TRUSTLEAP 
® 
The Need For Certainty 
Mathematically-Proven Unbreakable Security 
www.trustleap.com
This document is aimed at helping people to understand the TrustLeap technology. A 
cryptographic oracle (where users chos...
3 | Copyright © 2013, TWD Industries AG. All rights reserved. 
TrustLeap 
I. Definition, 
Promotion, 
Reality
The Oxford Dictionary 
Encryption: to convert (information or 
data) into a code, especially to prevent 
unauthorized acce...
Promotion 
“no one ever lost money to an 
attack on a properly designed 
[standard] cryptosystem” 
– Peter Gutmann 
5 | Co...
Reality 
6 | Copyright © 2013, TWD Industries AG. All rights reserved. 
TrustLeap 
2007 – RC4 / WEP 802.11 
wireless stand...
Reality 
7 | Copyright © 2013, TWD Industries AG. All rights reserved. 
TrustLeap 
2010 – A5-1 / GSM Phones 
wireless stan...
Reality 
8 | Copyright © 2013, TWD Industries AG. All rights reserved. 
TrustLeap 
2011 – GPRS / Web - Mail 
wireless stan...
9 | Copyright © 2013, TWD Industries AG. All rights reserved. 
TrustLeap 
2013 – 3DES / SIM Card 
Javacard standard 
Steal...
Reality 
2013 – Design of $1.5 trillion F-35 
10 | Copyright © 2013, TWD Industries AG. All rights reserved. 
TrustLeap 
S...
Reality 
11 | Copyright © 2013, TWD Industries AG. All rights reserved. 
TrustLeap 
2013 – 96-bit secret key 
RFID car tra...
Reality 
12 | Copyright © 2013, TWD Industries AG. All rights reserved. 
TrustLeap 
2013 – Switzerland 
e-VOTE Forgery 
Th...
Standard Encryption Is Broken, 
Routinely. 
But Experts Keep 
Saying: 
“It's Very Safe” 
13 | Copyright © 2013, TWD Indust...
“Cryptosystem failure is orders 
of magnitude below any other 
risk.” 
– Peter Gutmann 
14 | Copyright © 2013, TWD Industr...
Reality 
15 | Copyright © 2013, TWD Industries AG. All rights reserved. 
TrustLeap 
2012 – X.509 Certificates 
“the Flame ...
Reality 
16 | Copyright © 2013, TWD Industries AG. All rights reserved. 
TrustLeap 
The FLAME Malware 
Active Since Year 2...
“SSL Authenticate-then-encrypt 
is Provably-Secure.” 
– Hugo Krawczyk 
17 | Copyright © 2013, TWD Industries AG. All right...
Reality 
18 | Copyright © 2013, TWD Industries AG. All rights reserved. 
TrustLeap 
SSL & TLS standards 
2011 “BEAST explo...
“AES 256-bit Is Safe Even For 
TOP-SECRET Information.” 
– U.S. Government 
19 | Copyright © 2013, TWD Industries AG. All ...
Reality 
20 | Copyright © 2013, TWD Industries AG. All rights reserved. 
TrustLeap 
2011 - AES standard 
“AES Broken 5x Fa...
Reality 
21 | Copyright © 2013, TWD Industries AG. All rights reserved. 
TrustLeap 
2012 - AES standard 
“OpenSSL Uses AES...
“It Would Take Millions Of Years 
To Break Standard 
Encryption.” 
22 | Copyright © 2013, TWD Industries AG. All rights re...
Reality 
23 | Copyright © 2013, TWD Industries AG. All rights reserved. 
TrustLeap 
2012 – RSA SecurID 
“It Takes 13 Minut...
24 | Copyright © 2013, TWD Industries AG. All rights reserved. 
TrustLeap 
II. Discussion
The Myth of “Strong” Security 
There Is No Such A Thing Like: 
● “Strong Authentication” 
● “Strong Encryption” 
● “Strong...
Why Standards Fail? 
Encryption Keys Are Generated By: 
● PSEUDO-RANDOM Number Generators 
● OSes Do It Wrong (a recurring...
Why Standards Fail? 
File Formats & Network Protocols Use: 
● “Magic Words” In File Headers, Protocols 
(“PDF%”, “%PNG”, “...
