Project: Exoskeletons for security standards
Software to wrap around and protect deployments of at-risk (X.509 based public key) security standards. This project is an extension of the global-scale IdM-CKM project.
Context
Today's Internet (defacto) security standards are at risk
On entering office, President Obama directed a 60-day, comprehensive, “clean-slate” review to assess U.S. policies and structures for cyber security. The review published in May 2009 concluded that:
“Cyberspace touches practically everything and everyone. It provides a platform for innovation and prosperity and the means to improve general welfare around the globe. But with the broad reach of a loose and lightly regulated digital infrastructure, great risks threaten nations, private enterprises, and individual rights. … The architecture of the Nation’s digital infrastructure, based largely upon the Internet, is not secure or resilient.”
Today's Internet relies almost entirely on (the X.509) security standards that emerged in the late 1980. Many serious security and implementation problems have plagued these standards. In October 2010 Andrew McLaughlin, the White House Deputy CTO for Internet Policy publicly, asserted that the U.S. government is helpless against fake security certifications, a problem that emerges due to the trust model employed in the current (public key) security systems. Unfortunately, in the civilian X.509 trust model, there are 40+ certificate authorities located in different countries that have the power to make security assertions on EVERY website on the Internet. Some of those authorities make absolutely no verification (Zero verification) that they are issuing correct certificates to authorised parties.
Problems in the X.509 security standards, such as fake security certificates, undermine the utility of all security protocols and products that rely on it. This includes: secure e-mail, secure webpages used for online e-commerce (HTTPS, SSL, TLS), virtual private networks (IPsec, SSL VPN), and so on.
ICT Gozo Malta member Synaptic Laboratories Limited has proposed a comprehensive global-scale identity-management and cryptographic identity management solution to this problem. The purpose of the Exoskeleton project described on this page is to develop an efficient method of protecting today's Internet security systems that rely on the X.509 standards, without modifying them.
What is an Exoskeleton?
In nature, an exoskeleton is an external skeleton that supports and protects an animal's body.
In Computer networks, a tunneling protocol encapsulates the payload protocol with a different delivery protocol. A simple example of tunneling is the Voice over Internet Protocol (VoIP) which caries telephone calls over the Internet.
In Computer networks, a secure tunnel is a type of tunneling protocol that uses cryptography in the delivery protocol to protect the payload protocol. A secure tunnel can be thought of as a type of exoskeleton that supports and protects the payload protocol by wrapping around it without modifying it. A simple example is the ubiquitous "Secure Socket Layer (SSL) / Transport Layer Security (TLS)" protocol which wraps around unencrypted network connections and transports the payload over the Internet in a secure way.
The purpose of the ICT Gozo Malta Exoskeleton initiative is to create a new family of secure tunnels that wrap around and protect existing security standards without modifying them. The Exoskstelon approach means there are no changes to the original standards, and existing interoperability between implementations is maintained.
end faq
Proposal
Our vision to protect existing cyber security standards
The creation of a universally trustworthy and dependable cybersecurity infrastructure that wraps around and protects the deployment of today's at at-risk Internet security standards. This infrastructure is specifically designed to operate in multijurisdictional and multistakeholder environments. This platform should ensure the intended security properties of existing Internet security standards (with regard to confidentiality, integrity and availability) are met or exceeded. Where possible, the cyber security infrastructure should improve the function of existing public key systems, while not relying exclusively on them for security.
Achieving this vision
We have taken a clean-slate approach to solving the core problems found in Identity Management, Cryptographic Key Management and Secure Computation (TruSIP 4clouds). The objective of the Exoskeleton initiative is to create a suite of software technologies that can protect today's Internet security that are currently used in production capacity, without requiring the modification of deployed software or hardware.
Our proposal is to create protocol aware secure tunnels that wrap around and protect the output of existing security standards. We call these protocol aware secure tunnels Exoskeletons to differentiate them from other security protocols in use today.
The Exoskeleton technologies will employ the use of our global-scale Identity Management and Cryptographic Key Management platform, which in turn employs our TruSIP 4clouds model. The Janelda future network projectwill support the use of Exoskeletons in the client access nodes, in this way Current Internet and Future Internet users can achieve secure communications effortlessly.
Our unique-value-propositions
The purpose of the exoskeleton is to enable the rapid protect today's at risk security standards without modification. To do this we seek to create Exoskeletons that employ our global-scale Identity Management and Cryptographic Key Management platform to create secure tunnels that wrap around and protect the output of today's Internet security systems.
We are not aware of any alternative proposals designed to address the trust problems with the X.509 PKI standards they rely on. We are not aware of any initiatives to provide instant post-quantum secure protection for today's at risk public key based security systems. The techniques used in our Exoskstelon approach means there are no changes to existing security standards, and existing interoperability is maintained between applications.
Elements in the design
On the server side we employ the our global-scale Identity Management and Cryptographic Key Management platform, which in turn employs our TruSIP 4clouds model.
