SlideShare a Scribd company logo

150819_oml_pki_v1p

Stéphane Roule
Stéphane Roule

This document discusses the challenges of PKI (Public Key Infrastructure) in modern digital environments and argues that Omlis provides a better solution. PKI has become complex, costly and difficult to manage across fragmented platforms like smartphones, IoT devices and operating systems. Omlis generates unique keys during transactions, doesn't require hardware security modules or third parties, and can provide consistent security across devices more easily than PKI. By reducing complexity, risk and costs, the document claims Omlis is a more suitable approach for encryption strategies going forward compared to traditional PKI methods.

1 of 9
Download to read offline
Reconsidering PKI and its Place in Your Enterprise Encryption Strategy 150819_oml_v1p | Public | © Omlis Limited 2015
1150819_oml_pki_v1p | Public | © Omlis Limited 2015 Contents Introduction 2 Smartphone, IoT and Fragmented Platforms Bring Challenges and Inconsistencies to PKI 3 Cost and Complexity 4 Transitioning into the Future 5 Omlis: Reducing Complexity, Mitigating Risk and Cutting Costs 6 References 7 Contributors 7
2150819_oml_pki_v1p | Public | © Omlis Limited 2015 Introduction Three years ago, Gartner made the claim that certificates can no longer be blindly trusted; a statement which seems more and more prophetic as the digital world relentlessly develops its capabilities at a pace which digital certificates struggles to maintain. In an era of SDNs (Software-defined Networks), cloud implementation and lightweight agile solutions, many modern implementations of the certificate-based security methodology known as PKI (Public Key Infrastructure) are beginning to look increasingly outmoded, representing a very manual and increasingly unmanageable approach. PKI has undoubtedly formed an integral part of internet security, but the SSL / TLS-based system is proving increasingly vulnerable under the weight of the latest digital ecosystem. PKI was, at best, acceptable for desktops and laptops operating over closed networks inside corporate firewalls. The mobile revolution has exposed existing cracks, making the commonly accepted methodology look cumbersome and ultimately, unsecure. PKI still has a role to play in the less ‘mission critical’ aspects of internet security and to start describing it as a legacy architecture may be premature, but an increasingly connected world clearly needs to narrow the scope of its usage. According to research from Ponemon’s paper entitled “2015 Cost of Failed Trust Report” the number of keys and certificates has grown over 34% to 24,000 per enterprise 1 . For PKI to remain effective it must co-exist with powerful, secure and more versatile forms of encryption like that on offer from Omlis. To provide context, it’s often stated that we’re at the third of the internet’s biggest evolutionary stages. We began with the era of mainframes and terminals, before moving to the second evolutionary platform which constituted the client / server model thereby introducing us to internet / LAN, or “Web 2.0” as it was often labelled in the media. This was the climate in which PKI began to thrive, lasting until around 2005 when the net began to take on new dimensions. We’re now fully submerged in “Platform 3.0”, which is defined as an era of mobile, cloud, big data, IoT (Internet of Things), M2M (Machine-to-Machine), and BYOD (Bring Your Own Device) which brings with it a unique set of security demands.
3150819_oml_pki_v1p | Public | © Omlis Limited 2015 Smartphone, IoT and Fragmented Platforms Bring Challenges and Inconsistencies to PKI If PKI reached its practical zenith under the narrow platform of laptops and desktops, the IoT and the smartphone could represent the beginning of its demise due to an abundance of devices and operating systems all having different security requirements and equally different capabilities. Connected cars and other pervasive devices, smart cities and especially the smartphone have meant PKI has struggled to maintain any consistent level of security. Security applications and protocols such as SSL / TLS and the hashing functions associated with the SHA (Secure Hash Algorithm) family have become particularly complicated in the delivery of safe and secure mobile commerce. On the Android platform, TLS 1.1 is available from version 4.1 (Jelly Bean) and SHA-256 is only available from version 5.0 (Lollipop) onwards, which is currently deployed on less than 10% of Android devices. At the same time, banks, service providers and software vendors are expected to deliver secure mobile applications to the broadest possible audience on the most Android operating systems. In the most extreme cases some mobile banking apps are still intended to run on Android version 2.3, which only supports SSL3.0 and SHA-1. Aging protocols represent a critical problem in both a commercial and a security sense with Google announcing that they will start penalizing HTTPS sites where certificate chains are using SHA-1 with validity past January 2017 2 . “Omlis is providing a full in-house security solution able to cover all types of mobile devices, wearables and connected appliances where traditional security solutions do not fit. It’s the only solution light enough to deploy on any support and at the same time increase security and fraud prevention for everyone in a highly connected world. ”Stéphane Roule, Senior Technical Manager at Omlis
4 Cost and Complexity Even if PKI users can iron out its most obvious algorithmic weaknesses in their implementation such as migrating their applications to TLS 1.2 and SHA-2, the limiting factor all PKI schemes inevitably share is that they naturally incur a high degree of cost and complexity. This cost is represented not just in the initial capital expenditure, but also in the ongoing total cost of ownership. PKI relies on a variety of moving parts thus vastly reducing the service provider’s autonomy over their own security network. Certificate authorities become trusted third parties, providing the actual certificates and offering additional services such as hosted solutions; expensive third party administration is often needed due to the complexity and ongoing needs of the admin process. At the heart of the system, mission critical PKI implementations rely on costly HSMs (Hardware Security Modules) to store and generate keys, which are derived through equally costly and elaborate key generation ceremonies, requiring intensively manual implementation and maintenance programs. This is a particular pain point for companies, as evidenced in Thales’ “2015 Global Encryption and Key Management Trends Study”, where it was revealed that 51% of respondents perceived key management to be the most important feature of an encryption technology solution; 33% found the ongoing management of these keys to be one of the biggest challenges in planning and executing an encryption strategy 3 . On top of this, PKI bears the weighty cost of secure facilities, installation and configuration, complicated audits and a consistent level of staffing for continued maintenance, operation and monitoring. All of these costs form an inherent part of PKI’s weighty machinery; unlike Omlis’ rapidly deployable, low complexity, high security solution. A company with a PKI infrastructure can attempt to reduce complexity by using self-signed certificates but this in turn reduces levels of security and has a negative effect on the company’s security profile itself; if a web server detects a self-signed certificate, it’ll often display a security alert which is obviously bad public relations. Self-signed certificates once again demonstrate the mismatch of open networks and PKI. Hackers can attempt techniques such as ARP spoofing and DNS tampering to intercept traffic and redirect banking users to illegitimate sites or as the basis for DoS (Denial of Service) attacks. Alarmingly, a recent study by IOActive discovered that 40% of the global banking apps which they tested didn’t validate the authenticity of SSL certificates 4 . According to Ponemon, the total impact of an exploited enterprise mobility certificate is valued at $126m 5 . The prevalence of these attacks and the stratospheric costs associated with them have led NIST to publish actual industry guidelines entitled “Preparing for and Responding to Certification Authority Compromise and Fraudulent Certificate Issuance.” PKI layers of control: HSM hosted by the service provider Certificate exchange Service Provider Certificate Certificate provided by a trusted third party to the service provider Certificate Secure data exchange 150819_oml_pki_v1p | Public | © Omlis Limited 2015
5150819_oml_pki_v1p | Public | © Omlis Limited 2015 Transitioning into the Future PKI resembles a heavyweight and complex machinery in a world where security solutions are becoming far more fluid. Evolving threats and the perils of open networks mean that the next generation of internet usage demands modular and agile solutions which can be deployed from the cloud, are adaptable in nature and have a number of delivery methods such as EaaS (Encryption as a Service). As much as delivery models need to be adaptable to cross-platform usage, security needs to be consistent, using the most secure protocols and the most suitable key exchange methods. As we move towards network developments such as 5G and concepts such as Li-Fi, Omlis represent a perfectly fluid, adaptable and low cost solution to everyday encryption. Working instead of, or in tandem with a PKI architecture, Omlis offer a genuinely compelling and futureproof answer to some of the most pressing security questions. As much as this forward thinking approach is essential, tying together an expanding network of both legacy and cutting-edge devices is also key to interoperability and inclusion. Omlis’ ability to unite a disparate set of legacy components with consistent, cross-platform security protocols positions us perfectly as the security method of the future. “ Omlis Technology has been specifically designed for the mobile world, providing a very high level of security whilst being easy to deploy and manage. Omlis has been able to empower the mobile device in a unique way in order to deliver alternative solutions and create trust for mobile users. ”Markus Milsted, founder and CEO of Omlis
6150819_oml_pki_v1p | Public | © Omlis Limited 2015 Omlis: Reducing Complexity, Mitigating Risk and Cutting Costs Unlike PKI, Omlis doesn’t require HSMs, third party certificate providers or complex key management procedures. Unique keys are generated at the point of transaction and due to the design of our distributed architecture, actual keys are never sent over the network and are never stored on the client or server side; so even if a MitM attack takes place, the hacker will fail to retrieve any meaningful information due to our unique use of SRP protocol. This method of generating keys at both ends of the communications channel, means that Omlis never transmit sensitive data in plaintext and information related to transactions keys can be erased from memory as soon as it becomes redundant. Furthermore, our high integrity approach means that SQL injections are made impossible due to compile time and runtime checks, and keylogging is pointless as the input we collect from the keypad is only used for local encryption. Over the last few years PKI has been challenged with the increasingly impossible task of absorbing a fragmented range of devices with a common set of encryption protocols. Rather than settling for patchwork variations of PKI and commissioning improper deployments across the IoT, we need to rethink how we implement security across a range of devices. Omlis has the interoperable qualities which are the hallmark of PKI, but unlike PKI will maintain consistency and unbeatable security across a range of operational requirements. Omlis wrap authentication and encryption into a single product which greatly reduces the deployment and management efforts we associate with PKI. The service provider is given much more control of their security ecosystem with no overbearing third party dependencies, security is consistent and side channel attacks are effectively mitigated.
7150819_oml_pki_v1p | Public | © Omlis Limited 2015 1. https://www.venafi.com/assets/pdf/wp/ Ponemon_2015_Cost_of_Failed_Trust_ Report.pdf 2. http://blog.chromium.org/2014/09/gradually- sunsetting-sha-1.html 3. https://www.thales-esecurity.com/company/ press/news/2015/april/2015-global- encryption-and-key-management-trends- study-release 4. http://blog.ioactive.com/2014/01/personal- banking-apps-leak-info-through.html 5. https://www.venafi.com/assets/pdf/wp/ Ponemon_2015_Cost_of_Failed_Trust_ Report.pdf References Contributors The following individuals contributed to this report: Stéphane Roule Senior Technical Manager Nirmal Misra Senior Technical Manager Paul Holland Analyst Jack Stuart Assistant Analyst
Omlis Third Floor Tyne House Newcastle upon Tyne United Kingdom NE1 3JD +44 (0) 845 838 1308 info@omlis.com www.omlis.com © Omlis Limited 2015