Why Standards Fail? 
AES(input, key) < 2256 (AES < Key Space) 
AES(iv, key) = System of Equations 
AES(in, key) = AES(AES(...
Why Standards Fail? 
Design: Standards Are Trying To Hide 
The Wood With 
A Single Tree: 
“Safe” KEY DATA 
29 | Copyright ...
Claude Shannon's “Information Theory” 
Defined The Rules In The 1940s: 
1011011000010110111100101111 
01101101110101100100...
What's The Problem? 
The “Information Theory” Says “Either 
Perfect Secrecy OR Convenience”: 
True Random Encryption Keys ...
Solutions? 
1 Use The One-Time Pad; Keys Must Be: 
(a) Random & Unique, 
(b) As Long As Data, 
(c) Safely Exchanged Before...
Solutions? 
2 Use A Very Strictly Defined Grammar 
(a) Does Not Suit All Uses 
(b) Requires High Crypto Skills 
(c) Any Us...
Solutions? 
3 Use Provably-Safe Mathematical Rules 
To Remove All Exploitable Key Leaks 
From Encryption Standard cipherte...
35 | Copyright © 2013, TWD Industries AG. All rights reserved. 
TrustLeap 
III. The Solution
TrustLeap 
Game-Changing: 
- Delivers Provably-Safe Certainty 
- Reduces Surface Of Vulnerability 
36 | Copyright © 2013, ...
37 | Copyright © 2013, TWD Industries AG. All rights reserved. 
TrustLeap 
Secure By-Design 
HOW: 
Mathematically-Proven: ...
38 | Copyright © 2013, TWD Industries AG. All rights reserved. 
TrustLeap 
Secure Forever 
WHY: 
Without Correlations 
To ...
39 | Copyright © 2013, TWD Industries AG. All rights reserved. 
TrustLeap 
Ubiquity 
WHERE: 
A Low Overhead 
Makes It Suit...
40 | Copyright © 2013, TWD Industries AG. All rights reserved. 
TrustLeap 
Convenient 
WHY: 
Security Becomes Independent ...
41 | Copyright © 2013, TWD Industries AG. All rights reserved. 
TrustLeap 
Desirable Side Effects 
WHERE: 
By Restricting ...
42 | Copyright © 2013, TWD Industries AG. All rights reserved. 
TrustLeap 
IV. Adoption
43 | Copyright © 2013, TWD Industries AG. All rights reserved. 
TrustLeap 
Political Obstacles? 
Consensus Easy To Obtain:...
44 | Copyright © 2013, TWD Industries AG. All rights reserved. 
TrustLeap 
V. Frequently 
Asked 
Questions
Quantum Computers 
Quantum Computers (used by the NSA since 
1990) find instantly results of algorithms without 
having to...
Quantum Encryption 
Quantum Encryption is based on PHYSICS rather 
than MATHS. Its security depends on the lack of 
KNOWN ...
Intrusion Detection Systems 
Application Firewalls and other security filters 
attempt to block abusers. 
They can only bl...
48 | Copyright © 2013, TWD Industries AG. All rights reserved. 
TrustLeap 
VI. Conclusions
Unbreakable Security 
● Future-Proof (I.e. QUANTUM Computers) 
● Mathematically Proven (Can Be Trusted By All) 
● Independ...
The Value Of Trust 
Applications 
● Corporate Asset Protection (Patents, Talks, Databases) 
● Public Asset Protection (e-V...
Trust Starts With Identity 
● Email (Data Protection, Negotiations, Board Talks) 
● Routers / Firewalls (How Safe Are Barr...
52 | Copyright © 2013, TWD Industries AG. All rights reserved. 
TrustLeap 
VII. Questions? 
…
53 | Copyright © 2013, TWD Industries AG. All rights reserved. 
TrustLeap 
TrustLeap 
is the Security Division of 
TWD Ind...
54 | Copyright © 2013, TWD Industries AG. All rights reserved. 
TrustLeap 
Contact TrustLeap 
contact@trustleap.com 
10001...
TrustLeap 
Worldwide Corporate HQ 
TrustLeap 
Paradiesli 17 
CH-8842 Unteriberg SZ 
Switzerland 
Phone +41 (0)55 414 20 93...
