The Nuts and Bolts of Encryption:
A Primer for Policymakers on the Past, Present and Future of Encryption Technology Presented by: Engine, TechFreedom, Charles Koch Institute and the Congressional Tech Staffer Association
Table of contents Part 1: Nuts and Bolts of Encryption: A Primer for Policymakers What is Encryption? How is Encryption Used in Practice? Encrypted Storage Encrypted Communications How Does Modern Encryption Actually Work Under the Hood?
Part 2: The History of Encryption
Part 3: Encryption Technology Today: How Startups are Innovating ArmorText Ionic Security PreVeil Dyadic Security Filament Immuta
Introduction Encryption has been at the root of many everyday technologies we use. In the wake of notable breaches and heightened national security regimes, encryption policy has come to the forefront of policy debates in Washington, DC, and spread across the country. To facilitate an open discussion, Engine, TechFreedom, Charles Koch Institute and the Congressional Tech Staff Association held three briefings on how encryption actually works. The Nuts and Bolts events series began with an “Introduction to Encryption” briefing on June 13, where renowned experts in the field explained how the technology functions and discussed its practical applications. Our second event on June 28 started with the historical aspects of encryption. While the current debate was fueled by an iphone, in reality, the history of encryption goes back to the ancient Egyptians. After covering the development of technology, the second panel of experts turned to the math that underpins this technology and a conversation on the different forms of encryption and why they’re used. Finally, the technical issues around government’s access to data, and how that access will change as evolving technology further distances companies and service providers from content were explored. Our last event on July 26 will attempt to pinpoint the history and the future with features of startups who are innovating to make communications between humans and communications between devices more secure. The Nuts and Bolts series of briefings and this booklet summarizing the events aim to fill in the knowledge gaps so that when the decision-makers come to the table, they speak the same language - the language of encryption.
WHAT IS ENCRYPTION? Encryption is the process of encoding otherwise readable information into a format that is unintelligible to someone without a key or password that is required to decode the information. Any code used to disguise the meaning of information is essentially a type of encryption, from the classic “substitution cipher” in which individual letters of a message are swapped in the encoded text to the complicated modern algorithms that secure messages using incredibly large numbers to outpace existing computing power.
HOW IS ENCRYPTION USED IN PRACTICE? Broadly speaking, encryption is used to protect the confidentiality and integrity of particular data. Encrypting information helps ensure that only certain designated recipients of that information have access to it and that it cannot be tampered with. The value and function of encryption technology depends in large part on the state of the data to be encrypted—that is, whether the data is at-rest or in-transit. Encrypted storage (or “at-rest” encryption) allows data to be stored on a device, with encryption protecting the data should a malicious party get access to the device. Encrypted communication (or “in-transit” encryption) allows data to be transmitted from one party to another party, often across a network, with encryption protecting the data should a malicious party get access to the data while it is in transit. Encryption is used somewhat differently in these two scenarios, so it makes sense to present them separately.
This material is adapted from “Nuts and Bolts of Encryption: A Primer for Policymakers,” Edward W. Felten, available at https://www.cs.princeton.edu/~felten/encryption_primer.pdf"
Encrypted storage Suppose a user, Alice, wants to store data on a device, which might be a smartphone in her possession, or might be a storage server operated by a service provider. Alice generates a secret key that only she knows, and she uses the secret key to encrypt the data. Encryption protects the confidentiality of the data, so that a malicious party who gets access to the device, but does not know the secret key, cannot learn the contents of Alice’s data. Encryption also protects the integrity of the data, so that a malicious party who gets access to the device, but does not know the secret key, cannot tamper with the data without Alice detecting that tampering occurred. Encryption on a device such as a smartphone typically works as depicted below: A device key, which is unique to Alice’s specific phone, is built into the phone when the phone is manufactured. In addition, Alice enters a secret passcode when she unlocks the phone. The device key and passcode are combined by cryptographic means to create a storage key, which will be used to encrypt data. The security of data on the device depends ultimately on two keys: The use of the device key ensures that data can be decrypted only on Alice’s specific phone—and the phone typically is physically “hardened” so that it is very difficult for a malicious party to extract the device key. The use of Alice’s passcode ensures that Alice must take explicit action—entering her passcode—to enable decryption or authorized modification of data. The device key and passcode are combined by cryptographic means to create a storage key, which will be used to encrypt data. From that point on, whenever an app wants to store data, the data is encrypted with the storage key before the data is put into storage. Whenever an app wants to retrieve data from storage, the data is decrypted before it is returned to the app.