Recommended

Reconsidering PKI and its Place in Your Enterprise Encryption Strategy
Reconsidering PKI and its Place in Your Enterprise Encryption StrategyReconsidering PKI and its Place in Your Enterprise Encryption Strategy
Reconsidering PKI and its Place in Your Enterprise Encryption StrategyNirmal Misra
 
Reconsidering Public Key Infrastructure and its Place in Your Enterprise Stra...
Reconsidering Public Key Infrastructure and its Place in Your Enterprise Stra...Reconsidering Public Key Infrastructure and its Place in Your Enterprise Stra...
Reconsidering Public Key Infrastructure and its Place in Your Enterprise Stra...Omlis
 
Reinventing Cybersecurity in the Internet of Things
Reinventing Cybersecurity in the Internet of ThingsReinventing Cybersecurity in the Internet of Things
Reinventing Cybersecurity in the Internet of ThingsNirmal Misra
 
F5 networks the_expectation_of_ssl_everywhere
F5 networks the_expectation_of_ssl_everywhereF5 networks the_expectation_of_ssl_everywhere
F5 networks the_expectation_of_ssl_everywhereF5 Networks
 
Public Key Infrastructure (PKI) Market 2021 - Regional Outlook and Competitiv...
Public Key Infrastructure (PKI) Market 2021 - Regional Outlook and Competitiv...Public Key Infrastructure (PKI) Market 2021 - Regional Outlook and Competitiv...
Public Key Infrastructure (PKI) Market 2021 - Regional Outlook and Competitiv...PiyushHipparkar
 
