This Israeli cyber security startup may have revolutionised how we transfer data
Data security has always been a cat and mouse game with each side trying to outwit the other.
Up to this point, encryption has been the key, relying on cryptography and computing power to send coded transmissions from end to end. Most of the encryption technology that is in use today revolves around the same concepts that were developed 37 years ago with VPNs (Virtual Private Networks) and PKIs (Public Key Infrastructure).
Now a team in Be’er Sheva, Israel has announced a whole new way to send secure data, showing creativity not only in its approach to security, but also in the company name.
Founded in May, Secret Double Octopus (SDO) throws encryption out the door in favor of a cryptosystem that utilises information theory. SDO is the brainchild of Chief Science Officer and Professor Shlomi Dolev and CTO Dr Shimrit Tzur-David, who launched the company in May along with CEO Raz Rafaeli and VP for R&D Chen Tetelman.
Putting theory into practice
The seven-member team is a part of JVP’s Cyber Labs incubator near Ben Gurion University in Be’er Sheva. VP for Marketing and Business Development Amit Rahav told Geektime that, “Be’er Sheva has grown from its desert city image to the must-hit spot for nearly all security heads from around the world.”
In the company lab, Dolev and Tzur-David started their work as academics attempting to answer a question. As they viewed it, encryption methods are unreliable for a number of reasons. First, they say that attackers can manipulate standard encryption systems to interact with much less protected frameworks that leave them at risk.
Secondly, systems like PKIs rely on keys from both the sender and receiver of the information. These keys are essentially long lines of code that decode a message when the public and private keys match up.
However, they can be compromised, rendering the transmissions vulnerable. Finally, systems that use certificates can also be compromised if one of the holders has weak protections.
Dolev and Tzur-David turned to information theory and Adi Shamir’s secret sharing cryptosystem for a solution. They theorised that if encrypted data could be easily compromised by heavy duty computing power, then they would use Shamir’s method that was “crypt-analytically unbreakable.”
Rahav breaks down their process by explaining that if the data transmission is likely to be compromised, then the best way to send it is through multiple channels (like 3G, Wi-Fi, SMS, etc) as smaller chunks and then reforming it on the other side.
As he explains, “It’s like running a letter through the shredder and then taping it back together later. Only if the receiver has all the parts of the letter can they understand what’s in the message.”
Essentially, they want to deny a ‘man in the middle’ or another type of attacker from accessing enough of information for it to be useful. Imagine the equation of 2a + 3b = 500. According to the team, even with the full weight of NSA’s data farms, it would simply be uncrackable due to a lack of enough data.
Simply put, Secret Double Octopus has come to divide and conquer the security industry.
Market targets and advantages
Uses for SDO’s technology would appear to be endless. There are, however, a few key areas where it could be particularly useful. First is in fintech, where secure data transfer both internally and with customers is constantly under threat.
Moreover, from the B2C angle, there is an additional challenge. Your bank goes through hoops to verify that you are really you, often using the two-step verification like sending an SMS, which is also vulnerable.
The flip side is that you do not have an easily accessible way to know that the message you just received is really from your bank. SDO’s method allows for sending multi-channel communications back to the bank as well.
Also, keeping the growing collection of IoT devices in your house working and secure is a challenge, with standard encryption failing to keep up with the necessary computational power. Removing the need for the keys could make these devices much more flexible and agile.
The startup’s product line includes a communication gateway programme, an SDK, and a client/app for installation on devices.
SDO’s approach to security has the potential to turn the industry on its head. It seems so simplistic that it might be hard to take seriously if the team and its JVP backers did not have such solid backgrounds.
In the marketing campaign, the company is billing its solution as either complementary or in some cases a replacement to encryption. While this technology may bring some spectacular ideas, I am betting that nobody is ready to throw their current protections out the door yet.
This product will likely begin to work its way in as security experts have their chance to suss out its weaknesses.
Rahav cites SDO’s close ties with academia as being an essential element behind the development. Be’er Sheva has snuck up on the world of cyber security in the past few years, emerging with a bullpen that will be well worth watching as the area continues to grow.
The article Secret Double Octopus: A novel name and approach to security first appeared on Geektime.
The post Secret Double Octopus: A novel name and novel approach to security appeared first on e27.
from e27 http://ift.tt/1Xl5eBl