device key + secret passcode = storage key
When the system decrypts data, the system also checks for tampering. Because all data is encrypted before it is put into storage, a malicious party who steals the device but does not know Alice’s secret key cannot recover Alice’s data, nor can such a party tamper with Alice’s data without detection. When Alice locks the phone, or when the phone loses power, Alice’s passcode and the storage key are erased from the phone. At that point the phone no longer contains the key information that would enable stored information to be recovered or to be tampered with undetectably. Decryption and tampering are not possible because the storage key is not present. The storage key cannot be re-created because Alice’s passcode is not present. Only by entering Alice’s passcode can decryption and authorized modification of the data be made possible again. But these protections will be in vain if a malicious party can guess Alice’s passcode. In practice, users often choose passcodes that are easily guessable by a computer that can try a large number of guesses very quickly. A secure system must have additional defenses against password guessing. Typically this involves having the system impose a delay after a failed attempt to enter the passcode, and having the system stop accepting passcode attempts altogether after a certain number of failed attempts. This will make passcode guessing infeasible, unless Alice chooses an exceptionally weak passcode such as 0000 or her birthday.
plain text > storage key > encrypted text
Encrypted Communication Suppose two users, Alice and Bob, want to send a series of messages to each other. They want to use encryption to protect the confidentiality of messages (so that nobody else can learn the contents of messages) and the integrity of messages (so that nobody else can tamper with messages without detection); and they want to use encryption to authenticate each other (so they both know they are not communicating with an impostor). For encrypted communication, each party generates a long-term identity key, which they keep secret. A party can use its long-term identity key to prove its identity to other parties. As depicted below, encrypted communication operates in two phases. In the first phase, the handshake, the two parties exchange a series of specially constructed messages. If anyone tampers with a message during the handshake, Alice and Bob will detect the tampering and abort the handshake. Otherwise, the handshake will succeed and will have two results: each party will get confirmation of the other’s identity (i.e. that the other party is the real Alice or Bob, and not an impostor). Alice and Bob will agree on a secret session key that is known only to the two of them. The details of how the initial handshake procedure gets these results are complex but not directly relevant to the policy discussion. Having completed the initial handshake, Alice and Bob can proceed to send messages to each other. If Alice wants to send a message to Bob, she encrypts that message with the session key and sends the resulting encrypted data to Bob. Bob uses the session key to decrypt the message, thereby recovering the original message and confirming that there was no tampering while the message was in transit. Encrypted communication systems use different cryptographic keys for different purposes. Each party has a long-term identity key, which is used in the initial handshake phase to authenticate the party’s identity and negotiate an initial session key. If a malicious party learns Alice’s long-term identity key, this would allow that party to impersonate Alice in the future, but it would not allow decryption or tampering with messages sent in a non-impersonated session. Session keys are used to protect individual messages that flow between the two parties. If a malicious party learns a session key, the malicious party can decrypt or tamper with messages encrypted with that session key. It is common for systems to switch to new session keys frequently, to limit the damage that could result from loss of any particular session key. Many systems switch to a new session key for every message, so that loss of a session key compromises only a single message. Once a new session key has been chosen, all copies of the old session key are erased. State-of-the-art encrypted communication systems are designed to be resilient, in the sense that there is no single secret key which, if compromised, would allow access to all messages. The consequences of a malicious party getting access to a secret key will depend on which key is compromised. A malicious party who somehow gets access to a party’s long-term identity key will be able to impersonate that party in the future but will not be able to decrypt old messages. A malicious party who somehow gets access to a session key will be able to decrypt all messages that were encrypted with that session key, but will not be able to decrypt messages sent with older or newer session keys, and will not be able to impersonate anyone. The use of multiple keys, and the practice of switching session keys frequently, limits the harm that results from any one key being compromised.
HOW DOES MODERN ENCRYPTION ACTUALLY WORK UNDER THE HOOD? While there a variety of different methods for encrypting digital information, most rely on one-way functions. A one-way function is a procedure that is simple to perform in one direction but difficult or impossible to reverse. For example, it is easy to mix different paints together to create a new color but impossible to “unmix” the paint into its constituent colors. Similarly, multiplying two large numbers by hand is relatively easy, but it is quite difficult to look at a large number and figure out which two numbers were multiplied to produce it. Because it is easy to verify whether or not a particular answer is a solution to a one-way function (e.g. whether multiplying two numbers actually produces a particular number) but difficult to reverse engineer the answer, one-way functions are useful for authenticating the integrity of a message and the identity of a message sender. Many common cryptographic techniques are built on the fact that there is no good algorithm for the prime factorization of large numbers (i.e. figuring out which prime numbers multiply together to produce the large number). Even the most powerful computers today cannot readily figure out the prime factors of very large numbers. To get around the computing power of today’s machines, cryptographers use numbers as large as all the atoms in the known universe. Without a good algorithm for discovering prime factors, hackers would need to essentially use a guess-and-check method for cracking these large numbers—an impractically time-consuming process.
