integration with IP traffic at data link layer –E-mail –File transfer –VoIP –Video conferencing Encrypted Link Keys issued from key vault No appreciable delay( Latency) for real-time applications Key Vault Location A Location B Location C

26 Benefits of the IP Security Tunnel Reduce complexity of Inter-location security Reduce computational overhead & hardware cost –Inexpensive appliances –Eliminate hardware encryption accelerators Maximize throughput & minimize delays One solution for all IP including VoIP & Video Conferencing Better solution at 25% - 50% of the cost

27 PC File Security A Managed Security Solution Whitenoise Laboratories Inc. September 6, 2006

28 PC Level Data Protection Products PC File Encryption Hard Drive Encryption Mail Bag Encryption Distribution –3 rd party distributor/manufacturer –3 rd party to major accounts –Direct sales through website

29 Simple point & click application on USB memory device + unique key encrypts all types of data on computer Hard Drive No size limit You then remove the key & take it with you Portable (Multiple computers) Securely send data between home & office The key cant be duplicated Lost key replaceable Encrypted Corporate or Personal data on lost or stolen computer is unreadable Whitenoise PC File Encryption

30 Whitenoise Encrypted Mailbag Create a Mailbag –May hold one or many documents of different types Multimedia (Video, Music, Voice) Spreadsheets Text Documents Graphics (Drawings, Photographs) Etc Key is generated from 2 passwords –Significant security vs. single password Password Internet

31 PC & Removable Hard Drive Encryption PC & Removable Hard Drive Encryption Protects Computer and Removable Hard DrivesProtects Computer and Removable Hard Drives –Utilizes distributed Encryption Key and Pass phrases –Encrypted Z drive cannot be read if removable drive or computer is lost or stolen –Z drive is sizeable –Drag and Drop folders and sub-folders to your encrypted drive –Extremely fast Plays multimedia content while encryptedPlays multimedia content while encrypted Sensitive Incident video (Security First Responders)Sensitive Incident video (Security First Responders) Recorded Video Testimony (Law Enforcement)Recorded Video Testimony (Law Enforcement) New pocket size Mini 50 - 100GB

32 About Shikatronics Shikatronics deals with many of the Major Retailers, Corporate Accounts, Financial Institutions and Buying Groups in Canada, such as: Montréal, QC, Wednesday, June 21, 2006 - Shikatronics, a leader in memory manufacturing and distribution in Canada, announced today a distribution agreement with SmartDisk, a global provider in the area of portable, network and multimedia storage products and technologies that enable people to enjoy, share and preserve digital content and information. Shikatronics A Whitenoise retail product distributor

33 Whitenoise Laboratories Inc. IPIP –Whitenoise Encryption & Identity Algorithm US/International PatentsUS/International Patents –IPEA advisory all 23 claims allowed (May 2005) PCT/CA2005/000163 –USPA 10/299,847 examination all claims allowed (Nov 2006) Business ModelBusiness Model –Licensing of Technology to manufacturers –Sales of Whitenoise Labs developed encryption products (through distributors) Fully compliant Cdn Federal Govt regulationsFully compliant Cdn Federal Govt regulations Vancouver BasedVancouver Based

34 Strong ( CPU/Processor Intensive) Weak Slow Fast DES Triple DES AES RC4 Whitenoise SEAL Strength Speed Whitenoise Algorithm Positioning (CPU/Processor Very Efficient) Blowfish Encryption Strength

35 Extremely Secure – Encryption Key stream length exceeds the size of multimedia content to be sent or stored - (Keys built from small amount of stored data) IDM - Positive identification of receiving device Unique communication channel (encrypted) between content server and terminal - Secure Key delivery Multimedia may be streamed and/or stored for later play Key associated with terminal Cannot be played on another device Supports real time voice, video, music, text and games (yes games) Plays encrypted streams without latency Content encrypted once and placed on server Title key sent uniquely encrypted in terminal key to user Low overhead Whitenoise Algorithm Attributes

36 Extremely Secure - Keystream length exceeds the size of Data to be sent or stored (Keys built from small amount of stored data) - Keystream Data never transmitted - Keystream Data never transmitted Fast – 5 Clock Cycles per Byte (S/W) >2 Bytes / CC (H/W) – Done in FPGA Error Tolerant - Only damaged bits affected no reliance on preceding or following data Efficient - Low Processor Requirements – Lower cost devices Data Type Independent - Multimedia Support – Voice Data Video – Real Time streaming, Video Surveillance Manages Linear Offsets - Strong Identity & Digital Rights Management Applications - Receiver & Sender synchronized Keystream - Receiver & Sender synchronized Keystream Scaleable - Small Footprint < 300k – Will run on 8 bit cpu Whitenoise Algorithm Attributes

Download ppt "Secure File Interchange (SFI) A Managed Security Solution Whitenoise Laboratories Inc. November 24, 2006 For use in your enterprise A service offering."

Similar presentations

Ads by Google