For each person enrolled into the system, each person will be assigned one (or more) smart cards. Those smart cards are enrolled with 3 or more IdM-CKM service providers before being issued to card holders. The smart card is used within the IdM-CKM ecosystem. (In the future we will explore integrating the IdM-CKM system with OpenID to enable single-sign on with sites running at-risk public key standards).
On the client desktop, it is preferred that a suite of software drivers are downloaded and installed. This approach is 'consistent' with SSL/TLS, VPN and other solutions which require software installed at the point where security is enabled.
At the client local area network level, it is possible to enhance network security modules (such as firewalls, network address translation, intrusion detection and prevention devices, ...) to transparently enable Exoskeletons. In this way it is possible to secure the wide-area-network traffic of an entire office without modifying any of the desktops. This lowers the barrier while mitigating many known security risks.
At the client back-office, it is possible to run Exoskeletons as proxies. This is similar to the technique used by some SSL accelerators which offload all SSL traffic to a module sitting in-front of the web-server, file-server or so on.
Exoskeleton: Secure Socket Layer
Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols commonly found in eCommerce, eGovernment and many other Internet enabled applications. SSL and TLS are designed to provide communications security for normal Internet network sessions (point-to-point communications across a large network). SSL/TLS software is typically called by applications that wish to encrypt data before it is transmitted onto the unsecured network.
Unfortunately, SSL/TLS uses at risk X.509 public key cryptography to provide identity management and key exchange operations. There are products on the market today to attack SSL/TLS (see this paper for detailed information and full disclosure on the SSL attacks). The Exoskstelon approach means there are no changes to the SSL/TLS standards, and existing SSL/TLS interoperability is maintained.
The Synaptic Labs SSL/TLS Exoskeleton security enhancement will act as a wrapper or filter in front of the existing SSL/TLS protocols and protect various at-risk aspects of the protocol from attacks. Furthermore, in response to U.S. Federal calls, our proposal is post quantum secure.
Exoskeleton: Virtual Private Network (IPsec)
A virtual private network (VPN) is a computer network in which some of the links between VPN nodes are carried by a public network such as the Internet. This might be used to extend the reach of a private local-area network (LAN) in one building to users working in another building. It might also be used to allow telecommuting workers to access their LAN from out in the field. VPNs are quite flexible and distributed organisations of any size can deploy them in a variety of ways to satisfy their secure data communications requirements. For example, banks use Secure VPN’s to secure inter-bank traffic and ATM’s. Today most VPNs use cryptographic algorithms and protocols to protect against the inherent insecurity of the public networks. Secure VPNs ensure that network traffic transmitted over the public network is encrypted and protected from malicious modification. Secure VPNs further ensure only authorised users can access the network.
IPsec is a common secure virtual private network technology. It is a mandatory requirement in all computers that implement the modern Internet Protocol version 6 standard. Unfortunately, IPsec uses at risk X.509 public key cryptography to provide identity management and key exchange operations.
The Synaptic Labs IPsec Exoskeleton security enhancement will act as a wrapper or filter in front of the existing IPsec protocol and protect various at-risk aspects of the protocol from attacks. Furthermore, in response to U.S. Federal calls, our proposal is post quantum secure. The Exoskstelon approach means there are no changes to the IPsec standards, and existing IPsec interoperability is maintained.
Many IPsec servers employ a "Remote Authentication Dial In User Service" (RADIUS) server. Synaptic Labs RADIUS Exoskeleton will enhance and protect that protocol.
Exoskeleton: Virtual Private Network (SLL VPN)
A virtual private network (VPN) is a computer network in which some of the links between VPN nodes are carried by a public network such as the Internet. This might be used to extend the reach of a private local-area network (LAN) in one building to users working in another building. It might also be used to allow telecommuting workers to access their LAN from out in the field. VPNs are quite flexible and distributed organisations of any size can deploy them in a variety of ways to satisfy their secure data communications requirements. For example, banks use Secure VPN’s to secure inter-bank traffic and ATM’s. Today most VPNs use cryptographic algorithms and protocols to protect against the inherent insecurity of the public networks. Secure VPNs ensure that network traffic transmitted over the public network is encrypted and protected from malicious modification. Secure VPNs further ensure only authorised users can access the network.
SSL VPN is a common secure virtual private network technology that uses the Secure Socket Layer protocol to perform security operations. Unfortunately, SSL/TLS uses at risk X.509 public key cryptography to provide identity management and key exchange operations. This means that SSL VPN products are also at risk.
The Synaptic Labs SSL VPN Exoskeleton security enhancement will act as a wrapper or filter in front of the existing SSL VPN protocol and protect various at-risk aspects of the protocol from attacks. Furthermore, in response to U.S. Federal calls, our proposal is post quantum secure. The Exoskstelon approach means there are no changes to the SSL VPN standards, and existing SSL VPN interoperability is maintained.
Exoskeleton: Secure E-mail
There are three common protocols for secure e-mail.
The Internet standard for secure email is called S/MIME (Secure/Multipurpose Internet Mail Extensions). Unfortunately, S/MIME uses at risk X.509 public key cryptography to provide identity management and key exchange operations.