The common technique of public key encryption provides a good example of one-way functions in practice: Let’s say you want to communicate securely with a stranger somewhere on the Internet. To accomplish this, you secretly choose two large prime numbers (your private keys) and multiply them to create a very large number (your public key). Because it is so difficult to figure out which prime numbers you multiplied together to produce your public key, you can share this key with anyone in the world and not worry about them figuring out your private key. Anyone who wants to communicate securely with you can encrypt their message with your widely available public key and send it back to you. Since only you know the prime numbers you multiplied to create your public key (aka your private key), only you can decrypt the message.
The history of encryption It wasn’t long after people developed written language that they started developing ways to protect what they’d written from prying eyes. Governments and individuals have worked on better and better ways to keep their information secure for thousands of years, and the underlying math and tools used share similar characteristics. Modern methods have evolved to adapt to the decentralized, high-traffic nature of the Internet and the mathematical prowess of high-powered computing - but how did we get here? Below are some key historical examples to provide context for encryption’s place in history and the modern world. 1900 B.C. - Egyptian scribes use non-standard hieroglyphs as a way to obscure inscriptions. This is the first example of written cryptography.
Key Definitions Cipher: Also spelled Cypher, is traditionally defined as a secret disguised way of writing. Ciphertext: A message that has been protected with a cipher, i.e. encrypted. Looks like nonsense. Plaintext: Also called “cleartext” - readable, unencrypted text. Encryption Key: A string of bits used for encrypting and decrypting a message. Cryptanalyst: A person who attempts to analyze and decrypt information. A cryptographer studies and develops cryptographic systems. Packet: A formatted unit of data. This is the form in which information travels over the Internet.
1500 B.C. - Assyrian merchants use intaglio, a piece of flat stone carved into a collage of images and some writing to identify themselves in trading transactions. Using this mechanism, they produce something like today’s 'digital signature.' The public knew that a particular 'signature' belonged to this trader, but only he had the intaglio to produce that signature. 500-600 B.C. - Hebrew scribes use a reversed-alphabet simple substitution cipher known as ATBASH to write the book of Jeremiah.
Hash Function: A function that can be used to map data of arbitrary size to data of fixed size - In cryptography, this means a math equation is used on a file of any size to generate a 32 (or other size) digit string of characters that can be used to verify the file hasn’t been altered. Hashes allow the file to be checked but not reconstructed so the content remains safe.
487 B.C. - The Greeks use a device called the “skytale,” a strip of leather was wrapped around a staff of a predetermined length, and then written on. The leather was then transported to its destination, and given to the intended recipient with an equal-length staff that was used to reveal the message. 100-44 B.C. - Julius Caesar uses a simple substitution cipher (just shifting the letters around a fixed amount) in government communications. His key was that he shifted each letter three spaces right. A to D, B to E ect..
1379 - Gabrieli di Lavinde devised a combination of a substitution alphabet and small code system for government communications, called a nomenclator. This cipher uses a small codebook combined with substitution tables to both encrypt and decrypt messages, and remained in use among diplomats and some civilians for 450 years.
725 - 790 A.D. - Al-Khalil, , who wrote the first dictionary of the Arab language, also wrote a book on cryptography inspired by his solution of a cryptogram in Greek for the Byzantine emperor. His solution was based on known plaintext at the message start -- a standard cryptanalytic method, used in WW-II against Enigma messages.
The history of encryption
1466 - Leon Battista Alberti invents and publishes the first polyalphabetic cipher. He designed a cipher disk (think decoder ring) to simplify the process. This kind of cipher changes the alphabet used at random intervals, so a cryptanalyst seeking to break the code would need to know by how much each letter of the code was shifted in order to crack it. This technique wasn’t cracked until the 1800’s.
1623 - Sir Francis Bacon describes a biliteral cipher, known as a 5-bit binary encoding. This cipher entails embedding As and Bs into a fake message, The arrangement of the As and Bs determines which letter of the alphabet they correspond with.