Cyfirma cybersecurity-predictions-2022-v1.0 c
Cyfirma cybersecurity-predictions-2022-v1.0 cCyfirma cybersecurity-predictions-2022-v1.0 c
Cyfirma cybersecurity-predictions-2022-v1.0 cAanchal579958
 
Block Armour Unified Secure Access Solution (based on Zero Trust principles)
Block Armour Unified Secure Access Solution (based on Zero Trust principles)Block Armour Unified Secure Access Solution (based on Zero Trust principles)
Block Armour Unified Secure Access Solution (based on Zero Trust principles)Block Armour
 
MIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the CloudMIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the CloudKumar Goud
 

Recommended

Reconsidering PKI and its Place in Your Enterprise Encryption Strategy
Reconsidering PKI and its Place in Your Enterprise Encryption StrategyReconsidering PKI and its Place in Your Enterprise Encryption Strategy
Reconsidering PKI and its Place in Your Enterprise Encryption StrategyNirmal Misra
 
Reconsidering Public Key Infrastructure and its Place in Your Enterprise Stra...
Reconsidering Public Key Infrastructure and its Place in Your Enterprise Stra...Reconsidering Public Key Infrastructure and its Place in Your Enterprise Stra...
Reconsidering Public Key Infrastructure and its Place in Your Enterprise Stra...Omlis
 
Reinventing Cybersecurity in the Internet of Things
Reinventing Cybersecurity in the Internet of ThingsReinventing Cybersecurity in the Internet of Things
Reinventing Cybersecurity in the Internet of ThingsNirmal Misra
 
F5 networks the_expectation_of_ssl_everywhere
F5 networks the_expectation_of_ssl_everywhereF5 networks the_expectation_of_ssl_everywhere
F5 networks the_expectation_of_ssl_everywhereF5 Networks
 
Public Key Infrastructure (PKI) Market 2021 - Regional Outlook and Competitiv...
Public Key Infrastructure (PKI) Market 2021 - Regional Outlook and Competitiv...Public Key Infrastructure (PKI) Market 2021 - Regional Outlook and Competitiv...
Public Key Infrastructure (PKI) Market 2021 - Regional Outlook and Competitiv...PiyushHipparkar
 
Cyfirma cybersecurity-predictions-2022-v1.0 c
Cyfirma cybersecurity-predictions-2022-v1.0 cCyfirma cybersecurity-predictions-2022-v1.0 c
Cyfirma cybersecurity-predictions-2022-v1.0 cAanchal579958
 
Block Armour Unified Secure Access Solution (based on Zero Trust principles)
Block Armour Unified Secure Access Solution (based on Zero Trust principles)Block Armour Unified Secure Access Solution (based on Zero Trust principles)
Block Armour Unified Secure Access Solution (based on Zero Trust principles)Block Armour
 
MIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the CloudMIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the CloudKumar Goud
 
Cloud Insecurity and True Accountability - Guardtime Whitepaper
Cloud Insecurity and True Accountability - Guardtime WhitepaperCloud Insecurity and True Accountability - Guardtime Whitepaper
Cloud Insecurity and True Accountability - Guardtime WhitepaperMartin Ruubel
 
Security in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and CloudSecurity in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and CloudITDogadjaji.com
 
Blockchain Defined Perimeter for Cloud Security
Blockchain Defined Perimeter for Cloud SecurityBlockchain Defined Perimeter for Cloud Security
Blockchain Defined Perimeter for Cloud SecurityBlock Armour
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing SecurityAhmed Banafa
 
KSI for IoT Security - Turning Defence Into Offence - Guardtime Whitepaper
KSI for IoT Security - Turning Defence Into Offence - Guardtime WhitepaperKSI for IoT Security - Turning Defence Into Offence - Guardtime Whitepaper
KSI for IoT Security - Turning Defence Into Offence - Guardtime WhitepaperMartin Ruubel
 
IoT security fresh thinking 2017 sep 9
IoT security fresh thinking 2017 sep 9IoT security fresh thinking 2017 sep 9
IoT security fresh thinking 2017 sep 9Arvind Tiwary
 
New Approaches to Security and Availability for Cloud Data
New Approaches to Security and Availability for Cloud DataNew Approaches to Security and Availability for Cloud Data
New Approaches to Security and Availability for Cloud DataEMC
 
Guardtime_KSI_Use_of_a_globally_distributed_blockchain_to_secure_SDN_whitepap...
Guardtime_KSI_Use_of_a_globally_distributed_blockchain_to_secure_SDN_whitepap...Guardtime_KSI_Use_of_a_globally_distributed_blockchain_to_secure_SDN_whitepap...
Guardtime_KSI_Use_of_a_globally_distributed_blockchain_to_secure_SDN_whitepap...Martin Ruubel
 
Attributable Networks - Guardtime Whitepaper
Attributable Networks - Guardtime WhitepaperAttributable Networks - Guardtime Whitepaper
Attributable Networks - Guardtime WhitepaperMartin Ruubel
 
Enabling privacy and_traceability_in_supply_chains_using_blockchain_and_zero_...
Enabling privacy and_traceability_in_supply_chains_using_blockchain_and_zero_...Enabling privacy and_traceability_in_supply_chains_using_blockchain_and_zero_...
Enabling privacy and_traceability_in_supply_chains_using_blockchain_and_zero_...Cláudia Alves
 
Construction Project Collaboration 030210
Construction Project Collaboration 030210Construction Project Collaboration 030210
Construction Project Collaboration 030210Alasdair Kilgour
 
Etude sur le marché de la cyber sécurité (2011)
Etude sur le marché de la cyber sécurité (2011) Etude sur le marché de la cyber sécurité (2011)
Etude sur le marché de la cyber sécurité (2011) PwC France
 
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORK
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORKCYBERSECURITY MESH - DIGITAL TRUST FRAMEWORK
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORKMaganathin Veeraragaloo
 
Cloud computing present
Cloud computing presentCloud computing present
Cloud computing presentJames Sutter
 
Why Passwords are not strong enough
Why Passwords are not strong enoughWhy Passwords are not strong enough
Why Passwords are not strong enoughEMC
 
Iot security requirements will reshape enterprise it security programs
Iot security requirements will reshape enterprise it security programsIot security requirements will reshape enterprise it security programs
Iot security requirements will reshape enterprise it security programsMarket Engel SAS
 
Infonetics Network and Content Security Vendor Scorecard
Infonetics Network and Content Security Vendor ScorecardInfonetics Network and Content Security Vendor Scorecard
Infonetics Network and Content Security Vendor ScorecardCisco Security
 
