More Related Content Similar to Trustleap - Mathematically-Proven Unbreakable Security (20) Trustleap - Mathematically-Proven Unbreakable Security1. TRUSTLEAP
®
The Need For Certainty
Mathematically-Proven Unbreakable Security
www.trustleap.com
2. This document is aimed at helping people to understand the TrustLeap technology. A
cryptographic oracle (where users chose and submit the plaintext: an ASCII classic
English book and a sentence that they type, an encryption key, the standard encryption
algorithm to secure like AES or RC4, and get the ciphertext, with the sentence injected at
a random position that they must guess to demonstrate that teir plaintext attack is
successful) as well as further information regarding the internals of TWD Industries AG's
technology are available under a proper NDA, to selected partners.
2 | Copyright © 2013, TWD Industries AG. All rights reserved.
TrustLeap
3. 3 | Copyright © 2013, TWD Industries AG. All rights reserved.
TrustLeap
I. Definition,
Promotion,
Reality
4. The Oxford Dictionary
Encryption: to convert (information or
data) into a code, especially to prevent
unauthorized access.
Origin: 1950s (in the US), from English
'in' and Greek kruptos 'hidden'.
4 | Copyright © 2013, TWD Industries AG. All rights reserved.
TrustLeap
5. Promotion
“no one ever lost money to an
attack on a properly designed
[standard] cryptosystem”
– Peter Gutmann
5 | Copyright © 2013, TWD Industries AG. All rights reserved.
TrustLeap
6. Reality
6 | Copyright © 2013, TWD Industries AG. All rights reserved.
TrustLeap
2007 – RC4 / WEP 802.11
wireless standard
Used to Steal 45 millions
of Credit-Card Numbers
Legal Costs: $40,900,000
7. Reality
7 | Copyright © 2013, TWD Industries AG. All rights reserved.
TrustLeap
2010 – A5-1 / GSM Phones
wireless standard
Spy, Trace and Impersonate
Billion of Mobile Phone Users.
– Karsten Nohl
8. Reality
8 | Copyright © 2013, TWD Industries AG. All rights reserved.
TrustLeap
2011 – GPRS / Web - Mail
wireless standard
Spy, Trace and Impersonate
Billion of Mobile Phone Users.
– Karsten Nohl
9. 9 | Copyright © 2013, TWD Industries AG. All rights reserved.
TrustLeap
2013 – 3DES / SIM Card
Javacard standard
Steal data, Spy, Trace and
Impersonate Billion of Mobile
Phone Users.
– Karsten Nohl
Reality
10. Reality
2013 – Design of $1.5 trillion F-35
10 | Copyright © 2013, TWD Industries AG. All rights reserved.
TrustLeap
Stolen From
...Pentagon
11. Reality
11 | Copyright © 2013, TWD Industries AG. All rights reserved.
TrustLeap
2013 – 96-bit secret key
RFID car transponder
Steal VW, Audi, Bentley,
Lamborghini & Porsche cars
as Megamos Crypto is broken.
– Flavio Garcia
12. Reality
12 | Copyright © 2013, TWD Industries AG. All rights reserved.
TrustLeap
2013 – Switzerland
e-VOTE Forgery
They know since 2002 what they
do wrong... but 2012 audits still
certify a flawed system.
– advtools.com
13. Standard Encryption Is Broken,
Routinely.
But Experts Keep
Saying:
“It's Very Safe”
13 | Copyright © 2013, TWD Industries AG. All rights reserved.
TrustLeap
Reality
14. “Cryptosystem failure is orders
of magnitude below any other
risk.”
– Peter Gutmann
14 | Copyright © 2013, TWD Industries AG. All rights reserved.
TrustLeap
Promotion
15. Reality
15 | Copyright © 2013, TWD Industries AG. All rights reserved.
TrustLeap
2012 – X.509 Certificates
“the Flame malware has been
signed by forged PKI certificates
to appear as if it was produced
by... Microsoft.”
16. Reality
16 | Copyright © 2013, TWD Industries AG. All rights reserved.
TrustLeap
The FLAME Malware
Active Since Year 2000 (!)