1585 - Blaise De Vigenere introduces the first authentic plaintext and ciphertext autokey systems, which means that the keys are derived from other parts of the message. These systems are broken down into key autokey and text autokey. Key autokey uses the previous members of the keystream to determine the next portion of the keystream. Text autokey uses message text to determine the future keystream.
1882- Frank Miller describes the one-time pad (OTP) encryption technique. OTP is an encryption technique that can’t be cracked. It requires that the one time pre-shared key is the same size as the message. As long as the key is kept secret and is truly random the resulting ciphertext will be impossible to break or decrypt.
1790 - Thomas Jefferson invented his wheel cipher. This was re-invented later and used in WW-II by the US Navy as the Strip Cipher, M-138-A.
The history of encryption 1933-45 - The Enigma Machine is broken by the Polish mathematician, Marian Rejewski, based only on captured ciphertext and one list of three months worth of daily keys obtained through a spy. Continued breaks were based on developments by Alan Turing, Gordon Welchman and others at Bletchley Park in England. 1977 - Ronald Rivest, Adi Shamir, and Leonard Adleman develop the RSA algorithm. The RSA algorithm involves four steps: key generation, key distribution, encryption and decryption. RSA is used to secure HTTPS, and other online services generally.
1976 - Whitfield Diffie and Martin Hellman introduce a way to allow secure communication over an open channel with no pre-arrangement, known as public-key cryptography. Their work is widely credited with enabling the modern internet.
1995 - Secure Sockets Layer (SSL) encryption protocol released by Netscape. This is an early form of encrypting online packet traffic.
1991 - Phil Zimmerman introduces the first version of â€œPretty Good Privacyâ€? (PGP). PGP works on the public key cryptography mechanism. PGP uses a symmetric encryption key to encrypt messages, and a public key is used with each sent and received message. He publishes his code online making PGP the first instance of open source encryption technology.
2001- DES is replaced by the Advanced Encryption Standard (AES). AES (also known as Rijndael) is based on a design principle known as a substitution-permutation network, a combination of both substitution and permutation. The key size used for an AES cipher specifies the number of repetitions of transformation rounds. 10 cycles of repetition for 128-bit keys, 12 cycles of repetition for 192-bit keys, and 14 cycles of repetition for 256-bit keys.
2003 - WPA (Wi-Fi Protected Access) supersedes WEP as the network encryption standard. WPA implements the Temporal Key Integrity Protocol (TKIP), which employs a per-packet key, meaning that it generates a new 128-bit key for each packet preventing some of the weaknesses that afflicted WEP.
2002- The Federal Information Publishing Standard Publication 198 updates to The Keyed-Hash Message Authentication Code (HMAC). The cryptographic strength of the HMAC depends upon the cryptographic strength of the underlying hash function, the size of its hash output, and on the size and quality of the key.
The Next Chapter: Startups and Encryption Startups are continuing to innovate new ways to protect communications between people and between devices. Encrypting communication is more important than ever when we live in an age where it’s not a question of whether you will be hacked, but when. Consumers and businesses must do all they can to protect their private information and luckily there are many new platforms that use encryption to increase your security. Additionally, the internet has not only created more communication between humans, it’s also made possible communication between devices on a large scale. The Internet of Things (IoT) is rapidly growing, with billions of devices coming online and becoming interconnected. IoT presents exciting opportunities for Internet-enabled “smart devices” to perform complex tasks, interact with each other, and streamline data-driven applications in new spaces. Although IoT promises significant improvements across several sectors, it also raises security and privacy concerns. Internet-enabled devices that collect, generate, store, and communicate sensitive data need to do so securely in order to fully tap into IoT’s potential. Startups are on the cutting edge of these technological advancements. We have profiled several startups who are advancing encryption for communications between people and communications between devices.
Encrypting Communications Between People: ArmorText provides companies with encryption for all of their messages at both the hardware and software level, making communication much more secure. Additionally, ArmorText limits the potential for data breaches by leveraging hardware-backed keys to maintain keys on devices locally.
Ionic Security helps you protect and control data everywhere it travels and anywhere it resides, whether on the corporate network, in the cloud or on mobile devices. Through Ionic’s secure platform, users can secure data with strong encryption and complete customer key ownership and control.
PreVeil is bringing end-to-end encryption into the mainstream with easy-to-use, cloud-based system that integrates seamlessly into common email applications to let users send fully secure emails. PreVeil uses multiple layers of secure keys to create and maintain strong passwords for their customers, making messaging more secure and less susceptible to a data breach.