Upcoming SlideShare
Loading in...5
×

Trustleap - Mathematically-Proven Unbreakable Security

1,398

Published on

Acknowledging the need for certainty, this document explains why standard cryptography fails - and how TrustLeap makes the encryption standards provably safe.

Published in: Technology, Education
0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,398
On Slideshare
0
From Embeds
0
Number of Embeds
16
Actions
Shares
0
Downloads
0
Comments
0
Likes
3
Embeds 0
No embeds

No notes for slide

Transcript of "Trustleap - Mathematically-Proven Unbreakable Security"

  1. 1. TRUSTLEAP ® The Need For Certainty Mathematically-Proven Unbreakable Security www.trustleap.com
  2. 2. This document is aimed at helping people to understand the TrustLeap technology. A cryptographic oracle (where users chose and submit the plaintext: an ASCII classic English book and a sentence that they type, an encryption key, the standard encryption algorithm to secure like AES or RC4, and get the ciphertext, with the sentence injected at a random position that they must guess to demonstrate that teir plaintext attack is successful) as well as further information regarding the internals of TWD Industries AG's technology are available under a proper NDA, to selected partners. 2 | Copyright © 2013, TWD Industries AG. All rights reserved. TrustLeap
  3. 3. 3 | Copyright © 2013, TWD Industries AG. All rights reserved. TrustLeap I. Definition, Promotion, Reality
  4. 4. The Oxford Dictionary Encryption: to convert (information or data) into a code, especially to prevent unauthorized access. Origin: 1950s (in the US), from English 'in' and Greek kruptos 'hidden'. 4 | Copyright © 2013, TWD Industries AG. All rights reserved. TrustLeap
  5. 5. Promotion “no one ever lost money to an attack on a properly designed [standard] cryptosystem” – Peter Gutmann 5 | Copyright © 2013, TWD Industries AG. All rights reserved. TrustLeap
  6. 6. Reality 6 | Copyright © 2013, TWD Industries AG. All rights reserved. TrustLeap 2007 – RC4 / WEP 802.11 wireless standard Used to Steal 45 millions of Credit-Card Numbers Legal Costs: $40,900,000
  7. 7. Reality 7 | Copyright © 2013, TWD Industries AG. All rights reserved. TrustLeap 2010 – A5-1 / GSM Phones wireless standard Spy, Trace and Impersonate Billion of Mobile Phone Users. – Karsten Nohl
  8. 8. Reality 8 | Copyright © 2013, TWD Industries AG. All rights reserved. TrustLeap 2011 – GPRS / Web - Mail wireless standard Spy, Trace and Impersonate Billion of Mobile Phone Users. – Karsten Nohl
  9. 9. 9 | Copyright © 2013, TWD Industries AG. All rights reserved. TrustLeap 2013 – 3DES / SIM Card Javacard standard Steal data, Spy, Trace and Impersonate Billion of Mobile Phone Users. – Karsten Nohl Reality
  10. 10. Reality 2013 – Design of $1.5 trillion F-35 10 | Copyright © 2013, TWD Industries AG. All rights reserved. TrustLeap Stolen From ...Pentagon
  11. 11. Reality 11 | Copyright © 2013, TWD Industries AG. All rights reserved. TrustLeap 2013 – 96-bit secret key RFID car transponder Steal VW, Audi, Bentley, Lamborghini & Porsche cars as Megamos Crypto is broken. – Flavio Garcia
  12. 12. Reality 12 | Copyright © 2013, TWD Industries AG. All rights reserved. TrustLeap 2013 – Switzerland e-VOTE Forgery They know since 2002 what they do wrong... but 2012 audits still certify a flawed system. – advtools.com
  13. 13. Standard Encryption Is Broken, Routinely. But Experts Keep Saying: “It's Very Safe” 13 | Copyright © 2013, TWD Industries AG. All rights reserved. TrustLeap Reality
  14. 14. “Cryptosystem failure is orders of magnitude below any other risk.” – Peter Gutmann 14 | Copyright © 2013, TWD Industries AG. All rights reserved. TrustLeap Promotion
  15. 15. Reality 15 | Copyright © 2013, TWD Industries AG. All rights reserved. TrustLeap 2012 – X.509 Certificates “the Flame malware has been signed by forged PKI certificates to appear as if it was produced by... Microsoft.”