Exploiting Hashing Collisions
Breaking “Trusted” PKI Standard
18. Reality
18 | Copyright © 2013, TWD Industries AG. All rights reserved.
TrustLeap
SSL & TLS standards
2011 “BEAST exploits CBC IVs”
2012 “CRIME exploits compression”
2013 “LUCKY13 exploits decryption”
19. “AES 256-bit Is Safe Even For
TOP-SECRET Information.”
– U.S. Government
19 | Copyright © 2013, TWD Industries AG. All rights reserved.
TrustLeap
Promotion
20. Reality
20 | Copyright © 2013, TWD Industries AG. All rights reserved.
TrustLeap
2011 - AES standard
“AES Broken 5x Faster
Than By Brute Force;
Cause: Small Key Space.”
– Andrey Bogdanov
21. Reality
21 | Copyright © 2013, TWD Industries AG. All rights reserved.
TrustLeap
2012 - AES standard
“OpenSSL Uses AES
Tables For Speed,
Leaking Many Key Bits”
– Fraunhofer Research
22. “It Would Take Millions Of Years
To Break Standard
Encryption.”
22 | Copyright © 2013, TWD Industries AG. All rights reserved.
TrustLeap
Promotion
23. Reality
23 | Copyright © 2013, TWD Industries AG. All rights reserved.
TrustLeap
2012 – RSA SecurID
“It Takes 13 Minutes To Extract
A Secret Key From AES-based
RSA SecurID 800 Dongles”
– INRIA
24. 24 | Copyright © 2013, TWD Industries AG. All rights reserved.
TrustLeap
II. Discussion
25. The Myth of “Strong” Security
There Is No Such A Thing Like:
● “Strong Authentication”
● “Strong Encryption”
● “Strong Security”
> Crypto Is Either SAFE or UNSAFE.
25 | Copyright © 2013, TWD Industries AG. All rights reserved.
TrustLeap
26. Why Standards Fail?
Encryption Keys Are Generated By:
● PSEUDO-RANDOM Number Generators
● OSes Do It Wrong (a recurring issue)
● Developers Told To Trust OSes or CPUs.
> Crypto Keys Are Known In Advance.
26 | Copyright © 2013, TWD Industries AG. All rights reserved.
TrustLeap
27. Why Standards Fail?
File Formats & Network Protocols Use:
● “Magic Words” In File Headers, Protocols
(“PDF%”, “%PNG”, “HTTP/1.1”, etc.)
● Padding (often NULL bytes)
> Leading To Known Plaintext Attacks.
27 | Copyright © 2013, TWD Industries AG. All rights reserved.
TrustLeap
28. Why Standards Fail?
AES(input, key) < 2256 (AES < Key Space)
AES(iv, key) = System of Equations
AES(in, key) = AES(AES(i(n-1), key), key)
2 AES BLOCKS ENOUGH TO FIND KEY
> ARITHMETIC, NOT “RANDOM” data.
28 | Copyright © 2013, TWD Industries AG. All rights reserved.
TrustLeap
29. Why Standards Fail?
Design: Standards Are Trying To Hide
The Wood With
A Single Tree:
“Safe” KEY DATA
29 | Copyright © 2013, TWD Industries AG. All rights reserved.
YOUR
DEAR
TrustLeap
30. Claude Shannon's “Information Theory”
Defined The Rules In The 1940s:
1011011000010110111100101111
0110110111010110010001111101
1000100010100101001001010010
1010010010100000101001111011
1001111111010011111010101010
1110101001011011111001101010
1011000010010100011111111111
1010010100101001010010010101
0101100101001001010010010010
1001001010010110100010101001
0100101001010010010101010100
“Safe” KEY DATA
30 | Copyright © 2013, TWD Industries AG. All rights reserved.
YOUR
DEAR
TrustLeap
0111101
0011001
0101001
010010
1
KEY
LEAKS
LEAKS
I CAN SEE
YOU!