The Evolution of and Need for Secure Network Access
The Evolution of and Need for Secure Network AccessThe Evolution of and Need for Secure Network Access
The Evolution of and Need for Secure Network AccessCisco Security
 
IoT Security: Cases and Methods
IoT Security: Cases and MethodsIoT Security: Cases and Methods
IoT Security: Cases and MethodsLeonardo De Moura Rocha Lima
 
Myr slide
Myr slideMyr slide
Myr slidesmackitup
 
Evaluation #2
Evaluation #2Evaluation #2
Evaluation #2reikomatsumoto318
 
Yaz 1
Yaz 1Yaz 1
Yaz 1yalfadhel
 

More Related Content

What's hot

Cloud Insecurity and True Accountability - Guardtime Whitepaper
Cloud Insecurity and True Accountability - Guardtime WhitepaperCloud Insecurity and True Accountability - Guardtime Whitepaper
Cloud Insecurity and True Accountability - Guardtime WhitepaperMartin Ruubel
 
Security in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and CloudSecurity in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and CloudITDogadjaji.com
 
Blockchain Defined Perimeter for Cloud Security
Blockchain Defined Perimeter for Cloud SecurityBlockchain Defined Perimeter for Cloud Security
Blockchain Defined Perimeter for Cloud SecurityBlock Armour
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing SecurityAhmed Banafa
 
KSI for IoT Security - Turning Defence Into Offence - Guardtime Whitepaper
KSI for IoT Security - Turning Defence Into Offence - Guardtime WhitepaperKSI for IoT Security - Turning Defence Into Offence - Guardtime Whitepaper
KSI for IoT Security - Turning Defence Into Offence - Guardtime WhitepaperMartin Ruubel
 
IoT security fresh thinking 2017 sep 9
IoT security fresh thinking 2017 sep 9IoT security fresh thinking 2017 sep 9
IoT security fresh thinking 2017 sep 9Arvind Tiwary
 
New Approaches to Security and Availability for Cloud Data
New Approaches to Security and Availability for Cloud DataNew Approaches to Security and Availability for Cloud Data
New Approaches to Security and Availability for Cloud DataEMC
 
Guardtime_KSI_Use_of_a_globally_distributed_blockchain_to_secure_SDN_whitepap...
Guardtime_KSI_Use_of_a_globally_distributed_blockchain_to_secure_SDN_whitepap...Guardtime_KSI_Use_of_a_globally_distributed_blockchain_to_secure_SDN_whitepap...
Guardtime_KSI_Use_of_a_globally_distributed_blockchain_to_secure_SDN_whitepap...Martin Ruubel
 
Attributable Networks - Guardtime Whitepaper
Attributable Networks - Guardtime WhitepaperAttributable Networks - Guardtime Whitepaper
Attributable Networks - Guardtime WhitepaperMartin Ruubel
 
Enabling privacy and_traceability_in_supply_chains_using_blockchain_and_zero_...
Enabling privacy and_traceability_in_supply_chains_using_blockchain_and_zero_...Enabling privacy and_traceability_in_supply_chains_using_blockchain_and_zero_...
Enabling privacy and_traceability_in_supply_chains_using_blockchain_and_zero_...Cláudia Alves
 
Construction Project Collaboration 030210
Construction Project Collaboration 030210Construction Project Collaboration 030210
Construction Project Collaboration 030210Alasdair Kilgour
 
Etude sur le marché de la cyber sécurité (2011)
Etude sur le marché de la cyber sécurité (2011) Etude sur le marché de la cyber sécurité (2011)
Etude sur le marché de la cyber sécurité (2011) PwC France
 
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORK
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORKCYBERSECURITY MESH - DIGITAL TRUST FRAMEWORK
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORKMaganathin Veeraragaloo
 
Cloud computing present
Cloud computing presentCloud computing present
Cloud computing presentJames Sutter
 
Why Passwords are not strong enough
Why Passwords are not strong enoughWhy Passwords are not strong enough
Why Passwords are not strong enoughEMC
 
Iot security requirements will reshape enterprise it security programs
Iot security requirements will reshape enterprise it security programsIot security requirements will reshape enterprise it security programs
Iot security requirements will reshape enterprise it security programsMarket Engel SAS
 
Infonetics Network and Content Security Vendor Scorecard
Infonetics Network and Content Security Vendor ScorecardInfonetics Network and Content Security Vendor Scorecard
Infonetics Network and Content Security Vendor ScorecardCisco Security
 
The Evolution of and Need for Secure Network Access
The Evolution of and Need for Secure Network AccessThe Evolution of and Need for Secure Network Access
The Evolution of and Need for Secure Network AccessCisco Security
 

What's hot (19)

Cloud Insecurity and True Accountability - Guardtime Whitepaper
Cloud Insecurity and True Accountability - Guardtime WhitepaperCloud Insecurity and True Accountability - Guardtime Whitepaper
Cloud Insecurity and True Accountability - Guardtime Whitepaper
 
Security in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and CloudSecurity in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and Cloud
 
Blockchain Defined Perimeter for Cloud Security
Blockchain Defined Perimeter for Cloud SecurityBlockchain Defined Perimeter for Cloud Security
Blockchain Defined Perimeter for Cloud Security
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
 
KSI for IoT Security - Turning Defence Into Offence - Guardtime Whitepaper
KSI for IoT Security - Turning Defence Into Offence - Guardtime WhitepaperKSI for IoT Security - Turning Defence Into Offence - Guardtime Whitepaper
KSI for IoT Security - Turning Defence Into Offence - Guardtime Whitepaper
 
IoT security fresh thinking 2017 sep 9
IoT security fresh thinking 2017 sep 9IoT security fresh thinking 2017 sep 9
IoT security fresh thinking 2017 sep 9
 
New Approaches to Security and Availability for Cloud Data
New Approaches to Security and Availability for Cloud DataNew Approaches to Security and Availability for Cloud Data
New Approaches to Security and Availability for Cloud Data
 
Guardtime_KSI_Use_of_a_globally_distributed_blockchain_to_secure_SDN_whitepap...
Guardtime_KSI_Use_of_a_globally_distributed_blockchain_to_secure_SDN_whitepap...Guardtime_KSI_Use_of_a_globally_distributed_blockchain_to_secure_SDN_whitepap...
Guardtime_KSI_Use_of_a_globally_distributed_blockchain_to_secure_SDN_whitepap...
 
