SlideShare a Scribd company logo

Attributable Networks - Guardtime Whitepaper

Martin Ruubel, profile picture
Martin Ruubel

Guardtime's Keyless Signature Infrastructure (KSI) technology allows networks to be instrumented in a way that digital assets and components can be tagged, tracked, and authenticated in real-time. KSI signatures are based on mathematical proofs rather than cryptographic secrets, provide evidence of an asset's provenance like time and identity, and are portable across networks. This allows networks using KSI to detect compromises early and build an integrity picture of the network in real-time. In contrast, traditional approaches like PKI rely on secrets that can be compromised and don't work as well at large scale. For example, the Target breach may have been prevented if they used KSI to monitor the integrity of components in their network.

1 of 12
Downloaded 14 times
1
2
3
4
5
6
7
8
9
10
11
12
Page 2 of 5Guardtime KSI | Attributable Networks Attributable Networks Truth, not Trust www.guardtime.com
Guardtime and KSI KSI Technology Primer Why Is Attribution Important? Contrasting KSI The Target Case Contents 3 5 7 9 11
Page 2 of 5Guardtime KSI | Attributable Networks Definition: ‘attribution’ means that the digital assets and network components can be tagged, tracked, located, and subsequently authenticated, in real-time, at scale. Guardtime’s KSI technology serves as a proactive Information- and Software Assurance, Insider Threat, and Advanced Persistent Threat detection capability. KSI technology is in use today across a variety of United States and European Union eGovernment and federal agency platforms. Guardtime and KSI Guardtime is an Information and Software Assurance com- pany to offer the world’s first massively scalable real-time authentication and integrity solution for any type of digital asset. With Guardtime’s Keyless Signature Infrastructure (KSI) technology, the realization of ‘truly attributable’ net- works is possible, where digital assets and their prove- nance can be authenticated in real-time, anywhere in the world, independent of the service provider. KSI signatures are portable, literally becoming part of the digital asset, and are used to provide proof of time, identity, and authenticity. This proof affords the consumer, service provider, or data broker to finally trust the provenance and integrity of any network interactions, as well as the digital assets they are managing and/or consuming. Guardtime’s KSI technology is used across a variety of United States and European Union e-government and fed- eral agency platforms to authenticate and validate import- ant digital and M2M assets in real-time and regardless of scale; verifying their authenticity, time, chain-of-custody and associated interactions. Guardtime KSI serves as a pro- active Information and Software Assurance, Insider Threat, and Advanced Persistent Threat detection capability. Guardtime’s definition of an Attributable Network: Attribu- tion means that the properties of important digital assets (trade secret, proprietary information, etc.) and network component software and/or firmware for assets like rout- ers, switches, applications, virtual machines, configuration information, audit and event log systems, and associated network services can be tagged, tracked, located, and subsequently authenticated. 1 2 3 Summary
Attributable Networks - Guardtime Whitepaper
Guardtime KSI | Attributable Networks Page 3 of 5 KSI Technology Primer The information derived from a KSI signature means the asset’s chain-of-custody information, creation time, and authenticity information remains undisputable and can be subsequently trusted and verified without trusting or solely relying upon an administrator or a secret (such as a key or PKI credential). Instead, KSI uses a ‘proof-based’ method to accomplish authentication and our forensic evidence is portable across any Cloud Service Provider or Enterprise network. Forensically, KSI signatures are based on mathematical proofs and keyless cryptographic functions approved by the EU and the US National Institute of Standards (NIST). These proofs and functions will withstand exploitation even with advances in quantum computing meaning that assets signed by KSI will have proof information retained over the lifetime of the asset. The forensic evidence of the signa- tures makes legal indemnification issues easy to resolve; highlighting who, what, where, and when a digital asset was touched, modified, created, or transmitted. This evi- dence holds up in a court of law. Literally any digital asset can be signed with Guardtime KSI and access (to the underlying data the signatures are protecting) is not necessary to determine if there is an integrity loss or compromise. An organization’s Network Operations Center (NOC) or Security Operations Center (SOC) can simply adjudicate and trace any changes to signatures to determine the integrity state of their network or important archives via automated (or manual) reporting, analysis, and visualization (dashboards). This concept and infrastructure does not rely on cryp- tographic secrets or credentials that can be compromised, nor does KSI rely on trusting administrators. The signature information afforded by Guardtime KSI can be used in fact to preserve and verify administration/user activities, behav- iors, and interactions across the network. KSI signatures are based on mathematical proofs and keyless cryptographic functions approved by the EU and the US National Institute of Standards (NIST). KSI does not rely on cryptographic secrets or credentials that can be compromised, nor does KSI rely on trusting administrators. The forensic evidence of the KSI signatures makes legal indemnification issues easy to resolve, highlighting who, what, where, and when a digital asset was touched, modified, created, or transmitted. The information afforded by KSI holds up in a court of law. IoT primer 4 5 6 7 Summary
Attributable Networks - Guardtime Whitepaper