31. What's The Problem?
The “Information Theory” Says “Either
Perfect Secrecy OR Convenience”:
True Random Encryption Keys Applied
On Data Larger Than The Key Leaks Key
Patterns That Can Be Spotted & Used To
Recover The “Secret” Key.
31 | Copyright © 2013, TWD Industries AG. All rights reserved.
TrustLeap
32. Solutions?
1 Use The One-Time Pad; Keys Must Be:
(a) Random & Unique,
(b) As Long As Data,
(c) Safely Exchanged Before Encryption.
Provably Safe If Safe Random Source & Key
Exchange & No Key Reuse: Not Convenient.
32 | Copyright © 2013, TWD Industries AG. All rights reserved.
TrustLeap
33. Solutions?
2 Use A Very Strictly Defined Grammar
(a) Does Not Suit All Uses
(b) Requires High Crypto Skills
(c) Any Usage Error Implies Failure.
Can Be Made Provably Safe If Properly
Done & Used, But Not General-Purpose.
33 | Copyright © 2013, TWD Industries AG. All rights reserved.
TrustLeap
34. Solutions?
3 Use Provably-Safe Mathematical Rules
To Remove All Exploitable Key Leaks
From Encryption Standard ciphertexts
(making AES and others provably-safe).
34 | Copyright © 2013, TWD Industries AG. All rights reserved.
TrustLeap
Provably SAFE & CONVENIENT.
Getting The Best Of Both World!
35. 35 | Copyright © 2013, TWD Industries AG. All rights reserved.
TrustLeap
III. The Solution
36. TrustLeap
Game-Changing:
- Delivers Provably-Safe Certainty
- Reduces Surface Of Vulnerability
36 | Copyright © 2013, TWD Industries AG. All rights reserved.
TrustLeap
37. 37 | Copyright © 2013, TWD Industries AG. All rights reserved.
TrustLeap
Secure By-Design
HOW:
Mathematically-Proven:
Its Design Does Not Expose
Leaked Key Patterns In Encrypted Data.
38. 38 | Copyright © 2013, TWD Industries AG. All rights reserved.
TrustLeap
Secure Forever
WHY:
Without Correlations
To Spot In Encrypted Data
There Is Nothing To Target & Break.
39. 39 | Copyright © 2013, TWD Industries AG. All rights reserved.
TrustLeap
Ubiquity
WHERE:
A Low Overhead
Makes It Suitable For All Uses
(Servers, Phones, Embedded).
40. 40 | Copyright © 2013, TWD Industries AG. All rights reserved.
TrustLeap
Convenient
WHY:
Security Becomes Independent
From Chosen Key Length And
Involved Encryption Algorithm.
41. 41 | Copyright © 2013, TWD Industries AG. All rights reserved.
TrustLeap
Desirable Side Effects
WHERE:
By Restricting
Access To Known Users
It Excludes All External Threats,
Reducing The Surface Of Vulnerability.
42. 42 | Copyright © 2013, TWD Industries AG. All rights reserved.
TrustLeap
IV. Adoption
43. 43 | Copyright © 2013, TWD Industries AG. All rights reserved.
TrustLeap
Political Obstacles?
Consensus Easy To Obtain:
● Plug & Play, Securing AES, DES...
● Visible Undisputable Benefits
● 70-Year-Old Established Theory
● Affordable Licensing Terms
44. 44 | Copyright © 2013, TWD Industries AG. All rights reserved.
TrustLeap
V. Frequently
Asked
Questions
45. Quantum Computers
Quantum Computers (used by the NSA since
1990) find instantly results of algorithms without
having to run them. This is the death of security
based on computational hardness.
Only Mathematically-Proven TrustLeap Encryption
can resist to Quantum Computers (as there is
nothing left to exploit) and can be said to be
“provably unbreakable”.
45 | Copyright © 2013, TWD Industries AG. All rights reserved.
TrustLeap
46. Quantum Encryption
Quantum Encryption is based on PHYSICS rather
than MATHS. Its security depends on the lack of
KNOWN Principles of PHYSICS able to break it.
This “security” will NEVER BE PROVEN: we learn
more about PHYSICS every day.
