Qosmos

(Entropy as a Service)

Quantum led security on AI PaaS

 

Overview:

Increasingly valuable data, combined with increasingly sophisticated threats, heightens the importance of data protection. Data security, has two components:


•    Perimeter security
•    Core security

Perimeter security is like a wall around a house. Companies typically build higher and stronger walls, but adversaries seem to find ways to break or nullify such walls. Perimeter security is the first line of defense, but it is never unconditionally impenetrable. Thus, companies must rely on core security.

 

Core security directly protects data, relying primarily on encryption. Encryption keys provide confidential data communication, effectively scrambling the data into an unreadable stream, which must then be authenticated by the recipient, with the unique encryption key. Core security can be impenetrable if one generates, distributes, and manages the encryption keys correctly.

Qosmos Whitepaper
Core and Perimeter security.JPG

​Root of trust depends on seed underlying key:

Encryption keys derive their root of trust from the seed upon which they are created. Keys are only impenetrable if the seed underlying the key is generated in a truly random fashion. Algorithmically generated seeds are potentially vulnerable in that the algorithm can be cracked if one applies enough computing power. The only guarantee that a seed is truly randomly generated and cannot be replicated algorithmically is to employ a high entropy methodology.

Random key generation diagram.JPG

​Problem:

Previous methodologies (before development of a Quantum Random Number Generator) for generating a seed were either software-based (algorithm), which provides high throughput, but is vulnerable, or hardware-based, which is more secure, but generally has much lower throughput. In fact, the slow throughput makes this methodology vulnerable. Pseudo Random Number Generation (PRNG) is a software-based methodology using an algorithm to generate a seed, that will produce subsequent random values, which are then converted into random numbers. The seed for the software could be a date, temperature, pressure, or any deterministic input that are given to algorithm, randomizing the input by using a mathematical formula, providing random values.

True Random Number Generation (TRNG) uses hardware-based inputs, such as avalanche noise, thermal noise or atmospheric noise to create random values. The noise is converted into electronic signals, and thereafter into digital signals to generate random bits.

 

The below table summarizes previously available RNGs and the types of attacks that are possible.

Methods table QNu.JPG
Qosmos™ Implemented on Zeblok AI PaaS

The Solution:

Zeblok Computational and QNu Labs have partnered to provide Qosmos™, a robust solution for providing both high-quality entropy and high throughput, which complies with NIST recommendations. Qosmos™ uses an encryption key seed generated by a quantum random number generator, based on quantum mechanics, rather than an algorithmic random number generator. The solution uses Zeblok’s cloud native AI Platform-as-a-Service to provide the API runtime to easily integrate the solution with enterprise processes.

Usecase_Zeblok_Qosmos_2.png
Qosmos™ Architecture

Qosmos™ provides the highest quality randomness and a secure methodology to provide seeds to systems or applications, whether in a cloud, embedded in on premises applications or at the Edge. The architecture has three components:

Tropos™

Tropos™ QRNG (Quantum Random Number Generator) is a laser-based hardware device, which uses quantum physics principles to generate random numbers. Entropy density is extremely high, due to the superposition theorem, which underlies the methodology. Tropos uses photons to generate quantum Qubits, and thus the throughput is also very high.

Quantum physics, unlike classical physics, is inherently random. Superposition ensures randomness at the input level itself as quantum particles are in superposition and output can never be determined. This makes its random number generation wholly unpredictable, and hence, unbreakable.

 

A laser produces a stream of photons. When incident on a semi-transparent mirror, some photons are reflected, while the rest pass through the mirror. This phenomenon is called superposition, which is intrinsically random, rather than governed by an algorithmic principle or logic. This gives Tropos inherent randomness that cannot be influenced by any external parameters. This process is illustrated in the diagram below:

Tropos architecture.png
Zeblok AI PaaS

Zeblok’s AI PaaS enables integration of pragmatic AI into mission-critical enterprise processes. Zeblok deploys a turnkey cloud native AI Platform-as-a-Service to enterprise data centers or their cloud(s) or the Edge. Data scientists can start an AI/ML model in minutes, leverage open-source frameworks and a growing library of curated algorithms, scale seamlessly and deploy completed APIs in production. The platform’s composable foundational components include:

  • AI-WorkStation, including familiar frameworks and multi-cloud orchestration

  • High-performance computing (HPC) Orchestration

  • Accelerated Data Lake (improves search performance 10-15x)

  • Curated Algorithms

 

The EaaS server accesses the Tropos random number stream, which is signed, encrypted, timestamped, containerized and sent to the client application. The composable foundational components of the Zeblok cloud native AI PaaS acts as bridge between Tropos and client applications. Zeblok’s AI runtime environment provides the means whereby APIs can be easily integrated. Our cloud native architecture is scalable and can include multiple servers as well as multiple clouds.