Attributable Networks - Guardtime Whitepaper
Attributable Networks - Guardtime WhitepaperAttributable Networks - Guardtime Whitepaper
Attributable Networks - Guardtime Whitepaper
 
Enabling privacy and_traceability_in_supply_chains_using_blockchain_and_zero_...
Enabling privacy and_traceability_in_supply_chains_using_blockchain_and_zero_...Enabling privacy and_traceability_in_supply_chains_using_blockchain_and_zero_...
Enabling privacy and_traceability_in_supply_chains_using_blockchain_and_zero_...
 
Construction Project Collaboration 030210
Construction Project Collaboration 030210Construction Project Collaboration 030210
Construction Project Collaboration 030210
 
Etude sur le marché de la cyber sécurité (2011)
Etude sur le marché de la cyber sécurité (2011) Etude sur le marché de la cyber sécurité (2011)
Etude sur le marché de la cyber sécurité (2011)
 
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORK
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORKCYBERSECURITY MESH - DIGITAL TRUST FRAMEWORK
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORK
 
Cloud computing present
Cloud computing presentCloud computing present
Cloud computing present
 
Why Passwords are not strong enough
Why Passwords are not strong enoughWhy Passwords are not strong enough
Why Passwords are not strong enough
 
Iot security requirements will reshape enterprise it security programs
Iot security requirements will reshape enterprise it security programsIot security requirements will reshape enterprise it security programs
Iot security requirements will reshape enterprise it security programs
 
Infonetics Network and Content Security Vendor Scorecard
Infonetics Network and Content Security Vendor ScorecardInfonetics Network and Content Security Vendor Scorecard
Infonetics Network and Content Security Vendor Scorecard
 
The Evolution of and Need for Secure Network Access
The Evolution of and Need for Secure Network AccessThe Evolution of and Need for Secure Network Access
The Evolution of and Need for Secure Network Access
 
IoT Security: Cases and Methods
IoT Security: Cases and MethodsIoT Security: Cases and Methods
IoT Security: Cases and Methods
 

Viewers also liked

Surviving Corporate America and Keeping Your Soul Intact
Surviving Corporate America and Keeping Your Soul IntactSurviving Corporate America and Keeping Your Soul Intact
Surviving Corporate America and Keeping Your Soul IntactJames Parks
 
“Часто допускаемые ошибки при заведении SEO-кампании в SeoPult”
“Часто допускаемые ошибки при заведении SEO-кампании в SeoPult” “Часто допускаемые ошибки при заведении SEO-кампании в SeoPult”
“Часто допускаемые ошибки при заведении SEO-кампании в SeoPult” Cybermarketing, Moscow
 
Active video protection, in all circumstances.
Active video protection, in all circumstances.Active video protection, in all circumstances.
Active video protection, in all circumstances.Michel de Ruiter
 
LA PSICOLOGIA POSITIVA NELL'OTTICA DI BENESSERE PSICO NEURO METABOLICO
LA PSICOLOGIA POSITIVA NELL'OTTICA DI BENESSERE PSICO NEURO METABOLICO LA PSICOLOGIA POSITIVA NELL'OTTICA DI BENESSERE PSICO NEURO METABOLICO
LA PSICOLOGIA POSITIVA NELL'OTTICA DI BENESSERE PSICO NEURO METABOLICO Dr. Massimo Agnoletti Ph.D.
 
National Bank of Pakistan Branches
National Bank of Pakistan BranchesNational Bank of Pakistan Branches
National Bank of Pakistan BranchesAsim Rana
 

Viewers also liked (20)

Myr slide
Myr slideMyr slide
Myr slide
 
Evaluation #2
Evaluation #2Evaluation #2
Evaluation #2
 
Yaz 1
Yaz 1Yaz 1
Yaz 1
 
Drojnet2
Drojnet2Drojnet2
Drojnet2
 
Test document
Test documentTest document
Test document
 
mi colegio
mi colegio mi colegio
mi colegio
 
Slideshare
SlideshareSlideshare
Slideshare
 
Korea
KoreaKorea
Korea
 
Aparentele inseala
Aparentele insealaAparentele inseala
Aparentele inseala
 
Surviving Corporate America and Keeping Your Soul Intact
Surviving Corporate America and Keeping Your Soul IntactSurviving Corporate America and Keeping Your Soul Intact
Surviving Corporate America and Keeping Your Soul Intact
 
Alcanos
AlcanosAlcanos
Alcanos
 
“Часто допускаемые ошибки при заведении SEO-кампании в SeoPult”
“Часто допускаемые ошибки при заведении SEO-кампании в SeoPult” “Часто допускаемые ошибки при заведении SEO-кампании в SeoPult”
“Часто допускаемые ошибки при заведении SEO-кампании в SeoPult”
 
Estrategias de lectura
Estrategias de lecturaEstrategias de lectura
Estrategias de lectura
 
I mil be_26_1_2012
I mil be_26_1_2012I mil be_26_1_2012
I mil be_26_1_2012
 
Active video protection, in all circumstances.
Active video protection, in all circumstances.Active video protection, in all circumstances.
Active video protection, in all circumstances.
 
Testing
TestingTesting
Testing
 
LA PSICOLOGIA POSITIVA NELL'OTTICA DI BENESSERE PSICO NEURO METABOLICO
LA PSICOLOGIA POSITIVA NELL'OTTICA DI BENESSERE PSICO NEURO METABOLICO LA PSICOLOGIA POSITIVA NELL'OTTICA DI BENESSERE PSICO NEURO METABOLICO
LA PSICOLOGIA POSITIVA NELL'OTTICA DI BENESSERE PSICO NEURO METABOLICO
 
Tutorial diigo
Tutorial diigoTutorial diigo
Tutorial diigo
 
National Bank of Pakistan Branches
National Bank of Pakistan BranchesNational Bank of Pakistan Branches
National Bank of Pakistan Branches
 
Bhuvana Resume
Bhuvana ResumeBhuvana Resume
Bhuvana Resume
 

Similar to 150819_oml_pki_v1p

151022_oml_reinventing_cybersecurity_IoT_v1p
151022_oml_reinventing_cybersecurity_IoT_v1p151022_oml_reinventing_cybersecurity_IoT_v1p
151022_oml_reinventing_cybersecurity_IoT_v1pStéphane Roule
 