Guardtime KSI | Attributable Networks Page 4 of 5 Why is Attribution Important? Fundamentally, the signatures generated by Guardtime KSI baseline the state of your important digital assets – Guardtime calls this concept ‘Clean State Proof’, high- lighting their authenticity, time, and identity. This proof information can then be sent and escrowed (aggregated) across the network enterprise or across service providers without disclosing the underlying contents of the data the signatures protect. By collecting, analyzing, correlating and reporting this ev- idence one can build a real-time integrity picture of the network and/or important digital repositories and archives. With this real-time awareness regarding the integrity state of important digital asset components, organizations seeking to protect the integrity of their network can make real-time decisions in the event that the network and/or asset is compromised and quickly identify the cause and specific component(s) responsible for the loss of integrity. Subsequently, with this real-time awareness, real-time incident response, real-time data-loss prevention, inves- tigation, and/or network resilience is now possible to de- tect and react to any misconfiguration, network and/or component/application failure. Moreover, KSI directly supports enhanced continuity of operations, data loss prevention (due to theft or ma- liciousness), and is a new form of Advanced Persistent Threat (APT) detection when malware infects a crucial network or system component. The changed state of the asset provides a real-time alert, which can then be inves- tigated, audited, and/or behavior stopped. If an asset is affected by malware, the signature information changes, the asset can be ‘sandboxed’ or firewalled before further infection or transfer. Organizations can build a real-time integrity picture of the network and/or important digital repositories and archives. KSI instrumented attributable networks enables discovery and real-time decisions in the event that the network and/or asset is compromised. 8 9 Summary
Attributable Networks - Guardtime Whitepaper
Guardtime KSI | Attributable Networks Page 5 of 5 Contrasting KSI There are no competitive technologies like Guardtime KSI. Until Guardtime, there was no way to instrument the net- work at the scale required to track the state and status of the hundreds of thousands, millions, or even billions of organizational assets contained across a large enterprise environment and constrain their activities. Guardtime KSI signatures can work at Exabyte scale and have minimal impact to network overhead for signing, escrow, and veri- fying operations. Organizational ICT environments today may span mul- tiple service or cloud providers. For example: with the advent of cloud computing a new technology needed to be developed that worked at scale, with portable evidence, and needed to move the trust anchor from the administrator or cryptographic secret to an immutable proof (proof that does not change or can be tampered with). Guardtime KSI provides this proof with the context of time, integrity, and identity information for the assets being signed and monitored. In contrast to Guardtime KSI, traditional digital signature technologies and credential-based signature technologies (such as PKI) DO NOT work well at scale, and ultimately rely on an underlying cryptographic secret, which when compromised results in a loss of trust in the security and event reporting systems. The complexities of key manage- ment and revocation make PKI systems inefficient with high overhead and enterprise administration costs. Also, unlike KSI, if a PKI credential is compromised, you cannot trust any of the security evidence being reported by the system because the applications or logs may be subverted. If you can’t trust the reporting mechanisms, then you cannot trust the state of the assets the secu- rity layer is protecting. Therefore, if these systems be- come compromised a network may be exploited for days, weeks, months, or years before the attack is understood or the data loss caught. In fact, an organization may never discover the compromise. Guardtime KSI technology can work at exabyte scale while havingminimal impact to network overhead for signing, escrow, and verifying operations – there are no competitive technologies with similar capabilities. Traditional PKI relies on an underlying cryptographic secret, which when compromised results in a complete collapse of trust in the entire security and event reporting system. Additionally, PKI does NOT work well at scale; the complexities of key management and revocation make PKI systems inefficient with high overhead and administration costs. 10 11 12 Summary
Attributable Networks - Guardtime Whitepaper
Guardtime KSI | Attributable Networks Page 6 of 6 The Target Case Recently a major corporation’s customer credit card and billing information was stolen resulting in the loss of over 100MM credit card numbers via the exploitation of multiple network components across Target’s enterprise. With Guardtime KSI, the Target compromise would have never occurred; as the compromised integrity of the credit card database configuration(s), machine reader software, and security layer components would have been detected in real-time and subsequently responded to. As of writing (February 2014) Target still cannot answer the United States Congress if they have eliminated the malware inside the enterprise and if backdoors still re- main into their customer records system(s). They are not instrumented from the inside out to begin to understand their networks integrity, what has changed, and what was responsible. The implications for any organization creating an attrib- utable network means that they can prevent data loss of important digital assets, assure the integrity of their network, and verify enterprise behaviors even across service providers without having to put their trust in cryptographic secrets or administrators that may also be compromised (also known as the ‘insider threat’). Strategically, a new era in trusted networking and digital asset and content protection is possible with Guardtime KSI. Every component, configuration, and digital asset can be tagged, tracked, and located with real-time integ- rity information no matter where that asset is transmitted, stored, or received. With Guardtime KSI, Target compromise would have never happened. For any organization creating an attributable network, it means that they can prevent data loss of important digital assets, assure the integrity of their network, and verify enterprise behaviors even across the service providers without having to put their trust in cryptographic secrets or systems administrators Strategically, a new era in trusted networking and digital asset and content protection is possible with Guardtime KSI. 13 14 15 Summary
Page 2 of 5Guardtime KSI | Attributable Networks © 2014 Guardtime

