Five Ways SKI Addresses Cybersecurity Gaps

1. Safer distribution of encryption keys
2. Leverages existing cloud network
3. Eliminates openings for DDoS attacks
4. Perfect forward secrecy in the event of a compromised key
5. Key-distribution component of regulation-compliant encryption

Secure Key Infrastructure and your Business

The Secure Key Infrastructure:

  • Leverages a global provider satellite network
  • Eliminates the cumbersome/ insecure PKI Certificate Authority process
  • Can be licensed and deployed by OEM’s to replace PKI

What is Secure Key Infrastructure?

  • Utilizes worldwide satellite network infrastructure for true, double-blinded token exchange (key distribution)
  • Uses OAuth, HTTPS, and TLS to secure communications between clients and servers during the Token Exchange process.
  • SKI’s native Token Authority (TA) is SCIFCOM

Filling the Cybersecurity Gap for Encrypted Video Streaming

Whether you are streaming video, audio or both, XOTIC® can deliver a secure means to watch and archive the video while removing the concern of malicious parties accessing your feeds. Unlike other ciphers, implemented strictly for the long-term storage of media or used within TLS/SSL protocols that maintain a single secret key, XOTIC is constantly changing to protect your data. Implemented on the device itself, the XOTIC cipher re-keys data in transit with random quantum resilient key lengths ranging from 512-bit to 4,096-bits at set time intervals using Secure Channels’ patent pending Wave Form Encryption™ (WFE). Rest easy with your information stored on-premise or in the cloud with a flexible key exchange network that can shard and distribute the keys for the live feed on internationally distributed repeaters, mitigating the risk of any single point of failure in the security of your information. Protect your information today with a cipher that’s strong enough for post-quantum archival of data, but efficient enough to encrypt every frame of your media.

Addressing the Gaps in OT/Critical Infrastructure Security.

XOTIC Core and Secure Key Infrastructure (SKI).

Industrial facilities and critical infrastructure are digitally transforming their operational technology (OT) to bring it in line with IT and industrial Internet of things (IIoT) systems.  The benefits are clear.  Warehouses, assembly lines and public utilities gain additional efficiencies through real-time responsiveness, process synchronization, performance analytics and cognitive/AI optimization.  OT’s convergence with IT, though, introduces several new cybersecurity weaknesses, risks and attack vectors.

A Siemens report on industrial cybersecurity noted threats to OT systems are more hazardous than those to IT systems.  While IT attacks can result in sensitive data breaches, network downtime and lost productivity, compromised OT systems can lead to quality control lapses, personal injury and environmental damage.  Attacks on OT and critical infrastructure have already introduced “massive damage” to a steel works blast furnace, tampered chemical mixtures at a water treatment plant,  an entire nation knocked offline by a rival service provider, and a power grid takedown through cyberwarfare.  The trend shows no signs of slowing as almost 60 percent of facilities using supervisory control and data acquisition (SCADA) systems or industrial control systems (ICS) were breached. 

Aggravating this threat are the vulnerabilities prevalent in OT.   Legacy components make up a large percentage of OT.  They typically haven’t been outfitted with security and are infrequently and notoriously difficult to patch.  Their lifetime deployments average 10 to 20 years whereas easily-patched IT systems average three to five years of life.  Even air-gapped systems are susceptible to insider threats, which constitute 73 percent of OT cyberattacks. As OT is digitized and brought online, legacy component vulnerabilities are exposed to untold new threats.

The coming 5G technology will fuel widespread adoption of IIoT.  However, the proliferation of IIoT devices greatly broadens the OT attack surface as millions of new, poorly-encrypted endpoints can potentially grant unauthorized parties access to vital systems.  Manufacturing floor, public utility and Smart city systems could fall under the control of adversaries successful in exploiting IIoT devices.  Security research firm F-Secure reported that cyberattacks on overall IoT devices jumped 300 percent in 2019, and Gartner estimated that by 2020 IoT compromises will account for more than 25 percent of cyberattacks.  Generally a network’s weakest links, IIoT devices intended to improve safety, maintenance tasks and quality control allow relatively easy access to assailable OT.