Debunking the Myths of SSL VPN Security
Debunking the Myths of SSL VPN SecurityDebunking the Myths of SSL VPN Security
Debunking the Myths of SSL VPN Securityinside-BigData.com
 
Communications Technologies
Communications TechnologiesCommunications Technologies
Communications TechnologiesSarah Jimenez
 
BIOMETRIC SMARTCARD AUTHENTICATION FOR FOG COMPUTING
BIOMETRIC SMARTCARD AUTHENTICATION FOR FOG COMPUTINGBIOMETRIC SMARTCARD AUTHENTICATION FOR FOG COMPUTING
BIOMETRIC SMARTCARD AUTHENTICATION FOR FOG COMPUTINGIJNSA Journal
 
BIOMETRIC SMARTCARD AUTHENTICATION FOR FOG COMPUTING
BIOMETRIC SMARTCARD AUTHENTICATION FOR FOG COMPUTINGBIOMETRIC SMARTCARD AUTHENTICATION FOR FOG COMPUTING
BIOMETRIC SMARTCARD AUTHENTICATION FOR FOG COMPUTINGIJNSA Journal
 
Secure ip payment networks what's available other than ssl - final
Secure ip payment networks what's available other than ssl - finalSecure ip payment networks what's available other than ssl - final
Secure ip payment networks what's available other than ssl - finalAlex Tan
 
Block Armour Zero Trust Cybersecurity Mesh for Telcom
Block Armour Zero Trust Cybersecurity Mesh for TelcomBlock Armour Zero Trust Cybersecurity Mesh for Telcom
Block Armour Zero Trust Cybersecurity Mesh for TelcomBlockArmour1
 
Block Armour Zero Trust Cybersecurity Mesh for Oil and Gas
Block Armour Zero Trust Cybersecurity Mesh for Oil and GasBlock Armour Zero Trust Cybersecurity Mesh for Oil and Gas
Block Armour Zero Trust Cybersecurity Mesh for Oil and GasBlockArmour1
 
Improve network safety through better visibility – Netmagic
Improve network safety through better visibility – NetmagicImprove network safety through better visibility – Netmagic
Improve network safety through better visibility – NetmagicNetmagic Solutions Pvt. Ltd.
 
Top 9 Data Security Trends for 2012
Top 9 Data Security Trends for 2012Top 9 Data Security Trends for 2012
Top 9 Data Security Trends for 2012Imperva
 
CIO Review - Top 20 CyberSecurity
CIO Review - Top 20 CyberSecurityCIO Review - Top 20 CyberSecurity
CIO Review - Top 20 CyberSecurityBob Guimarin
 
Meeting Mobile and BYOD Security Challenges
Meeting Mobile and BYOD Security ChallengesMeeting Mobile and BYOD Security Challenges
Meeting Mobile and BYOD Security ChallengesSymantec
 
IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...
IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...
IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...Entrust Datacard
 
Implementing High Grade Security in Cloud Application using Multifactor Auth...
Implementing High Grade Security in Cloud Application using Multifactor Auth...Implementing High Grade Security in Cloud Application using Multifactor Auth...
Implementing High Grade Security in Cloud Application using Multifactor Auth...IJwest
 
BlockChain Enabled-Cloud Delivered For Network Secuirty
BlockChain Enabled-Cloud Delivered For Network SecuirtyBlockChain Enabled-Cloud Delivered For Network Secuirty
BlockChain Enabled-Cloud Delivered For Network SecuirtyHappiest Minds Technologies
 
Trusted computing for infrastructure
Trusted computing for infrastructureTrusted computing for infrastructure
Trusted computing for infrastructureEricsson
 
Chris Swan's presentation from the London Tech Entrepreneurs' Meetup
Chris Swan's presentation from the London Tech Entrepreneurs' MeetupChris Swan's presentation from the London Tech Entrepreneurs' Meetup
Chris Swan's presentation from the London Tech Entrepreneurs' MeetupCohesive Networks
 
Efficient Data Security for Mobile Instant Messenger
Efficient Data Security for Mobile Instant MessengerEfficient Data Security for Mobile Instant Messenger
Efficient Data Security for Mobile Instant MessengerPutra Wanda
 

Similar to 150819_oml_pki_v1p (20)

151022_oml_reinventing_cybersecurity_IoT_v1p
151022_oml_reinventing_cybersecurity_IoT_v1p151022_oml_reinventing_cybersecurity_IoT_v1p
151022_oml_reinventing_cybersecurity_IoT_v1p
 
Debunking the Myths of SSL VPN Security
Debunking the Myths of SSL VPN SecurityDebunking the Myths of SSL VPN Security
Debunking the Myths of SSL VPN Security
 
Investor Presentation
Investor PresentationInvestor Presentation
Investor Presentation
 
Communications Technologies
Communications TechnologiesCommunications Technologies
Communications Technologies
 
BIOMETRIC SMARTCARD AUTHENTICATION FOR FOG COMPUTING
BIOMETRIC SMARTCARD AUTHENTICATION FOR FOG COMPUTINGBIOMETRIC SMARTCARD AUTHENTICATION FOR FOG COMPUTING
BIOMETRIC SMARTCARD AUTHENTICATION FOR FOG COMPUTING
 
BIOMETRIC SMARTCARD AUTHENTICATION FOR FOG COMPUTING
BIOMETRIC SMARTCARD AUTHENTICATION FOR FOG COMPUTINGBIOMETRIC SMARTCARD AUTHENTICATION FOR FOG COMPUTING
BIOMETRIC SMARTCARD AUTHENTICATION FOR FOG COMPUTING
 
Secure ip payment networks what's available other than ssl - final
Secure ip payment networks what's available other than ssl - finalSecure ip payment networks what's available other than ssl - final
Secure ip payment networks what's available other than ssl - final
 
Block Armour Zero Trust Cybersecurity Mesh for Telcom
Block Armour Zero Trust Cybersecurity Mesh for TelcomBlock Armour Zero Trust Cybersecurity Mesh for Telcom
Block Armour Zero Trust Cybersecurity Mesh for Telcom
 
Block Armour Zero Trust Cybersecurity Mesh for Oil and Gas
Block Armour Zero Trust Cybersecurity Mesh for Oil and GasBlock Armour Zero Trust Cybersecurity Mesh for Oil and Gas
Block Armour Zero Trust Cybersecurity Mesh for Oil and Gas
 
Improve network safety through better visibility – Netmagic
Improve network safety through better visibility – NetmagicImprove network safety through better visibility – Netmagic
Improve network safety through better visibility – Netmagic
 
Top 9 Data Security Trends for 2012
Top 9 Data Security Trends for 2012Top 9 Data Security Trends for 2012
Top 9 Data Security Trends for 2012
 
CIO Review - Top 20 CyberSecurity
CIO Review - Top 20 CyberSecurityCIO Review - Top 20 CyberSecurity
CIO Review - Top 20 CyberSecurity
 
Meeting Mobile and BYOD Security Challenges
Meeting Mobile and BYOD Security ChallengesMeeting Mobile and BYOD Security Challenges
Meeting Mobile and BYOD Security Challenges
 
IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...
IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...
IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...
 