More Related Content

PDF
Guardtime_KSI_Use_of_a_globally_distributed_blockchain_to_secure_SDN_whitepap...
Martin Ruubel
 
PDF
KSI for IoT Security - Turning Defence Into Offence - Guardtime Whitepaper
Martin Ruubel
 
PDF
Combating the enemy within – an elegant mathematical approach to insider thre...
Martin Ruubel
 
PDF
Cloud Insecurity and True Accountability - Guardtime Whitepaper
Martin Ruubel
 
PDF
br-security-connected-top-5-trends
Christopher Bennett
 
PDF
MIST Effective Masquerade Attack Detection in the Cloud
Kumar Goud
 
PPTX
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORK
Maganathin Veeraragaloo
 
PDF
Enabling privacy and_traceability_in_supply_chains_using_blockchain_and_zero_...
Cláudia Alves
 
Guardtime_KSI_Use_of_a_globally_distributed_blockchain_to_secure_SDN_whitepap...
Martin Ruubel
 
KSI for IoT Security - Turning Defence Into Offence - Guardtime Whitepaper
Martin Ruubel
 
Combating the enemy within – an elegant mathematical approach to insider thre...
Martin Ruubel
 
Cloud Insecurity and True Accountability - Guardtime Whitepaper
Martin Ruubel
 
br-security-connected-top-5-trends
Christopher Bennett
 
MIST Effective Masquerade Attack Detection in the Cloud
Kumar Goud
 
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORK
Maganathin Veeraragaloo
 
Enabling privacy and_traceability_in_supply_chains_using_blockchain_and_zero_...
Cláudia Alves
 

What's hot (20)

PPTX
Public Key Infrastructure (PKI) Market 2021 - Regional Outlook and Competitiv...
PiyushHipparkar
 
PDF
ISSA: Cloud data security
Ulf Mattsson
 
PPTX
Microsoft Platform Security Briefing
technext1
 
PPTX
[CB21] Keynote1:Shaking the Cybersecurity Kaleidoscope – An Immersive Look in...
CODE BLUE
 
PDF
MEKDA: Multi-Level ECC based Key Distribution and Authentication in Internet ...
IJCNCJournal
 
