States have access to the world's most powerful supercomputers, satellite comms scanning, and top-notch engineering and math talent. Your data doesn't stand a chance. Standard email encryption, such as PGP, leak a lot of info in plaintext, such as sender and recipient, that bad guys can use to compromise your communications. But that's only a piece of the puzzle.
What you need is a total encryption environment, where data at rest, and in motion, is encrypted, with a key management infrastructure that ensures that only authorized users can access the data. It's a tall order.
Secure Channels Inc. (SCI) is trying to fill it. SCI's data security system consists of several tools to protect data and communications:
- Subrosa device access system.
- ParaDoxBox encryption for data at rest.
- PKMS2 enciphering system for data in transit.
- An unhackable key management system.
- And a secure email (XFA) built on these components.
Subrosa implements a patented secure login system that supports multiple authentication methods, including an image based authentication algorithm, that generates a long password.
ParaDoxBox is a robust encryption system for devices, drives, partitions, volumes and files.
The Secure Channels Pattern Key, Multi-Segment, Multi-Standard (PKMS2) encryption protocol:
". . . employs layering and segmentation to achieve its security improvements. A message being encrypted under the PKMS2 scheme is first segmented (or sharded) into 256 equally sized, contiguous segments. The actual size of each segment depends on the size of the original message or file. Padding is used to ensure that the last segment is of equivalent size."
Since encryption is at the heart of the system, let's go deeper.
Each segment is assigned a random, 256-bit key, and then each segment is encrypted using one of eight randomly chosen encryption algorithms, using the 256-bit key. The encryption process is repeated a second time for each segment with a different cipher for each segment. And then, the entire ciphertext is encrypted again by a single algorithm and key.
This may sound like overkill, but the goal is to provide encryption failure protection. If one cipher is broken, the remaining encryption will still protect the data.
XFA secure email
If you've ever tried to use PGP (Pretty Good Privacy) for email, you understand why it isn't popular. Besides the recently uncovered security problems it is clunky to set up and use. If people won't use it, what good is it?
SCI's answer is XFA (XOTIC File Attachment) Mail. Currently it is an Outlook plugin that couldn't be simpler to use. Compose an email, encrypt it with a click, and hit Send.
But is it secure? Instead of relying on asymetric encryption, and an unwieldy Public Key Infrastructure, XFA Mail uses mathematically proven security of One Time Pad (OTP). OTP is widely used for governmental and military top-secret communications today because of its proven unbreakability.
While encryption with OTP is easy, the trick is ensuring that the recipient can decrypt the data, since they must have an exact copy of the one-time-only encryption key. With email, how do you get that key to the right person without exposing it to the bad guys? Here's a simplified overview of SCI's answer.
The key is sharded, enciphered, and sharded again (see above). Identifying data is sent to a trusted cloud registrar and the segments and identifying data are sent to a randomly chosen and arbitrary-sized group of cloud-based relay servers. Each relay server shuffles its segments and forwards them another relay in another geographic area.
When the recipient, who also must have the XFS plug-in, clicks on the encrypted email, the identifying info is sent to the relays, which send the sharded OTP and payload to the recipient, from separate registered relays, where the plug-in assembles and decrypts the email. SCI assures me that the process is quick and low overhead, in both file size and bandwidth.
SCI engaged three security PhDs, Jonathan Katz (SCI's VP Crypto Engineering, and member of the IEEE Cybersecurity Initiative steering committee), Matthew Green (CompSci professor at Johns Hopkins), and Stefano Tessaro (CompSci professor at UCSB) to help create and validate the architecture. They also have a patent (20160119135) on securing multiple data segments.
Good crypto must be peer reviewed because it is too complex for an individual to get right. Kudos to SCI for making their encryption methods public.
SCI offers both per message and per user pricing, the latter at $7.50/mo. Enterprise pricing is also available.
The Storage Bits take
Given the unbreakability of OTP, hackers will naturally focus on the cloud-based key distribution system. The big cloud vendors have excellent security with the PhDs and instrumentation to keep it that way. Thus using a network of cloud-based servers seems like a very good idea.
Would-be hackers would have to penetrate the cloud vendor security and then track down the virtual servers that support SCI, and penetrate most, if not all, of them, in order to access all the email metadata. That seems like a tall order, especially since the metadata is shifted around the network randomly.
We'll never know how much IP has been stolen by state actors, but we should be working to make it harder. SCI is on the right track.
Courteous comments welcome, of course.