The Problem

Building upon a flawed foundation always leads to structural problems. Traditional approaches to securing data-in-flight are problematic because they share same issue: persistent stored secrets.

Every lock needs a key. It is no different with software encryption where a secret key must be used to decrypt the traffic. Existing strategies leave the key stored on servers for weeks to years. This presents a stationary target for bad actors and the organization is only one breach, misconfiguration or leak away from losing privacy on their communication.

In fact, security based upon the existing Certificate Authority model relies upon the integrity of the private key, one or more intermediate keys and the root key to establish authenticity. Each one of those keys, if compromised, represents a single point of failure of the entire system.

Overview of Consequences of Stored Secrets:

  • Espionage: This need not be a state actor – corporate entities also conduct espionage. Traffic is decoded in flight and visible to bad actors. Worse, unless the bad actor uses the leaked data in a way that shows that the breach occurred, the compromised organization has no idea that any leaking is happening.
  • Impersonation: Traffic from the real source is impersonated by a bad actor. This can lead to installation of unauthorized software (e.g. Stuxnet, where nuclear facilities were brought offline), inserting bogus records or otherwise spreading misinformation.
  • Credential Theft: If the existing security is to secure login to a site or application, the bad actor could observe the credentials being sent to the site and use these to their own benefit. This could result in theft of money or other property.

Any of the above attacks represent ongoing threats in that once the stored secret is compromised all future traffic is also compromised. In short, the consequences of a failure are what one would expect of a Single Point of Failure: complete breakdown of the system. In this case, however, the system seems to be operating perfectly when the security of the system has been completely compromised.

Conceptual Overview

We Build Trust Environments

Cybersecurity is more important every day. Breached data records are now counted in the billions and privacy violations continue to mount. Critical infrastructure is constantly under siege from foreign and domestic actors. While there is no shortage of services to address various aspects of the security problem, KnectIQ’s approach to protecting data-in-flight uniquely addresses the heart of the problem.

Addressing the Heart of the Problem

Building upon a flawed foundation will always lead to structural problems. Therefore, traditional approaches to securing data-in-flight have been problematic: all existing solutions have the same issue: stored secrets.

The Problem with Stored Secrets

Every lock needs a key. It is no different with software encryption where a secret key must be used to decrypt the traffic. Existing strategies leave the key stored on servers for weeks to years. This presents a stationary target for bad actors and the organization is only one breach, misconfiguration or leak away from losing privacy on all their communication.