PDF
Where Data Security and Value of Data Meet in the Cloud
Ulf Mattsson
 
PDF
Big security for_big_data
Shyam Sarkar
 
PPT
Security in Web 2.0, Social Web and Cloud
ITDogadjaji.com
 
PDF
Cyfirma cybersecurity-predictions-2022-v1.0 c
Aanchal579958
 
PDF
Gartner Newsletter: Cisco TrustSec Deployed Across Enterprise Campus, Branch ...
Cisco Security
 
PDF
Blockchain for Accounting & Assurance
Eryk Budi Pratama
 
PDF
Clearswift f5 integration
Marco Essomba
 
PPTX
Practical Security for the Cloud
Chirag Joshi, CISA, CISM, CRISC
 
PDF
4192 sslvpn sb_0412
Hai Nguyen
 
PDF
Law firms keep sensitive client data secure with CloudMask
CloudMask inc.
 
PDF
BlockChain Enabled-Cloud Delivered For Network Secuirty
Happiest Minds Technologies
 
PDF
Cyber security basics for law firms
Robert Westmacott
 
PDF
(SACON) Ramkumar Narayanan - Personal Data Discovery & Mapping - Challenges f...
Priyanka Aash
 
PPTX
Risk Management Practices for PCI DSS 2.0
Ulf Mattsson
 
PDF
IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...
Entrust Datacard
 
Public Key Infrastructure (PKI) Market 2021 - Regional Outlook and Competitiv...
PiyushHipparkar
 
ISSA: Cloud data security
Ulf Mattsson
 
Microsoft Platform Security Briefing
technext1
 
[CB21] Keynote1:Shaking the Cybersecurity Kaleidoscope – An Immersive Look in...
CODE BLUE
 
MEKDA: Multi-Level ECC based Key Distribution and Authentication in Internet ...
IJCNCJournal
 
Where Data Security and Value of Data Meet in the Cloud
Ulf Mattsson
 
Big security for_big_data
Shyam Sarkar
 
Security in Web 2.0, Social Web and Cloud
ITDogadjaji.com
 
Cyfirma cybersecurity-predictions-2022-v1.0 c
Aanchal579958
 
Gartner Newsletter: Cisco TrustSec Deployed Across Enterprise Campus, Branch ...
Cisco Security
 
Blockchain for Accounting & Assurance
Eryk Budi Pratama
 
Clearswift f5 integration
Marco Essomba
 
Practical Security for the Cloud
Chirag Joshi, CISA, CISM, CRISC
 
4192 sslvpn sb_0412
Hai Nguyen
 
Law firms keep sensitive client data secure with CloudMask
CloudMask inc.
 
BlockChain Enabled-Cloud Delivered For Network Secuirty
Happiest Minds Technologies
 
Cyber security basics for law firms
Robert Westmacott
 
(SACON) Ramkumar Narayanan - Personal Data Discovery & Mapping - Challenges f...
Priyanka Aash
 
