Ai-MicroCloud™ for Quantum-Safe Security

Entropy-as-a-Service

 

Overview:

The plethora of enterprise AI and IoT use cases driving the explosion of data at the Edge in the post-quantum world requires a more robust security solution. Quantum computing provides the brute force to crack current cryptographic keys based on algorithmically generated random numbers, leaving companies' applications, communications and data vulnerable.

Zeblok and QNu have teamed to deliver QNu's Qosmos™ Entropy-as-a-Service, delivered as a container via Zeblok's Ai-MicroCloud™. Zeblok’s Ai-MicroCloud™ is an enterprise-ready turnkey AI Platform-as-a-Service, including curated algorithms, accelerated data lake, seamless high-performance computing (HPC) orchestration and runtime environment, that helps data scientists and data engineers develop, customize, and deploy AI projects quickly, generate new insights and enhance decision-making capabilities.

Increasingly valuable data, combined with increasingly sophisticated threats, heightens the importance of data protection. Data security, has two components:


•    Perimeter security
•    Core security

Perimeter security is like a wall around a house. Companies typically build higher and stronger walls, but adversaries seem to find ways to break or nullify such walls. Perimeter security is the first line of defense, but it is never unconditionally impenetrable. Thus, companies must rely on core security.

 

Core security directly protects data, relying primarily on encryption. Encryption keys provide confidential data communication, effectively scrambling the data into an unreadable stream, which must then be authenticated by the recipient, with the unique encryption key. Core security can be impenetrable if one generates, distributes, and manages the encryption keys correctly.

Qosmos
Solution Brief
Core and Perimeter security.JPG

​Root of trust depends on seed underlying key:

Encryption keys derive their root of trust from the seed upon which they are created. Keys are only impenetrable if the seed underlying the key is generated in a truly random fashion. Algorithmically generated seeds are potentially vulnerable in that the algorithm can be cracked if one applies enough computing power. The only guarantee that a seed is truly randomly generated and cannot be replicated algorithmically is to employ a high entropy methodology.

Random key generation diagram.JPG

​Problem:

Previous methodologies (before development of a Quantum Random Number Generator) for generating a seed were either software-based (algorithm), which provides high throughput, but is vulnerable, or hardware-based, which is more secure, but generally has much lower throughput. In fact, the slow throughput makes this methodology vulnerable. Pseudo Random Number Generation (PRNG) is a software-based methodology using an algorithm to generate a seed, that will produce subsequent random values, which are then converted into random numbers. The seed for the software could be a date, temperature, pressure, or any deterministic input that are given to algorithm, randomizing the input by using a mathematical formula, providing random values.

True Random Number Generation (TRNG) uses hardware-based inputs, such as avalanche noise, thermal noise or atmospheric noise to create random values. The noise is converted into electronic signals, and thereafter into digital signals to generate random bits.

 

The below table summarizes previously available RNGs and the types of attacks that are possible.

Methods table QNu.JPG
Qosmos™ Implemented on Zeblok Ai-MicroCloud™

The Solution:

Zeblok Computational and QNu Labs have partnered to provide Qosmos™, a robust solution for providing both high-quality entropy and high throughput, which complies with NIST recommendations. Qosmos™ uses an encryption key seed generated by a quantum random number generator, based on quantum mechanics, rather than an algorithmic random number generator. The solution uses Zeblok’s cloud native Ai-MicroCloud™ to provide the API runtime to easily integrate the solution with enterprise processes.

Usecase_Zeblok_Qosmos_2.png
Zeblok Ai-MicroCloud™

The foundational utilities on the SaaS layer of the Zeblok's Ai-MicroCloud™ accesses random numbers from Qosmos™ and provides these to client applications. Zeblok’s AI runtime environment provides APIs that can be easily integrated into various applications. The Qosmos™ server accesses the random number stream, which is signed, encrypted, timestamped and sent to the client application as a container. Cloud native architecture is scalable and can include multiple servers.

A dashboard helps manage clients, track the usage of client — thereby giving all kinds of usage statistics. The Dashboard also continuously monitors randomness of the numbers and health of the system. 