Industrial facilities and critical infrastructure need OT to be available, reliable and safe. The data stored in and transmitted between OT, IT and IIoT must remain free from interception or manipulation to meet these goals.  Future-ready encryption with a secure, fault-tolerant key exchange form the strongest and last line of cyberdefence for OT and critical infrastructures.

The XOTIC Core/SKI solution solves with:

Strength: The XOTIC Core cryptosystem securely encrypts OT and critical infrastructure data behind quantum-resilient key lengths ranging from 512 bits to more than 8,000.  Deployed with SKI, XOTIC Core’s symmetric keys are safely transmitted between OT, IT and critical infrastructure endpoints.

Safety: The solution’s unbreakable encryption for data stored in and transmitted between devices eliminates opportunities for unauthorized parties to exfiltrate sensitive data or manipulate equipment.  XOTIC Core and SKI enable facility operators to maintain control over their OT and critical infrastructure.

Readiness: SKI doesn’t rely on the quantum-weak algorithms at the heart of public key infrastructure (PKI) systems.  SKI distributes symmetric keys that can withstand attacks from today’s technology and tomorrow’s. 

Reliability: SKI can be implemented using a combination of public/private/cloud services and edge networks for redundant key distribution.  Its high availability and fault tolerance mitigate DoS/DDoS attacks involving OT/IIoT endpoints.

Simplicity: XOTIC Core’s weightless 60KB footprint easily integrates into the most resource-constrained OT and IIoT devices.  SKI deployments incorporate fewer components than those of standard PKI.  Its “out of band” operation avoids reliance on questionable “trust actors” to securely distribute encryption keys.

Responsiveness: Increased adjustments in XOTIC Core’s strength add no perceptible latency to equipment performance.  It initializes quicker than AES and outperforms streaming ciphers.  And XOTIC Core’s distributed symmetric keys require less computational overhead

Adaptability: XOTIC Core and SKI are easily integrated into OT ranging from legacy to state-of-the-art.  The solution’s agnostic design delivers consistent protection as OT/IIoT technology continue to evolve.

Perfect Forward Secrecy:  XOTIC Core’s scalable one-time pad leverages quantum random number generation to create completely unique keys for unconditional security.  SKI distributes XOTIC Core’s ephemeral keys for every signal, packet of data or frame of video.  In the highly unlikely event of a compromised key, the security of the rest of the data remains unaffected. 

Compliance:  The solution exceeds the level of “reasonable security” required with various industry and government cybersecurity controls.  XOTIC Core can be deployed in “FIPS mode” with key wrapping for NIST-regulated environments.

Secure Key Infrastructure (SKI):

Security Assessment

Author: Dr. Stanislaw Jarecki, University of California, Irvine

1. SKI offers strong security property vs. standard PKI-based and Kerberos-based secure key communication solutions:

Unlike PKI-based solutions, the clients don't store long-term keys except for standard authentication tokens (password, biometrics). This dramatically limits security exposure in case of client compromises.

Unlike Kerberos-based solutions, the central server (`Token Authority') has no knowledge of decryption keys, just short-term authentication tokens. This limits the security exposure in case of central server compromise.

SKI achieves these security advantages using a distributed fault-tolerant protocol involving a network of geographically spread Relay servers, and it achieves the above security properties at the price of exposing a transmission key if a significant threshold of Relay servers is compromised.

However, using secret-sharing the probability of such compromise is negligibly low unless the adversary compromises a majority of the Relay servers.

2. SKI offers strong reliability in key delivery, thanks to the fault-tolerance in the key transmission protocol, based on well-known secret-sharing techniques.

3. SKI offers strong privacy properties with respect to the Relay servers, thanks to the double-blinding technique in the key transmission protocol. Only the central Token Authority knows the matching between the sender and the receiver, which is the same as in a Kerberos-style solution, and this information is stored only briefly, so a compromise of the Token Authority does not reveal past communication patterns.