Encrypting Data for Communication Between Devices:
is developing software that virtualizes encryption key management by moving the management from dedicated hardware to software that can be embedded on any device or platform. Allowing the key management to function on any platform will help revolutionize security and encryption in IoT.
is making IoT more secure by outfitting hardware with “crypto chips” that allow devices to communicate with other devices through encrypted channels. Filament’s technology has huge implications for facilitating payments between devices using blockchain technology and cutting out the human interaction.
is a next-generation data management platform built to accelerate the development of machine learning and artificial intelligence. As IoT technology advances, a tremendous amount of data is being collected and Immuta’s technology allows data scientists to encrypt very large data sets to facilitate research and development in the next great IoT advancements.
ArmorText McLean, VA In 2016, many of the worldâ€™s leading enterprises learned the hard way how valuable and vulnerable their messaging can be after numerous data security breaches made headlines globally. With almost 23 billion personal and business messages sent per day, itâ€™s high time organizations, teeming with sensitive personal data in addition to confidential internal and external communications, acknowledge the gravity of this new cyber reality and take responsibility for finding a technological solution that guarantees adequate protection for its employees, partners, and clients. In the aftermath of the breaches at Sony, the greatest cost was seen not as cost remediation but the human toll of having the communications of executive after executive dragged through the headlines. When a breach occurs, messages are often taken out of context, enabling your critics to define your intent. Additionally, it is estimated that the average data breach comes with a cost of $3.79 million. In politics, the cost of public opinion is invaluable. The 2016 election was plagued by breaches and debate over the ethics of insecure messaging protocols, topics that dominated much of the news cycle throughout the year-long campaigns and thus undoubtedly permeated public opinion. Unfortunately, politics isnâ€™t an arena for retroactivity. With the speed and intensity of the threat of breaches on the rise, the only solution is to play proactive defense. The question is: What does good defense look like? It starts with end-to-end encryption technology. Some of the most popular messaging services used within mega corporations are Hipchat and Slack, both of which fail to provide true end-to-end encryption, leaving all messages and shared files in plain view of the provider, opening up the possibility of a mega-leak. As these messaging services are breached, the messages and shared files of not just one, but in some cases hundreds and even thousands of organizations can be compromised at once. Other applications gaining traction, such as Signal and Whatsapp, provide end-to-end encryption, but they lack the basic controls necessary to apply organizational policy from the top down. The most formidable defensive strategy combines end-to-end encryption technology with enterprise controls and information lifecycle management. These important capabilities allow leadership to set policies concerning who can speak to whom, the lifespan of certain messages and information, and who has the power to access and review this information. They also enable administrators to wipe messages, shared files, and encryption keys, preventing the risk of leaked information from lost, stolen, or confiscated devices. Sony will never be able to reverse the breach that splattered private sensitive conversations across the headlines, tarnishing reputations. It can only learn from its mistakes and protect itself from future breaches by adopting new, more holistic encryption technologies. The past year has revealed that we are all vulnerable to breaches unless we take proactive action against new cyber threats with the proper technology. In a hackable world, ArmorText provides peace of mind for enterprises, without sacrificing the comfort of a seamless and familiar user interface. Reputations and trust that take years to build only take seconds to destroy without proper encryption technology. In addition to true end-to-end encryption, ArmorText offers integrated enterprise controls and information lifecycle management that ensure full messaging security, delivering the benefits of messaging in the cloud without the risk of unintended disclosure.