Risk Management Practices for PCI DSS 2.0
Ulf Mattsson
 
IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...
Entrust Datacard
 
Ad

Attributable Networks - Guardtime Whitepaper

  • 1. Page 2 of 5Guardtime KSI | Attributable Networks Attributable Networks Truth, not Trust www.guardtime.com
  • 2. Guardtime and KSI KSI Technology Primer Why Is Attribution Important? Contrasting KSI The Target Case Contents 3 5 7 9 11
  • 3. Page 2 of 5Guardtime KSI | Attributable Networks Definition: ‘attribution’ means that the digital assets and network components can be tagged, tracked, located, and subsequently authenticated, in real-time, at scale. Guardtime’s KSI technology serves as a proactive Information- and Software Assurance, Insider Threat, and Advanced Persistent Threat detection capability. KSI technology is in use today across a variety of United States and European Union eGovernment and federal agency platforms. Guardtime and KSI Guardtime is an Information and Software Assurance com- pany to offer the world’s first massively scalable real-time authentication and integrity solution for any type of digital asset. With Guardtime’s Keyless Signature Infrastructure (KSI) technology, the realization of ‘truly attributable’ net- works is possible, where digital assets and their prove- nance can be authenticated in real-time, anywhere in the world, independent of the service provider. KSI signatures are portable, literally becoming part of the digital asset, and are used to provide proof of time, identity, and authenticity. This proof affords the consumer, service provider, or data broker to finally trust the provenance and integrity of any network interactions, as well as the digital assets they are managing and/or consuming. Guardtime’s KSI technology is used across a variety of United States and European Union e-government and fed- eral agency platforms to authenticate and validate import- ant digital and M2M assets in real-time and regardless of scale; verifying their authenticity, time, chain-of-custody and associated interactions. Guardtime KSI serves as a pro- active Information and Software Assurance, Insider Threat, and Advanced Persistent Threat detection capability. Guardtime’s definition of an Attributable Network: Attribu- tion means that the properties of important digital assets (trade secret, proprietary information, etc.) and network component software and/or firmware for assets like rout- ers, switches, applications, virtual machines, configuration information, audit and event log systems, and associated network services can be tagged, tracked, located, and subsequently authenticated. 1 2 3 Summary
  • 5. Guardtime KSI | Attributable Networks Page 3 of 5 KSI Technology Primer The information derived from a KSI signature means the asset’s chain-of-custody information, creation time, and authenticity information remains undisputable and can be subsequently trusted and verified without trusting or solely relying upon an administrator or a secret (such as a key or PKI credential). Instead, KSI uses a ‘proof-based’ method to accomplish authentication and our forensic evidence is portable across any Cloud Service Provider or Enterprise network. Forensically, KSI signatures are based on mathematical proofs and keyless cryptographic functions approved by the EU and the US National Institute of Standards (NIST). These proofs and functions will withstand exploitation even with advances in quantum computing meaning that assets signed by KSI will have proof information retained over the lifetime of the asset. The forensic evidence of the signa- tures makes legal indemnification issues easy to resolve; highlighting who, what, where, and when a digital asset was touched, modified, created, or transmitted. This evi- dence holds up in a court of law. Literally any digital asset can be signed with Guardtime KSI and access (to the underlying data the signatures are protecting) is not necessary to determine if there is an integrity loss or compromise. An organization’s Network Operations Center (NOC) or Security Operations Center (SOC) can simply adjudicate and trace any changes to signatures to determine the integrity state of their network or important archives via automated (or manual) reporting, analysis, and visualization (dashboards). This concept and infrastructure does not rely on cryp- tographic secrets or credentials that can be compromised, nor does KSI rely on trusting administrators. The signature information afforded by Guardtime KSI can be used in fact to preserve and verify administration/user activities, behav- iors, and interactions across the network. KSI signatures are based on mathematical proofs and keyless cryptographic functions approved by the EU and the US National Institute of Standards (NIST). KSI does not rely on cryptographic secrets or credentials that can be compromised, nor does KSI rely on trusting administrators. The forensic evidence of the KSI signatures makes legal indemnification issues easy to resolve, highlighting who, what, where, and when a digital asset was touched, modified, created, or transmitted. The information afforded by KSI holds up in a court of law. IoT primer 4 5 6 7 Summary