SCI Solutions Using Secure Key Infrastructure Technology

SCI Subsidiaries Using Secure Key Infrastructure Technology

In The News

Marriott may face GDPR fine of more than £17m
Marriott International could face a multimillion-pound fine in Europe, following news that the...
What is a Quantum Random Number Generator (QRNG)?
Originally published Febuary 16, 2017.   If you take a programming class that actually...
7 Key Elements of a Successful Encryption Strategy
The most common method of protecting data in motion is the use of a secure sockets layer...

Cybersecurity Trends For 2019 – The Escalating War Against Encryption, Privacy, And Security

By Richard Blech  December 20, 2018 The year 2018 saw the opening salvos of a Cold War. One...
Entertainment Security Operations Center

ESOC announced in CED Magazine

Briefs: Amazon, Fox, Disney, Alticast, Secure Channels Amazon has debuted its Fire TV Stick...

Toyota Reveals a Second Data Breach

Watch for updates on this developing story. Toyota Motor Corp. has reported its second data...

Technology in the News

ZIPcrypt Review: A Revolutionary Encryption Tool

By SoftwareSugges We’re living in a hyper-digital era and never before has cryptography attained such massive importance in our lives. Organizations all over the globe have realized the value of encryption tools to ensure that their data is protected in transit and...

How to Avoid the Top Three Causes of Data Breaches in 2019

What's the price of unprotected IT infrastructure? Cybercrime Magazine says that global damages will surpass $6 billion as soon as 2021. Here we'll go through some of the most frequent and emerging causes of data breaches in 2019 and see how to address them in a...

Google confirms ‘quantum supremacy’ breakthrough

Google has officially announced that it’s achieved quantum supremacy in a new article published in the scientific journal Nature. The announcement comes exactly one month after it initially leaked, when Google’s paper was accidentally published early.Did you enjoy...

NordVPN confirms it was hacked

NordVPN, a virtual private network provider that promises to “protect your privacy online,” has confirmed it was hacked. The admission comes following rumors that the company had been breached.Did you enjoy this article? Then read the full version from the author's...

We asked a hacker to try and steal a CNN tech reporter’s data. Here’s what happened

I share, therefore I am. I am the kind of person who posts Instagram photos (filtered, of course) from my vacation. I am also the kind of person who tweets about buying an overly-expensive piece of furniture because I fell for a sleek online ad about how it would...

Newsrooms, let’s talk about G Suite

There are many legitimate reasons to give administrators this far-reaching ability to organize and retain user data, such as compliance with legal requests. All of this logging and retention functionality may also help your organization’s administrators monitor for...

In the last 10 months, 140 local governments, police stations and hospitals have been held hostage by ransomware attacks

The attack starts, innocently enough, with an email. But when someone clicks the link inside, hackers quickly take over. CNN's Tina Burnside, Kevin Collier, Pierre Meihan, Faith Karimi, Eli Watkins and Zachary Cohen contributed to this story. Did you enjoy this...

Cloud Breaches Like Capital One Will Strike At Self-Driving Cars

The news has covered yet another breach of systems security that involves the theft of massive amounts of data, in this case impacting an estimated 100 million customers of Capital One Financial Corp. In the past, the public might have reacted vociferously in outright...

Siemens-Poneman Study: Cyber attacks on power utilities are growing in numbers, complexity

The cybersecurity risks against critical power infrastructure seems to be worsening, as a new study indicates that 56 percent of respondents reported their companies suffered one or more shutdowns or loss of operational data per year. Did you enjoy this article? Then...

Hack Breaks PDF Encryption, Opens Content to Attackers

Researchers in Germany have invented a new hack that can allow someone to break the encryption of PDF files and access their content  — or even forge signed PDF files under certain circumstances. Did you enjoy this article? Then read the full version from the author's...