A common defacto standard for secure email is called Pretty Good Privacy (PGP). PGP can use the at risk X.509 federated certificate-authority trust model, or it can use a web-of-trust model which does not scale very well with large number of users. Furthermore, according to Ed Gerck in his overview of certificate systems: A public key infrastructure is only as valuable as the standards and practices that control the issuance of certificates and including PGP or a personally instituted web of trust could significantly degrade the trustability of that enterprise's or domain's implementation of public key infrastructure.
A relatively new secure-email approach employs Identity Based Encryption (IBE). In this model each organisation runs it's own certificate authority and is responsible for managing the identities. Secure email between users can be achieved by mathematically transforming the public key of that certificate authority with the target e-mail address. In the most common commercial systems, the enterprise server can read and falsify messages between any user in it's realm of control (see non-repudiation). Compromise of one IBE server results in complete and total security failure for all previously protected communications managed over the life time of that server. IBE systems rely on public key cryptographic primitives that are known to be at risk.
ICT Gozo Malta member Synaptic Laboratories' global-scale IdM-CKM proposal is designed to address the trust limitations found in the above three proposals, while exploiting innovative techniques that mimic some of their more desirable properties. For example, our IdM-CKM proposal allows for management of key material by public identifiers, such as by e-mail address or website domain name. Advantageously in our approach the servers cannot decrypt messages, non-repudiation is maintained, and there is no 'single-point of trust failure' for all messages (or key exchanges). Our IdM-CKM proposal also allows for a multiple-attested identity assertions similar to the web-of-trust, but done in a way that is structured (all assertions managed in the cloud) and scales with regard to the number of users.
The Synaptic Labs Secure Email Exoskeleton security enhancement will act as a wrapper or filter in front of the existing unprotected e-mail (MIME) and S/MIME emails. Our approach will benefit from key management by e-mail address in a robust inter-enterprise, globally-scalable, manner. When wrapping around S/MIME, the Exoskeleton will protect various at-risk aspects of the S/MIME protocol from attacks. Furthermore, in response to U.S. Federal calls, our proposal is post quantum secure. The Exoskstelon approach means there are no changes to the MIME or S/MIME standards, and existing mail interoperability is maintained.
Exoskeleton: Secure Shell (SSH)
Secure Shell is a suite of low-level security tools used extensively by many millions of computer administrators and software developers.
SSH runs on desktops and servers and enables computers to be remotely administrated. SSH also supports creation of secure Internet (TCP/IP) tunnels between computers. A secure tunnel offers a quick and low cost method of securing network traffic between a client and server without modifying the source code of the client or server.
SSH does not normally use X.509 public key cryptography to provide identity management and key exchange operations. However, SSH is not post quantum secure and so is known to be at risk of anticipated attacks in the future.
The Synaptic Labs SSH Exoskeleton security enhancement will act as a wrapper or filter in front of the existing SSH protocols and protect various at-risk aspects of the protocol from attacks. Furthermore, in response to U.S. Federal calls, our proposal is post quantum secure. The Exoskstelon approach means there are no changes to the SSH standards, and existing SSH interoperability is maintained. In addition, the SSH Exoskeleton can benefit from advanced identity management functionality provided by our global-scale IdM-CKM proposal.
Exoskeleton: UDP/IP
The User Datagram Protocol over Internet Protocol (UDP/IP) is one of the 2 core protocols for transporting information over the Internet (the other is TCP/IP). UDP/IP is the simpler protocol and is responsible for sending short messages in an unreliable way. Sometimes described as "Send and Pray", the packet of data is sent and there is no guarantee it will get to it's destination. UDP/IP is frequently used for streaming audio and video data to users.
The UDP/IP protocol does not employ any confidentiality or authentication mechanisms. In the Internet users may choose to employ a virtual private network (VPN) or use the Secure Sockets Layer (SSL) protocol to protect sensitive UDP/IP traffic. Unfortunately, these protocols rely on at risk X.509 public key cryptography to provide identity management and key exchange operations.
The Synaptic Labs UDP/IP Exoskeleton can be used to protect unsecured UDP/IP traffic without the use of VPN or SSL/TLS. In response to U.S. Federal calls, our proposal is post quantum secure.
Exoskeleton: TCP/IP
The Transmission Control Protocol over Internet Protocol (TCP/IP) is one of the 2 core protocols for transporting information over the Internet (the other is UDP/IP). TCP/IP is the more complex protocol and is responsible for sending long messages in a reliable way. TCP/IP is used for most network traffic.
The TCP/IP protocol does not employ any confidentiality or authentication mechanisms. In the Internet users may choose to employ a virtual private network (VPN) or use the Secure Sockets Layer (SSL) protocol to protect sensitive traffic sent over TCP/IP. Unfortunately, these protocols rely on at risk X.509 public key cryptography to provide identity management and key exchange operations.
The Synaptic Labs TCP/IP Exoskeleton can be used to protect unsecured TCP/IP traffic without the use of VPN or SSL/TLS. In response to U.S. Federal calls, our proposal is post quantum secure.