Implementing High Grade Security in Cloud Application using Multifactor Auth...
Implementing High Grade Security in Cloud Application using Multifactor Auth...Implementing High Grade Security in Cloud Application using Multifactor Auth...
Implementing High Grade Security in Cloud Application using Multifactor Auth...
 
BlockChain Enabled-Cloud Delivered For Network Secuirty
BlockChain Enabled-Cloud Delivered For Network SecuirtyBlockChain Enabled-Cloud Delivered For Network Secuirty
BlockChain Enabled-Cloud Delivered For Network Secuirty
 
Trusted computing for infrastructure
Trusted computing for infrastructureTrusted computing for infrastructure
Trusted computing for infrastructure
 
Case study
Case studyCase study
Case study
 
Chris Swan's presentation from the London Tech Entrepreneurs' Meetup
Chris Swan's presentation from the London Tech Entrepreneurs' MeetupChris Swan's presentation from the London Tech Entrepreneurs' Meetup
Chris Swan's presentation from the London Tech Entrepreneurs' Meetup
 
Efficient Data Security for Mobile Instant Messenger
Efficient Data Security for Mobile Instant MessengerEfficient Data Security for Mobile Instant Messenger
Efficient Data Security for Mobile Instant Messenger
 

150819_oml_pki_v1p

  • 1. Reconsidering PKI and its Place in Your Enterprise Encryption Strategy 150819_oml_v1p | Public | © Omlis Limited 2015
  • 2. 1150819_oml_pki_v1p | Public | © Omlis Limited 2015 Contents Introduction 2 Smartphone, IoT and Fragmented Platforms Bring Challenges and Inconsistencies to PKI 3 Cost and Complexity 4 Transitioning into the Future 5 Omlis: Reducing Complexity, Mitigating Risk and Cutting Costs 6 References 7 Contributors 7
  • 3. 2150819_oml_pki_v1p | Public | © Omlis Limited 2015 Introduction Three years ago, Gartner made the claim that certificates can no longer be blindly trusted; a statement which seems more and more prophetic as the digital world relentlessly develops its capabilities at a pace which digital certificates struggles to maintain. In an era of SDNs (Software-defined Networks), cloud implementation and lightweight agile solutions, many modern implementations of the certificate-based security methodology known as PKI (Public Key Infrastructure) are beginning to look increasingly outmoded, representing a very manual and increasingly unmanageable approach. PKI has undoubtedly formed an integral part of internet security, but the SSL / TLS-based system is proving increasingly vulnerable under the weight of the latest digital ecosystem. PKI was, at best, acceptable for desktops and laptops operating over closed networks inside corporate firewalls. The mobile revolution has exposed existing cracks, making the commonly accepted methodology look cumbersome and ultimately, unsecure. PKI still has a role to play in the less ‘mission critical’ aspects of internet security and to start describing it as a legacy architecture may be premature, but an increasingly connected world clearly needs to narrow the scope of its usage. According to research from Ponemon’s paper entitled “2015 Cost of Failed Trust Report” the number of keys and certificates has grown over 34% to 24,000 per enterprise 1 . For PKI to remain effective it must co-exist with powerful, secure and more versatile forms of encryption like that on offer from Omlis. To provide context, it’s often stated that we’re at the third of the internet’s biggest evolutionary stages. We began with the era of mainframes and terminals, before moving to the second evolutionary platform which constituted the client / server model thereby introducing us to internet / LAN, or “Web 2.0” as it was often labelled in the media. This was the climate in which PKI began to thrive, lasting until around 2005 when the net began to take on new dimensions. We’re now fully submerged in “Platform 3.0”, which is defined as an era of mobile, cloud, big data, IoT (Internet of Things), M2M (Machine-to-Machine), and BYOD (Bring Your Own Device) which brings with it a unique set of security demands.
  • 4. 3150819_oml_pki_v1p | Public | © Omlis Limited 2015 Smartphone, IoT and Fragmented Platforms Bring Challenges and Inconsistencies to PKI If PKI reached its practical zenith under the narrow platform of laptops and desktops, the IoT and the smartphone could represent the beginning of its demise due to an abundance of devices and operating systems all having different security requirements and equally different capabilities. Connected cars and other pervasive devices, smart cities and especially the smartphone have meant PKI has struggled to maintain any consistent level of security. Security applications and protocols such as SSL / TLS and the hashing functions associated with the SHA (Secure Hash Algorithm) family have become particularly complicated in the delivery of safe and secure mobile commerce. On the Android platform, TLS 1.1 is available from version 4.1 (Jelly Bean) and SHA-256 is only available from version 5.0 (Lollipop) onwards, which is currently deployed on less than 10% of Android devices. At the same time, banks, service providers and software vendors are expected to deliver secure mobile applications to the broadest possible audience on the most Android operating systems. In the most extreme cases some mobile banking apps are still intended to run on Android version 2.3, which only supports SSL3.0 and SHA-1. Aging protocols represent a critical problem in both a commercial and a security sense with Google announcing that they will start penalizing HTTPS sites where certificate chains are using SHA-1 with validity past January 2017 2 . “Omlis is providing a full in-house security solution able to cover all types of mobile devices, wearables and connected appliances where traditional security solutions do not fit. It’s the only solution light enough to deploy on any support and at the same time increase security and fraud prevention for everyone in a highly connected world. ”Stéphane Roule, Senior Technical Manager at Omlis