Ionic Security Atlanta, GA With large-scale data breaches making headlines on on a very regular basis, the timing could not be more ripe for an added layer of security that ensures that very few people have access to a company or institution’s most sensitive information. Ionic Security, an Atlanta-based data protection platform, cuts the previously unbreakable tie between access to devices and applications and the information that is accessed on them. While most encryption services are “perimeter-based,” Ionic recognizes that systems are accessed, both rightly and wrongly, by numerous actors, and the pool of people who truly need to work with sensitive information is significantly smaller. One of the biggest challenges with the current security models is that people secure data in a specific location. Ionic has created an inverse architecture for the way information is stored and the result is that data is no longer protected by people or systems but instead, by math and cryptography. This means, that even if bad actors are able to breach the systems or files that hold sensitive information, only Ionic and specified individuals have access to the keys needed to unlock the encrypted documents. Traditional security has been focused around systems and applications, but Ionic takes that level of protection even further by adding a layer of protection at the content-level, preserving the security of the information and the integrity of the systems that hold it. The customers of Ionic’s service are major companies that deal with extremely sensitive information in highly-regulated industries. As some of the primary targets of major data breaches, healthcare and financial services companies have turned to Ionic Security in the hopes that its unique method of data encryption will provide better protection. Unlike other technologies that are only able inform users after data is accessed, Ionic has developed ways to let its customers know what is about to happen, not simply what has already happened. This capability allows users to make a decision about whether or not the data should be used or retrieved in specific contexts. “Control is not binary...and it’s not sufficient for control over data to simply be yes or no,” Ghetti says. “At Ionic, the way we see it isn’t what or who should have access to your important information, but also what is the appropriate use of the information once access is granted,” he explains. Ionic Security is able to offer this increased, specified security through encryption key management on a very large scale. The company takes responsibility for managing all the keys through automation that is aligned with a policy engine, which controls who gets the keys in any given situation. While customers maintain access to the keys to their documents, Ionic’s technology is able to determine whether a user’s request for a key for decryption should be granted.
PreVeil Boston, MA There’s a popular aphorism in the infosec community: it’s not a question of whether you’ll be hacked but when. Telling this to non-engineers is a great way to get them to panic and change their email passwords. It’s also a sensible starting point when thinking about how to design secure communications systems. That is, if it’s safe to assume that any entity with valuable information will inevitably face security breaches, putting all your effort into preventing hackers from accessing your data merely delays the inevitable. But, if you design a system that doesn’t care if hackers can access your data because it’s unusable to them, you can operate securely in a decidedly insecure world. This mindset is at the heart of end-to-end encryption. Rather than just encrypting data as it travels between client to the server and decrypting the information at either end of the communications channel, end-to-end encryption services keep information encrypted while it is at rest on a server, relying on asymmetric key exchange protocols to ensure that only authorized users can decrypt the data. While this may sound hopelessly complicated, end-to-end encryption is fairly common in messaging services like WhatsApp and Signal. Despite its improved security, end-to-end encryption is still relatively rare in other popular applications like email and file hosting. PreVeil, a Boston-based startup is trying to change this, bringing end-to-end encryption fully into the mainstream with an easy-to-use, cloud-based system that integrates seamlessly into common email applications to let users to send end-to-end encrypted emails without any additional effort. PreVeil’s system allows users to share information with multiple user groups across a range of devices while ensuring the security of the various keys used to encrypt the information. While many of the techniques used in end-to-end encryption systems like PreVeil’s are well-known within the cryptography community, PreVeil recognizes that the limiting factor in getting people to adopt better security measures isn’t the technology, but rather the additional steps users must take to communicate securely. Consider how difficult it can be to convince people to adopt something as simple as two-factor authentication. PreVeil addresses this problem by eliminating all the burdens associated with typical security measures, including one of the most widespread—and overrated— security techniques around: passwords. Individual passwords are comically misused; a recent study found that 17 percent of users relied on “123456” as their password. Rather than counting on users to create and maintain strong passwords (which are prime targets for hackers when collected and stored on a server), PreVeil uses multiple layers of cryptographically secure keys associated with user devices but otherwise unseen to the user to protect sensitive information. When a document is created, PreVeil’s system encrypts it with a unique key generated for that document. Rather than just storing the encryption key and the encrypted document on the server, PreVeil encrypts the key used to encrypt the document’s with the unique encryption keys given to each PreVeil user that has access to the given document. This multi-level system of encrypting the keys needed to decrypt particular documents allows PreVeil to securely store information while keeping it readily and easily accessible to approved users. Naturally, the device keys at the heart of PreVeil’s system are incredibly important, and because they are unseen to the user, they present a challenging management problem: if a user loses her device, what happens to the decryption key stored on that device? PreVeil allows users to reconstruct their device keys through the use of “approval groups.” Essentially, a user’s secret device key is itself encrypted with a “recovery key,” and the encrypted sevice key is stored on a server. The recovery key is then effectively split up and distributed to an “approval group” of users such that each user has only part of the information necessary to reconstruct the recovery key. Only if some predetermined subset of the approval group (say, any three out of the five members of an approval group) agrees to combine their respective pieces of the recovery key can the group decrypt the lost device key that was encrypted with the recovery key. By distributing this information amongst a group of users, PreVeil ensures that no hacker can reconstruct a device key by targeting a central administrator and allows users to protect their information with cryptographically secure keys that they don’t have to remember or independently store. PreVeil’s clever system helps address one of the most difficult problems in information security: the perceived trade-off between security and usability. By integrating state-of-the-art cryptography tools with a distributed key management system that is functionally invisible to the end user, PreVeil allows enterprises to shift away from the inherently insecure password systems that are responsible for countless data breaches in recent years while at the same time increasing the security of their information. Rather than fight a losing battle to keep hackers out and force users to safely store complex passwords, PreVeil tackles information security with an unconventionally pragmatic approach, relying on sophisticated cryptography and clever user controls to provide true encryption that users never have to think about.