  16. 16. Reality 16 | Copyright © 2013, TWD Industries AG. All rights reserved. TrustLeap The FLAME Malware Active Since Year 2000 (!) Exploiting Hashing Collisions Breaking “Trusted” PKI Standard
  17. 17. “SSL Authenticate-then-encrypt is Provably-Secure.” – Hugo Krawczyk 17 | Copyright © 2013, TWD Industries AG. All rights reserved. TrustLeap Promotion
  18. 18. Reality 18 | Copyright © 2013, TWD Industries AG. All rights reserved. TrustLeap SSL & TLS standards 2011 “BEAST exploits CBC IVs” 2012 “CRIME exploits compression” 2013 “LUCKY13 exploits decryption”
  19. 19. “AES 256-bit Is Safe Even For TOP-SECRET Information.” – U.S. Government 19 | Copyright © 2013, TWD Industries AG. All rights reserved. TrustLeap Promotion
  20. 20. Reality 20 | Copyright © 2013, TWD Industries AG. All rights reserved. TrustLeap 2011 - AES standard “AES Broken 5x Faster Than By Brute Force; Cause: Small Key Space.” – Andrey Bogdanov
  21. 21. Reality 21 | Copyright © 2013, TWD Industries AG. All rights reserved. TrustLeap 2012 - AES standard “OpenSSL Uses AES Tables For Speed, Leaking Many Key Bits” – Fraunhofer Research
  22. 22. “It Would Take Millions Of Years To Break Standard Encryption.” 22 | Copyright © 2013, TWD Industries AG. All rights reserved. TrustLeap Promotion
  23. 23. Reality 23 | Copyright © 2013, TWD Industries AG. All rights reserved. TrustLeap 2012 – RSA SecurID “It Takes 13 Minutes To Extract A Secret Key From AES-based RSA SecurID 800 Dongles” – INRIA
  24. 24. 24 | Copyright © 2013, TWD Industries AG. All rights reserved. TrustLeap II. Discussion
  25. 25. The Myth of “Strong” Security There Is No Such A Thing Like: ● “Strong Authentication” ● “Strong Encryption” ● “Strong Security” > Crypto Is Either SAFE or UNSAFE. 25 | Copyright © 2013, TWD Industries AG. All rights reserved. TrustLeap
  26. 26. Why Standards Fail? Encryption Keys Are Generated By: ● PSEUDO-RANDOM Number Generators ● OSes Do It Wrong (a recurring issue) ● Developers Told To Trust OSes or CPUs. > Crypto Keys Are Known In Advance. 26 | Copyright © 2013, TWD Industries AG. All rights reserved. TrustLeap
  27. 27. Why Standards Fail? File Formats & Network Protocols Use: ● “Magic Words” In File Headers, Protocols (“PDF%”, “%PNG”, “HTTP/1.1”, etc.) ● Padding (often NULL bytes) > Leading To Known Plaintext Attacks. 27 | Copyright © 2013, TWD Industries AG. All rights reserved. TrustLeap
  28. 28. Why Standards Fail? AES(input, key) < 2256 (AES < Key Space) AES(iv, key) = System of Equations AES(in, key) = AES(AES(i(n-1), key), key) 2 AES BLOCKS ENOUGH TO FIND KEY > ARITHMETIC, NOT “RANDOM” data. 28 | Copyright © 2013, TWD Industries AG. All rights reserved. TrustLeap
  29. 29. Why Standards Fail? Design: Standards Are Trying To Hide The Wood With A Single Tree: “Safe” KEY DATA 29 | Copyright © 2013, TWD Industries AG. All rights reserved. YOUR DEAR TrustLeap
  30. 30. Claude Shannon's “Information Theory” Defined The Rules In The 1940s: 1011011000010110111100101111 0110110111010110010001111101 1000100010100101001001010010 1010010010100000101001111011 1001111111010011111010101010 1110101001011011111001101010 1011000010010100011111111111 1010010100101001010010010101 0101100101001001010010010010 1001001010010110100010101001 0100101001010010010101010100 “Safe” KEY DATA 30 | Copyright © 2013, TWD Industries AG. All rights reserved. YOUR DEAR TrustLeap 0111101 0011001 0101001 010010 1 KEY LEAKS LEAKS I CAN SEE YOU!