  • 5. 4 Cost and Complexity Even if PKI users can iron out its most obvious algorithmic weaknesses in their implementation such as migrating their applications to TLS 1.2 and SHA-2, the limiting factor all PKI schemes inevitably share is that they naturally incur a high degree of cost and complexity. This cost is represented not just in the initial capital expenditure, but also in the ongoing total cost of ownership. PKI relies on a variety of moving parts thus vastly reducing the service provider’s autonomy over their own security network. Certificate authorities become trusted third parties, providing the actual certificates and offering additional services such as hosted solutions; expensive third party administration is often needed due to the complexity and ongoing needs of the admin process. At the heart of the system, mission critical PKI implementations rely on costly HSMs (Hardware Security Modules) to store and generate keys, which are derived through equally costly and elaborate key generation ceremonies, requiring intensively manual implementation and maintenance programs. This is a particular pain point for companies, as evidenced in Thales’ “2015 Global Encryption and Key Management Trends Study”, where it was revealed that 51% of respondents perceived key management to be the most important feature of an encryption technology solution; 33% found the ongoing management of these keys to be one of the biggest challenges in planning and executing an encryption strategy 3 . On top of this, PKI bears the weighty cost of secure facilities, installation and configuration, complicated audits and a consistent level of staffing for continued maintenance, operation and monitoring. All of these costs form an inherent part of PKI’s weighty machinery; unlike Omlis’ rapidly deployable, low complexity, high security solution. A company with a PKI infrastructure can attempt to reduce complexity by using self-signed certificates but this in turn reduces levels of security and has a negative effect on the company’s security profile itself; if a web server detects a self-signed certificate, it’ll often display a security alert which is obviously bad public relations. Self-signed certificates once again demonstrate the mismatch of open networks and PKI. Hackers can attempt techniques such as ARP spoofing and DNS tampering to intercept traffic and redirect banking users to illegitimate sites or as the basis for DoS (Denial of Service) attacks. Alarmingly, a recent study by IOActive discovered that 40% of the global banking apps which they tested didn’t validate the authenticity of SSL certificates 4 . According to Ponemon, the total impact of an exploited enterprise mobility certificate is valued at $126m 5 . The prevalence of these attacks and the stratospheric costs associated with them have led NIST to publish actual industry guidelines entitled “Preparing for and Responding to Certification Authority Compromise and Fraudulent Certificate Issuance.” PKI layers of control: HSM hosted by the service provider Certificate exchange Service Provider Certificate Certificate provided by a trusted third party to the service provider Certificate Secure data exchange 150819_oml_pki_v1p | Public | © Omlis Limited 2015
  • 6. 5150819_oml_pki_v1p | Public | © Omlis Limited 2015 Transitioning into the Future PKI resembles a heavyweight and complex machinery in a world where security solutions are becoming far more fluid. Evolving threats and the perils of open networks mean that the next generation of internet usage demands modular and agile solutions which can be deployed from the cloud, are adaptable in nature and have a number of delivery methods such as EaaS (Encryption as a Service). As much as delivery models need to be adaptable to cross-platform usage, security needs to be consistent, using the most secure protocols and the most suitable key exchange methods. As we move towards network developments such as 5G and concepts such as Li-Fi, Omlis represent a perfectly fluid, adaptable and low cost solution to everyday encryption. Working instead of, or in tandem with a PKI architecture, Omlis offer a genuinely compelling and futureproof answer to some of the most pressing security questions. As much as this forward thinking approach is essential, tying together an expanding network of both legacy and cutting-edge devices is also key to interoperability and inclusion. Omlis’ ability to unite a disparate set of legacy components with consistent, cross-platform security protocols positions us perfectly as the security method of the future. “ Omlis Technology has been specifically designed for the mobile world, providing a very high level of security whilst being easy to deploy and manage. Omlis has been able to empower the mobile device in a unique way in order to deliver alternative solutions and create trust for mobile users. ”Markus Milsted, founder and CEO of Omlis
  • 7. 6150819_oml_pki_v1p | Public | © Omlis Limited 2015 Omlis: Reducing Complexity, Mitigating Risk and Cutting Costs Unlike PKI, Omlis doesn’t require HSMs, third party certificate providers or complex key management procedures. Unique keys are generated at the point of transaction and due to the design of our distributed architecture, actual keys are never sent over the network and are never stored on the client or server side; so even if a MitM attack takes place, the hacker will fail to retrieve any meaningful information due to our unique use of SRP protocol. This method of generating keys at both ends of the communications channel, means that Omlis never transmit sensitive data in plaintext and information related to transactions keys can be erased from memory as soon as it becomes redundant. Furthermore, our high integrity approach means that SQL injections are made impossible due to compile time and runtime checks, and keylogging is pointless as the input we collect from the keypad is only used for local encryption. Over the last few years PKI has been challenged with the increasingly impossible task of absorbing a fragmented range of devices with a common set of encryption protocols. Rather than settling for patchwork variations of PKI and commissioning improper deployments across the IoT, we need to rethink how we implement security across a range of devices. Omlis has the interoperable qualities which are the hallmark of PKI, but unlike PKI will maintain consistency and unbeatable security across a range of operational requirements. Omlis wrap authentication and encryption into a single product which greatly reduces the deployment and management efforts we associate with PKI. The service provider is given much more control of their security ecosystem with no overbearing third party dependencies, security is consistent and side channel attacks are effectively mitigated.
  • 8. 7150819_oml_pki_v1p | Public | © Omlis Limited 2015 1. https://www.venafi.com/assets/pdf/wp/ Ponemon_2015_Cost_of_Failed_Trust_ Report.pdf 2. http://blog.chromium.org/2014/09/gradually- sunsetting-sha-1.html 3. https://www.thales-esecurity.com/company/ press/news/2015/april/2015-global- encryption-and-key-management-trends- study-release 4. http://blog.ioactive.com/2014/01/personal- banking-apps-leak-info-through.html 5. https://www.venafi.com/assets/pdf/wp/ Ponemon_2015_Cost_of_Failed_Trust_ Report.pdf References Contributors The following individuals contributed to this report: Stéphane Roule Senior Technical Manager Nirmal Misra Senior Technical Manager Paul Holland Analyst Jack Stuart Assistant Analyst
  • 9. Omlis Third Floor Tyne House Newcastle upon Tyne United Kingdom NE1 3JD +44 (0) 845 838 1308 info@omlis.com www.omlis.com © Omlis Limited 2015