Dyadic New York, NY As connectivity increases and more and more companies migrate their data to the cloud, the risk of an attack on an enterprise’s data is greater than ever. As such, companies are increasingly recognizing the importance of encryption to protect the security and privacy of their information. As Dyadic Security co-founder Avner Mor puts it, “In order to protect the ‘crown jewels’ of the enterprise, encryption is the real safe.” But every safe requires a key, and the management of that key is a critical component of effective encryption. If the key is compromised, then attackers can gain access to the protected data and the game is over. This becomes especially complicated when there are multiple safes with numerous keys that are constantly changing. Historically, key protection and management has been done using dedicated hardware, such as a hardware security module (HSM), smartcard, or token. Under this hardware-based approach, the key is managed and safeguarded within a physical device that can be plugged into or attached directly to a computer or network server. Hardware based solutions are typically viewed as more secure than software solutions, but their implementation can be quite tedious, expensive, and requires dedicated machines. To address these issues, Dyadic Security has developed a solution that virtualizes encryption key management by moving it from dedicated hardware to software that can be embedded on any device or platform (IoT, smartphones, servers, laptops, etc.). Dyadic maintains the high level of security found with dedicated hardware while providing the improved user experience associated with software. The company does this by splitting or “sharing” the encryption keys across servers and regularly refreshing the split, so that no single server holds the full key. This approach capitalizes on a subfield of cryptography known as “multi-party computation” (MPC). In the most basic sense, MPC allows for the computation of a given function without either party ever knowing the specific inputs. In Dyadic’s case, the company uses MPC to split a cryptographic key in two and then encrypt or decrypt data without ever bringing the two pieces of the key together. When configured properly, this approach is remarkably effective. Dyadic places the servers in separate locations (reducing the threat of physical theft), uses servers with different operating systems (ensuring that no single malware can compromise both), and does not give any single administrator access to both servers (mitigating insider and spear-fishing threats). All of this ensures that there is never a single location where data can be compromised, or a single administrator or user who can access unencrypted information. There is no single point of failure and an attacker must compromise multiple servers in order to gain any information. Dyadic’s solution is especially helpful for companies that are considering moving some or all of their operations to the cloud. Security in the cloud can be a double-edged sword. A cloud provider often provides better security than what a small company could create on its own, but moving to the cloud brings up questions around loss of control (a company must share its encryption keys with the cloud provider) and regulatory issues (some data must be in your control). Dyadic allows for securing of private keys in the public cloud, meaning a company does not have to share the data protection responsibility with a cloud provider. This is especially helpful in highly regulated industries, and some of Dyadic’s largest clients operate within the financial industry (e.g. CitiBank, Goldman Sachs, and Visa).