 

The Zeblok AI PaaS dashboard is a GUI (Graphical User Interface), which enables MSPs and MSSPs to manage clients and monitor usage.

Client Applications

We make it easy – API integration model enables users to get started, without any hardware root trust device requirements. Any application that uses TLS will automatically get the random numbers via Qosmos™, through the TLS library. Most of the applications use PKI to derive session keys or digital certificates. The PKI today uses a deterministic random number generator as a seed. The quality of keys derived from these sources decreases with increase in demand for more keys. Qosmos™ helps in replacing the source with quantum randomness making the seed of keys secure. Banking, edge computing, defense and other critical infra use OTP (One Time Pad) for authentication. Using Qosmos will increase the quality of OTP and decrease the generation time required.

How it works?

The architecture simplifies implementation in end applications. MSPs and MSSPs have visibility into the system and client usage, facilitating management.

QNu Tropos™ is a quantum entropy device, which generates a continuous stream of random bits that are then fed to the EaaS server within the Zeblok AI PaaS. Random numbers are generated from this quantum source, containerized and then transferred to the user’s application.

  • Zeblok deploys its AI platform to the client environment (on-premises or cloud(s) or Edge)

  • Random numbers are generated by the Tropos™ QRNG and containerized on the Zeblok AI platform after health checkup using SP 800-90B NIST test. The random number is stored in Foundational Utilities - High Entropy Random Number.

  • The end application uses https protocol to access the random numbers and integrate them into an application, along with the NTP server timestamp. The dashboard displays usage of random numbers once the client requests access.

Qosmos™ Benefits
Mitigate Potential Attacks
  • Message reply

  • Man-in-the-Middle

  • DNS Poisoning

Multi-Cloud Deployment

Flexibility to deploy composable foundational components of Zeblok AI PaaS within the MSSP’s data center or within third party cloud service providers like AWS, GCP, Azure or IBM.

Cloud Native Architecture

Turnkey cloud native AI PaaS provides instant usability and seamless scalability, with flexibility to enable additional services

Quantum-Safe

The laws of quantum physics assures 100% randomness and cannot be predicted

NIST Reference Architecture

Qosmos™ uses NIST architecture to establish a standard way of accepting keys

API Integration

Qosmos™ can be easily integrated into client architecture without any disruption and working as an additional layer providing the required security

Applications
The applications are transparent to random numbers required for security purposes. Any application that uses TLS will automatically get the random numbers via Qosmos™, through the TLS library. This way, no application needs to be changed to use random numbers.
Web browser security.png

Web Browser Security:

The SSL handshake used in the https connection of a website will use digital certificated based on PKI. Now as the whole infrastructure is moving to TLS 1.3 for more security, the master secret key  generated  from  client  and  server  random  should  be  obtained  from  Qosmos™  for  higher security.  This  essentially  replaces  the  PRF  (Pseudo  Random  Function)  which  generates deterministic randomness.

Encrypted email.png

Encrypted E-Mail:

Apart from using a https -encrypted tunnel, emails are encrypted using a public and private key pair generated from randomness of system (key strokes, mouse movements etc.,). Instead we can use a TLS encryption based on Qosmos™ supported by Google, Microsoft, and Virtu etc., and making data exchange more secure.

Secure video conference.GIF

Secure Video Conferencing:

With video conferencing becoming a medium to share secret information, the security need also has increased. Introduction of random seed from Qosmos™ to generate initial authentication keys  and  then  using  Qosmos™  OTP  for  continuous  authentication  will  continuously  provide security.

Firewall security.GIF

Firewall Security:

The PKI keys like RSA are created in firewall to allow only the right user into the network. The firewalls  do  not  typically  have  enough  entropy  to  create  unpredictable  keys  making  them vulnerable to attacks. Integrating Qosmos™ to generate the keys will increase security of firewalls by many folds.

Data recovery.GIF

Data Backup & Recovery:

Data at rest and motion are important for data backup & recovery. Qosmos™ will be used for continuous authentication for each data transfer to maintain the security in motion. Clients have already  adopted  HSM  or  KMS  for  data  at  rest  whose  security  will  increase  when  they  use Qosmos™ random numbers as seed to generate the keys.

RMM.GIF

Remote monitoring and management Solution:

Data at rest and motion are important for data backup & recovery. Qosmos™ will be used for continuous authentication for each data transfer to maintain the security in motion. Clients have already  adopted  HSM  or  KMS  for  data  at  rest  whose  security  will  increase  when  they  use Qosmos™ random numbers as seed to generate the keys.

Digital Signatures.GIF

Digital Signatures:

Digital signatures are a crucial part of PKI infrastructure and with increase in demand due to digital adoption, the randomness generated now becomes deterministic. Integrating Qosmos™ to present certificate generation systems will increase the security and start the organization journey towards quantum-safe security.

Note: Qosmos™ and Tropos™ are trademarks of QNu Labs