  31. 31. What's The Problem? The “Information Theory” Says “Either Perfect Secrecy OR Convenience”: True Random Encryption Keys Applied On Data Larger Than The Key Leaks Key Patterns That Can Be Spotted & Used To Recover The “Secret” Key. 31 | Copyright © 2013, TWD Industries AG. All rights reserved. TrustLeap
  32. 32. Solutions? 1 Use The One-Time Pad; Keys Must Be: (a) Random & Unique, (b) As Long As Data, (c) Safely Exchanged Before Encryption. Provably Safe If Safe Random Source & Key Exchange & No Key Reuse: Not Convenient. 32 | Copyright © 2013, TWD Industries AG. All rights reserved. TrustLeap
  33. 33. Solutions? 2 Use A Very Strictly Defined Grammar (a) Does Not Suit All Uses (b) Requires High Crypto Skills (c) Any Usage Error Implies Failure. Can Be Made Provably Safe If Properly Done & Used, But Not General-Purpose. 33 | Copyright © 2013, TWD Industries AG. All rights reserved. TrustLeap
  34. 34. Solutions? 3 Use Provably-Safe Mathematical Rules To Remove All Exploitable Key Leaks From Encryption Standard ciphertexts (making AES and others provably-safe). 34 | Copyright © 2013, TWD Industries AG. All rights reserved. TrustLeap Provably SAFE & CONVENIENT. Getting The Best Of Both World!
  35. 35. 35 | Copyright © 2013, TWD Industries AG. All rights reserved. TrustLeap III. The Solution
  36. 36. TrustLeap Game-Changing: - Delivers Provably-Safe Certainty - Reduces Surface Of Vulnerability 36 | Copyright © 2013, TWD Industries AG. All rights reserved. TrustLeap
  37. 37. 37 | Copyright © 2013, TWD Industries AG. All rights reserved. TrustLeap Secure By-Design HOW: Mathematically-Proven: Its Design Does Not Expose Leaked Key Patterns In Encrypted Data.
  38. 38. 38 | Copyright © 2013, TWD Industries AG. All rights reserved. TrustLeap Secure Forever WHY: Without Correlations To Spot In Encrypted Data There Is Nothing To Target & Break.
  39. 39. 39 | Copyright © 2013, TWD Industries AG. All rights reserved. TrustLeap Ubiquity WHERE: A Low Overhead Makes It Suitable For All Uses (Servers, Phones, Embedded).
  40. 40. 40 | Copyright © 2013, TWD Industries AG. All rights reserved. TrustLeap Convenient WHY: Security Becomes Independent From Chosen Key Length And Involved Encryption Algorithm.
  41. 41. 41 | Copyright © 2013, TWD Industries AG. All rights reserved. TrustLeap Desirable Side Effects WHERE: By Restricting Access To Known Users It Excludes All External Threats, Reducing The Surface Of Vulnerability.