How It Works?

QNu uses single photon detector (SPD) technology to generate a continuous stream of random bits that are then fed from this device (Tropos™) to Qosmos™ Entropy-as-a-Service nexus, within the foundational utilities of the SaaS layer of the Zeblok Ai-MicroCloud™. Random numbers are then generated from this quantum source and transferred to the user’s model or applications via container on Zeblok's Ai-MicroCloud™ .

  • Access to Qosmos™ Entropy-as-a-Service random numbers, delivered via Zeblok containerized services

  • Applications use RESTful APIs over https protocol to access the random numbers and integrate them into the applications for usage along with the timestamp from NTP server. The usage of random numbers is noted in the dashboard as soon as the client requests access.

Qosmos™ Benefits
Mitigate Potential Attacks
  • Message reply

  • Man-in-the-Middle

  • DNS Poisoning

Multi-Cloud Deployment

Flexibility to deploy composable foundational components of Zeblok Ai-MicroCloud™ within the MSSP’s data center or public clouds (AWS, Azure, etc.)

Cloud Native Architecture

Turnkey cloud native Ai-MicroCloud™ provides instant usability and seamless scalability, with flexibility to enable additional services

Quantum-Safe

The laws of quantum physics assures 100% randomness and cannot be predicted, no matter how much compute brute force is applied

NIST Reference Architecture

Qosmos™ uses NIST architecture to standardize key acceptance

API Integration

Qosmos™, delivered as a container, can be easily integrated into client architecture without any disruption, working as an additional security layer

Applications
The applications are transparent to random numbers required for security purposes. Any application that uses TLS will automatically get the random numbers via Qosmos™, through the TLS library. This way, no application needs to be changed to use random numbers.
Web browser security.png

Web Browser Security:

The SSL handshake used in the https connection of a website will use digital certificated based on PKI. Now as the whole infrastructure is moving to TLS 1.3 for more security, the master secret key  generated  from  client  and  server  random  should  be  obtained  from  Qosmos™  for  higher security.  This  essentially  replaces  the  PRF  (Pseudo  Random  Function)  which  generates deterministic randomness.

Encrypted email.png

Encrypted E-Mail:

Apart from using a https -encrypted tunnel, emails are encrypted using a public and private key pair generated from randomness of system (key strokes, mouse movements etc.,). Instead we can use a TLS encryption based on Qosmos™ supported by Google, Microsoft, and Virtu etc., and making data exchange more secure.

Secure video conference.GIF

Secure Video Conferencing:

With video conferencing becoming a medium to share secret information, the security need also has increased. Introduction of random seed from Qosmos™ to generate initial authentication keys  and  then  using  Qosmos™  OTP  for  continuous  authentication  will  continuously  provide security.

Firewall security.GIF

Firewall Security:

The PKI keys like RSA are created in firewall to allow only the right user into the network. The firewalls  do  not  typically  have  enough  entropy  to  create  unpredictable  keys  making  them vulnerable to attacks. Integrating Qosmos™ to generate the keys will increase security of firewalls by many folds.

Data recovery.GIF

Data Backup & Recovery:

Data at rest and motion are important for data backup & recovery. Qosmos™ will be used for continuous authentication for each data transfer to maintain the security in motion. Clients have already  adopted  HSM  or  KMS  for  data  at  rest  whose  security  will  increase  when  they  use Qosmos™ random numbers as seed to generate the keys.

RMM.GIF

Remote monitoring and management Solution:

Data at rest and motion are important for data backup & recovery. Qosmos™ will be used for continuous authentication for each data transfer to maintain the security in motion. Clients have already  adopted  HSM  or  KMS  for  data  at  rest  whose  security  will  increase  when  they  use Qosmos™ random numbers as seed to generate the keys.

Digital Signatures.GIF

Digital Signatures:

Digital signatures are a crucial part of PKI infrastructure and with increase in demand due to digital adoption, the randomness generated now becomes deterministic. Integrating Qosmos™ to present certificate generation systems will increase the security and start the organization journey towards quantum-safe security.

Note: Qosmos™ and Tropos™ are trademarks of QNu Labs