Qosmos

(Entropy as a Service)

Generate unpredictable keys to

Bolster Security

 

Overview:

Data is fueling the digital economy and will continue to become increasingly important. The need to safeguard data has increased the need for its encryption – while in transit or at rest. Even with plenty of investment in cybersecurity, avoiding breaches has become difficult. Not only are the number of breaches increasing every passing year, but the economic impact of these breaches has also increased.

Stolen information is generally considered to be of limited value to hackers if the data are encrypted. However, less than 5% of data are actually encrypted. Both data at rest and data in transit should be encrypted with the highest standards possible to not only mitigate the risk of data breaches, but also to ensure business continuity.

 

As organizations reimagine their business and aggressively adopt digital transformation technologies like cloud, IoT and mobile data security risks increase. No organization is immune to data hacking threats, which have increased globally since the COVID-19 Pandemic began.

 

The algorithmic/mathematical generation of encryption keys has diminished the quality of entropy. This entropy starvation has made it possible for hackers, with access to massive computational power, to decrypt such keys. Low entropy results in low security. If one is able to increase the entropy of the seed that generates encryption keys, the result is a much stronger security solution. Qosmos directly addresses the entropy gap, which is typically missing from current random number generators.

Problem:

The actual root of trust in any encryption algorithm is the seed from which the encryption key is generated. Digital transformation is increasing TPS (transactions per second) and the rate at which seed changes should also increase, to maintain an appropriate level of security. If the rate at which seed changes is low, entropy is low, which will degrade the security of the key and thereby degrade data security.

 

This may not seem like a big problem at first, but eventually the keys become weaker, thereby leaving cracks all over the encryption systems. These cracks are evident today and will continue to widen, bringing down the house once it reaches a tipping point.

 

Bad actors are actually harvesting data today without anyone’s knowledge, whether you are using current industry standard AES, 3DES and PKI encryptions, and storing it until entropy starvation ensues. They can then easily decrypt the data as needed.

 

Although they are currently state-of-the art throughout the industry, the cybersecurity solutions that MSSPs offer have already been hacked. The rapid pace of digital transformation and digital adoption dramatically increases MSSPs’ responsibility to protect enterprise data. MSSPs need a quantum safe security solution that preserves their existing investment, is easy to deploy and integrate, providing them and their customers with peace of mind.

Unconditional Quantum Security on World-class AI
Zeblok + QNu

The Solution:

Zeblok Computational and QNu Labs have partnered to provide MSSPs with Qosmos, a robust solution for providing high-quality entropy, which complies with NIST recommendations. Qosmos uses the encryption key seed generated by QNu Tropos. The QNu Tropos is a quantum random number generator, based on quantum mechanics, rather than an algorithmic/mathematical random number generator. The solution uses Zeblok’s cloud native AI Platform-as-a-Service foundational utilities to provide the API runtime to easily integrate the solution with the external world.

Advantages:

  • Proactively Quantum Entropy - Dramatically increase true entropy using quantum-based encryption keys

  • Multiple Deployment options - Host in your data center or subscribe to QNu/Zeblok's Entropy-as-a-Service

  • Ease of Integration - API's provide for easy and seamless integration

Qosmos Architecture

Qosmos solves the “Entropy Starvation” problem of the systems irrespective of their presence in cloud, embedded or an IOT devices. Qosmos provides the highest randomness, enables secure method of providing the keys ensuring unconditional security.
There are 3 main parts in the architecture

Tropos

QNu Tropos is quantum entropy device which is the root of randomness. The random numbers are generated from a quantum source and then transferred to applications as a service through Qosmos architecture. Tropos generates continuous stream of random bits which is fed to EaaS Server.

Zeblok AI PaaS

The foundational utilities on the SaaS layer of the Zeblok AI PaaS acts as bridge between Tropos and client applications. Zeblok’s AI Runtime environment provides APIs that can be easily integrated. The EaaS server accesses the Tropos random number stream, which is signed, encrypted, timestamped and sent to the client application. Our cloud native architecture is scalable and can include multiple servers.

Client Applications

We make it easy – API integration model enables users to get started, without any hardware root trust device requirements

Qosmos Benefits
Mitigate Potential Attacks
  • Message reply

  • Man-in-the-Middle

  • DNS Poisoning

Multi-Cloud Deployment

Flexibility to deploy composable foundational components of Zeblok AI PaaS within the MSSP’s data center or within third party cloud service providers like AWS, GCP, Azure or IBM.

Cloud Native Architecture

Turnkey cloud native AI PaaS provides instant usability and seamless scalability, with flexibility to enable additional services

Quantum-Safe

The laws of quantum physics assures 100% randomness and cannot be predicted

NIST Reference Architecture

Qosmos uses NIST architecture to establish a standard way of accepting keys

API Integration

Qosmos can be easily integrated into client architecture without any disruption and working as an additional layer providing the required security

Applications
The applications are transparent to random numbers required for security purposes. Any application that uses TLS will automatically get the random numbers via Qosmos, through the TLS library. This way, no application needs to be changed to use random numbers.

Web Browser Security:

The SSL handshake used in the https connection of a website will use digital certificated based on PKI. Now as the whole infrastructure is moving to TLS 1.3 for more security, the master secret key  generated  from  client  and  server  random  should  be  obtained  from  Qosmos  for  higher security.  This  essentially  replaces  the  PRF  (Pseudo  Random  Function)  which  generates deterministic randomness.

Encrypted E-Mail:

Apart from using a https -encrypted tunnel, emails are encrypted using a public and private key pair generated from randomness of system (key strokes, mouse movements etc.,). Instead we can use a TLS encryption based on Qosmos supported by Google, Microsoft, and Virtu etc., and making data exchange more secure.

Secure Video Conferencing:

With video conferencing becoming a medium to share secret information, the security need also has increased. Introduction of random seed from Qosmos to generate initial authentication keys  and  then  using  Qosmos  OTP  for  continuous  authentication  will  continuously  provide security.

Firewall Security:

The PKI keys like RSA are created in firewall to allow only the right user into the network. The firewalls  do  not  typically  have  enough  entropy  to  create  unpredictable  keys  making  them vulnerable to attacks. Integrating Qosmos to generate the keys will increase security of firewalls by many folds.

Data Backup & Recovery:

Data at rest and motion are important for data backup & recovery. Qosmos will be used for continuous authentication for each data transfer to maintain the security in motion. Clients have already  adopted  HSM  or  KMS  for  data  at  rest  whose  security  will  increase  when  they  use Qosmos random numbers as seed to generate the keys.

Remote monitoring and management Solution:

Data at rest and motion are important for data backup & recovery. Qosmos will be used for continuous authentication for each data transfer to maintain the security in motion. Clients have already  adopted  HSM  or  KMS  for  data  at  rest  whose  security  will  increase  when  they  use Qosmos random numbers as seed to generate the keys.

Digital Signatures:

Digital signatures are a crucial part of PKI infrastructure and with increase in demand due to digital adoption, the randomness generated now becomes deterministic. Integrating Qosmos to present certificate generation systems will increase the security and start the organization journey towards quantum-safe security.

Zeblok logo original-01 (1).jpg
LINKS
ABOUT

Email: zeblok@zeblok.com

Tel: +1 (631) 223-8233

HQ Office:

1500 Stony Brook Road

Stony Brook, NY 11794

Office:

51 JFK Parkway

First Floor West

Short Hills, NJ 07078

    © 2020 Zeblok Computational, Inc.