So, unlike Mathematically-Proven TrustLeap,
Quantum Encryption can never be said to be
“provably unbreakable”.
46 | Copyright © 2013, TWD Industries AG. All rights reserved.
TrustLeap
47. Intrusion Detection Systems
Application Firewalls and other security filters
attempt to block abusers.
They can only block AFTER an attack is detected,
and their detection rules are updated AFTER a new
attack signature is built and broadcasted.
With TRUSTLEAP, only authenticated users can
interact with your server applications: you know
who to block, and where to find offenders.
47 | Copyright © 2013, TWD Industries AG. All rights reserved.
TrustLeap
48. 48 | Copyright © 2013, TWD Industries AG. All rights reserved.
TrustLeap
VI. Conclusions
49. Unbreakable Security
● Future-Proof (I.e. QUANTUM Computers)
● Mathematically Proven (Can Be Trusted By All)
● Independent From Computing Power Used To Break It
● No More Need To Enlarge Encryption Keys
● No More Need To Change Encryption Algorithms
● Also Unbreakable Two & Three-Factor Authentication
● No Central Key Repository Needed (But Can Be Used)
● Mobiles / Embedded: Very Low CPU / RAM Overhead
49 | Copyright © 2013, TWD Industries AG. All rights reserved.
TrustLeap
50. The Value Of Trust
Applications
● Corporate Asset Protection (Patents, Talks, Databases)
● Public Asset Protection (e-Votes, Medical Records, Legal)
● International Negotiations (United Nations, Contracts)
● Transaction / Archiving Certifications (Indisputable)
● Defense (Impenetrable Communications, Drones, etc.)
● Chips Would Be Ideally Used (Tampering, I.P. Protection)
● Legitimacy to Impose A Licensing Monopole (Exclusivity)
50 | Copyright © 2013, TWD Industries AG. All rights reserved.
TrustLeap
51. Trust Starts With Identity
● Email (Data Protection, Negotiations, Board Talks)
● Routers / Firewalls (How Safe Are Barriers If Broken?)
● Transactions (Trading, Contracts, Non-Repudiation)
● Storage (Confidentiality, Tamper-Proof, Full-Control)
● Defence (Remote Presence / Control, Chain Of Orders)
● I.P. Rights (What Worth Is A Proof That Can Be Spoofed?)
● Legal (Customers / Lawyers / Regulators Security Chain)
Availability: TrustLeap Multipass
51 | Copyright © 2013, TWD Industries AG. All rights reserved.
TrustLeap
52. 52 | Copyright © 2013, TWD Industries AG. All rights reserved.
TrustLeap
VII. Questions?
…
53. 53 | Copyright © 2013, TWD Industries AG. All rights reserved.
TrustLeap
TrustLeap
is the Security Division of
TWD Industries AG
a Swiss Company.
twd-industries.com
54. 54 | Copyright © 2013, TWD Industries AG. All rights reserved.
TrustLeap
Contact TrustLeap
contact@trustleap.com
1000100010100101001001010010
1010010010100000101001111011
1001111111010011111010101010
1110101001011011111001101010
1011000010010100011111111111
1010010100101001010010010101
0101100101001001010010010010
1001001010010110100010101001
0100101001010010010101010100
55. TrustLeap
Worldwide Corporate HQ
TrustLeap
Paradiesli 17
CH-8842 Unteriberg SZ
Switzerland
Phone +41 (0)55 414 20 93
Fax +41 (0)55 414 20 67
Email contact@trustleap.com
www.trustleap.com
About TrustLeap
TrustLeap, the security division of TWD Industries AG, protects digital assets with cryptanalytically unbreakable technology
(safe against unlimited computing power: it is proven mathematically that no key leaks can be exploited). The TrustLeap
secure platform leverages enterprise, cloud, networking, digital media and financial services in global strategic markets.
TrustLeap lets partners and users form dynamic ecosystems where duly accredited strangers can safely trust each-other.
Establishing widespread trust enables organizations to secure their infrastructure, raise the value of their offers and safely
market their digital assets.
TrustLeap
55 | Copyright © 2013, TWD Industries AG. All rights reserved.