Filament Reno, NV Recognizing the growth of the Internet of Things, Filament advances a vision for achieving the requisite security in IoT applications, thus paving a path forward for the use of IoT in economic applications. Decentralized security motivates Filament’s philosophy, and is reflected in its product’s core technology. Filament argues that IoT security is best achieved when each piece of hardware is secure, and able to communicate with other pieces of hardware without going through a central intermediary. The company explains that its guiding framework is “Security, Privacy, Autonomy, Decentralization, and Exchange” (SPADE), with each step building on top of the last one. Its thesis statement is that the economic benefits of IoT cannot be realized until systems are secure, data is private, devices are autonomous, and information and communication are decentralized. Filament envisions a world in which smart devices are secure enough to directly engage with each other. For instance, an IoT-enabled car could pay an IoT-enabled parking meter on its own, without the need for either a human or sever intermediary. Filament achieves its “Security” and “Privacy” goals by prioritizing hardware that supports powerful encryption tools. When a client has an IoT application, Filament takes an order for a piece of hardware, outfits the hardware with a “crypto chip,” and attaches a “smart contract” to the device. This contract provides the device with instructions about the rights and responsibilities of Filament and the customer, and is self-enforcing. To communicate with other devices, the hardware is equipped with long-range radio transmitters and receivers. Unique keys are burned into the crypto chips, and they are designed to stay functional for up to a decade, with data storage capabilities lasting several decades under the right conditions. Combining crypto chips and smart contracts means that once the chips are manufactured, a client can attach them to devices within an ecosystem without relying on Filament for data storage, collection, or transmission. Moving from hardware to software, Filament combines the telehash protocol with its “Blocklet” technology to achieve “Autonomy” and “Decentralization.” In terms of automation, a device’s smart contract is able to conduct a cryptographic handshake with another device without human input. Devices can directly verify the identity of other devices, and thus ensure that data is only transferred between approved parties. Decentralization is achieved as most of Filament’s clients use their own private cloud servers, and data can only be decrypted at end-points. This means that Filament does not see data in rest or in transit at any point. From Filament’s standpoint, its main service is providing the hardware that enables cryptographic handshakes between devices. It has no interest in collecting, retaining, or using its clients’ data. An additional bonus to this arrangement is that Filament would be unable to comply with orders to establish a backdoor or similar security flaw because of the decentralized nature of clients’ data. The main contribution of the Blocklet technology is its ability to facilitate economic exchange by reducing transaction costs through secure IoT mechanisms. Blocklet works by conducting transactions off-chain and on-device, then verifying those transactions through a blockchain. A blockchain creates a secure public ledger that cannot be edited or altered, thus making it an ideal way to engage in distributed transactions. Filament utilizes a blockchain to verify the transactions between smart devices, thus allowing them to contract and exchange services without human oversight. In the case of Blocklet, once the smart contract receives proof of payment for a service of good, it will initiate its its contractual obligations and fulfill its terms. For instance, a smart parking meter would allocate two hours of parking time to a smart car once its receives proof of payment. Importantly, Blocklet can accept both fiat and cryptocurrencies, thus allowing for flexibility in a wide variety of economic applications. Essentially, Filament’s value-added in this space is that it considerably simplifies complex transactions by reliable providing security and automation layers. Overall, Filament is launching a framework that aims to change the conversation surrounding IoT. By placing hardware front and center, Filament makes a case for a decentralized IoT. It is carving out a space for itself by providing technology that facilitates economic exchange, and invites its clients to imagine novel ways to integrate IoT into a variety of settings. Thus far, there are obvious applications in areas like industrial manufacturing, transportation, and energy production, and this list is likely to grow. Encryption is a vitally important concern when imagining the future of IoT, and Filament recognizes this fact. By integrating encryption with transactions, Filament is creating space for an IoT-enhanced economy that guarantees privacy and security alongside economic productivity.
Immuta Baltimore, MD While artificial intelligence and machine learning are not new concepts, it is the abundance of data available to scientists today that created the conditions for a new wave of technology and innovation. But for this to become a reality, data scientists need to have a secure and protected way to share and access datasets. Over the past few years, we have seen a massive increase in the data that organizations are able to collect and to process. However, today’s analytic platform architectures are complex, slow, and insecure. Making this data accessible to data scientists and secure for data owners is key to advancing artificial intelligence and machine learning. Immuta is a next-generation data management platform built to accelerate the development of machine learning and advanced analytics. Our self-service platform enables data owners, data scientists, analysts, and compliance officers to eliminate friction and accelerate innovation—automatically personalizing views of data based on each user’s attributes and each organization’s rules, which are dynamically implemented by our platform. The world’s largest enterprises rely on our software to easily connect and control their sensitive data for analytics while ensuring their compliance requirements are met. More specifically, the Immuta platform solves two of the largest barriers to successful data science and data sharing programs within large organizations. The first is that diverse storage technologies, including legacy storage issues, make dynamic and secure access to data difficult across and between large organizations, preventing machine learning and advanced analytics from being conducted. To solve this issue, the Immuta platform consists of a read-only abstraction layer, which virtually unifies all organizational data—no matter where it is stored and no matter its underlying storage technology. That means that Immuta customers need not change their underlying infrastructure to accelerate the analysis of their data and to make use of advanced analytics. The second barrier is that data restrictions frequently limit—if not fully prevent—data science teams and analysts from fully accessing and sharing the data they need to perform advanced analytics. Because the Immuta platform acts as one unified access layer for all organizational data, Immuta can enforce complex policies dynamically, solving for the compliance burden that hinders working with regulated data. Taken together, the Immuta platform enables data science and analytics teams to succeed in large organizations and within a highly-secure environment, allowing our customers to accelerate their time to innovation with confidence.