  42. 42. 42 | Copyright © 2013, TWD Industries AG. All rights reserved. TrustLeap IV. Adoption
  43. 43. 43 | Copyright © 2013, TWD Industries AG. All rights reserved. TrustLeap Political Obstacles? Consensus Easy To Obtain: ● Plug & Play, Securing AES, DES... ● Visible Undisputable Benefits ● 70-Year-Old Established Theory ● Affordable Licensing Terms
  44. 44. 44 | Copyright © 2013, TWD Industries AG. All rights reserved. TrustLeap V. Frequently Asked Questions
  45. 45. Quantum Computers Quantum Computers (used by the NSA since 1990) find instantly results of algorithms without having to run them. This is the death of security based on computational hardness. Only Mathematically-Proven TrustLeap Encryption can resist to Quantum Computers (as there is nothing left to exploit) and can be said to be “provably unbreakable”. 45 | Copyright © 2013, TWD Industries AG. All rights reserved. TrustLeap
  46. 46. Quantum Encryption Quantum Encryption is based on PHYSICS rather than MATHS. Its security depends on the lack of KNOWN Principles of PHYSICS able to break it. This “security” will NEVER BE PROVEN: we learn more about PHYSICS every day. So, unlike Mathematically-Proven TrustLeap, Quantum Encryption can never be said to be “provably unbreakable”. 46 | Copyright © 2013, TWD Industries AG. All rights reserved. TrustLeap
  47. 47. Intrusion Detection Systems Application Firewalls and other security filters attempt to block abusers. They can only block AFTER an attack is detected, and their detection rules are updated AFTER a new attack signature is built and broadcasted. With TRUSTLEAP, only authenticated users can interact with your server applications: you know who to block, and where to find offenders. 47 | Copyright © 2013, TWD Industries AG. All rights reserved. TrustLeap
  48. 48. 48 | Copyright © 2013, TWD Industries AG. All rights reserved. TrustLeap VI. Conclusions
  49. 49. Unbreakable Security ● Future-Proof (I.e. QUANTUM Computers) ● Mathematically Proven (Can Be Trusted By All) ● Independent From Computing Power Used To Break It ● No More Need To Enlarge Encryption Keys ● No More Need To Change Encryption Algorithms ● Also Unbreakable Two & Three-Factor Authentication ● No Central Key Repository Needed (But Can Be Used) ● Mobiles / Embedded: Very Low CPU / RAM Overhead 49 | Copyright © 2013, TWD Industries AG. All rights reserved. TrustLeap
  50. 50. The Value Of Trust Applications ● Corporate Asset Protection (Patents, Talks, Databases) ● Public Asset Protection (e-Votes, Medical Records, Legal) ● International Negotiations (United Nations, Contracts) ● Transaction / Archiving Certifications (Indisputable) ● Defense (Impenetrable Communications, Drones, etc.) ● Chips Would Be Ideally Used (Tampering, I.P. Protection) ● Legitimacy to Impose A Licensing Monopole (Exclusivity) 50 | Copyright © 2013, TWD Industries AG. All rights reserved. TrustLeap
  51. 51. Trust Starts With Identity ● Email (Data Protection, Negotiations, Board Talks) ● Routers / Firewalls (How Safe Are Barriers If Broken?) ● Transactions (Trading, Contracts, Non-Repudiation) ● Storage (Confidentiality, Tamper-Proof, Full-Control) ● Defence (Remote Presence / Control, Chain Of Orders) ● I.P. Rights (What Worth Is A Proof That Can Be Spoofed?) ● Legal (Customers / Lawyers / Regulators Security Chain) Availability: TrustLeap Multipass 51 | Copyright © 2013, TWD Industries AG. All rights reserved. TrustLeap
  52. 52. 52 | Copyright © 2013, TWD Industries AG. All rights reserved. TrustLeap VII. Questions? …
  53. 53. 53 | Copyright © 2013, TWD Industries AG. All rights reserved. TrustLeap TrustLeap is the Security Division of TWD Industries AG a Swiss Company. twd-industries.com
  54. 54. 54 | Copyright © 2013, TWD Industries AG. All rights reserved. TrustLeap Contact TrustLeap contact@trustleap.com 1000100010100101001001010010 1010010010100000101001111011 1001111111010011111010101010 1110101001011011111001101010 1011000010010100011111111111 1010010100101001010010010101 0101100101001001010010010010 1001001010010110100010101001 0100101001010010010101010100
  55. 55. TrustLeap Worldwide Corporate HQ TrustLeap Paradiesli 17 CH-8842 Unteriberg SZ Switzerland Phone +41 (0)55 414 20 93 Fax +41 (0)55 414 20 67 Email contact@trustleap.com www.trustleap.com About TrustLeap TrustLeap, the security division of TWD Industries AG, protects digital assets with cryptanalytically unbreakable technology (safe against unlimited computing power: it is proven mathematically that no key leaks can be exploited). The TrustLeap secure platform leverages enterprise, cloud, networking, digital media and financial services in global strategic markets. TrustLeap lets partners and users form dynamic ecosystems where duly accredited strangers can safely trust each-other. Establishing widespread trust enables organizations to secure their infrastructure, raise the value of their offers and safely market their digital assets. TrustLeap 55 | Copyright © 2013, TWD Industries AG. All rights reserved.

×