  • 7. Guardtime KSI | Attributable Networks Page 4 of 5 Why is Attribution Important? Fundamentally, the signatures generated by Guardtime KSI baseline the state of your important digital assets – Guardtime calls this concept ‘Clean State Proof’, high- lighting their authenticity, time, and identity. This proof information can then be sent and escrowed (aggregated) across the network enterprise or across service providers without disclosing the underlying contents of the data the signatures protect. By collecting, analyzing, correlating and reporting this ev- idence one can build a real-time integrity picture of the network and/or important digital repositories and archives. With this real-time awareness regarding the integrity state of important digital asset components, organizations seeking to protect the integrity of their network can make real-time decisions in the event that the network and/or asset is compromised and quickly identify the cause and specific component(s) responsible for the loss of integrity. Subsequently, with this real-time awareness, real-time incident response, real-time data-loss prevention, inves- tigation, and/or network resilience is now possible to de- tect and react to any misconfiguration, network and/or component/application failure. Moreover, KSI directly supports enhanced continuity of operations, data loss prevention (due to theft or ma- liciousness), and is a new form of Advanced Persistent Threat (APT) detection when malware infects a crucial network or system component. The changed state of the asset provides a real-time alert, which can then be inves- tigated, audited, and/or behavior stopped. If an asset is affected by malware, the signature information changes, the asset can be ‘sandboxed’ or firewalled before further infection or transfer. Organizations can build a real-time integrity picture of the network and/or important digital repositories and archives. KSI instrumented attributable networks enables discovery and real-time decisions in the event that the network and/or asset is compromised. 8 9 Summary
  • 9. Guardtime KSI | Attributable Networks Page 5 of 5 Contrasting KSI There are no competitive technologies like Guardtime KSI. Until Guardtime, there was no way to instrument the net- work at the scale required to track the state and status of the hundreds of thousands, millions, or even billions of organizational assets contained across a large enterprise environment and constrain their activities. Guardtime KSI signatures can work at Exabyte scale and have minimal impact to network overhead for signing, escrow, and veri- fying operations. Organizational ICT environments today may span mul- tiple service or cloud providers. For example: with the advent of cloud computing a new technology needed to be developed that worked at scale, with portable evidence, and needed to move the trust anchor from the administrator or cryptographic secret to an immutable proof (proof that does not change or can be tampered with). Guardtime KSI provides this proof with the context of time, integrity, and identity information for the assets being signed and monitored. In contrast to Guardtime KSI, traditional digital signature technologies and credential-based signature technologies (such as PKI) DO NOT work well at scale, and ultimately rely on an underlying cryptographic secret, which when compromised results in a loss of trust in the security and event reporting systems. The complexities of key manage- ment and revocation make PKI systems inefficient with high overhead and enterprise administration costs. Also, unlike KSI, if a PKI credential is compromised, you cannot trust any of the security evidence being reported by the system because the applications or logs may be subverted. If you can’t trust the reporting mechanisms, then you cannot trust the state of the assets the secu- rity layer is protecting. Therefore, if these systems be- come compromised a network may be exploited for days, weeks, months, or years before the attack is understood or the data loss caught. In fact, an organization may never discover the compromise. Guardtime KSI technology can work at exabyte scale while havingminimal impact to network overhead for signing, escrow, and verifying operations – there are no competitive technologies with similar capabilities. Traditional PKI relies on an underlying cryptographic secret, which when compromised results in a complete collapse of trust in the entire security and event reporting system. Additionally, PKI does NOT work well at scale; the complexities of key management and revocation make PKI systems inefficient with high overhead and administration costs. 10 11 12 Summary
  • 11. Guardtime KSI | Attributable Networks Page 6 of 6 The Target Case Recently a major corporation’s customer credit card and billing information was stolen resulting in the loss of over 100MM credit card numbers via the exploitation of multiple network components across Target’s enterprise. With Guardtime KSI, the Target compromise would have never occurred; as the compromised integrity of the credit card database configuration(s), machine reader software, and security layer components would have been detected in real-time and subsequently responded to. As of writing (February 2014) Target still cannot answer the United States Congress if they have eliminated the malware inside the enterprise and if backdoors still re- main into their customer records system(s). They are not instrumented from the inside out to begin to understand their networks integrity, what has changed, and what was responsible. The implications for any organization creating an attrib- utable network means that they can prevent data loss of important digital assets, assure the integrity of their network, and verify enterprise behaviors even across service providers without having to put their trust in cryptographic secrets or administrators that may also be compromised (also known as the ‘insider threat’). Strategically, a new era in trusted networking and digital asset and content protection is possible with Guardtime KSI. Every component, configuration, and digital asset can be tagged, tracked, and located with real-time integ- rity information no matter where that asset is transmitted, stored, or received. With Guardtime KSI, Target compromise would have never happened. For any organization creating an attributable network, it means that they can prevent data loss of important digital assets, assure the integrity of their network, and verify enterprise behaviors even across the service providers without having to put their trust in cryptographic secrets or systems administrators Strategically, a new era in trusted networking and digital asset and content protection is possible with Guardtime KSI. 13 14 15 Summary
  • 12. Page 2 of 5Guardtime KSI | Attributable Networks © 2014 Guardtime