Dual Encryption Methods

Dual Encryption Matters

Why Encryption?

Encryption is, quite simply, a means of ensuring your information remains your (and only your) information. It disrupts the “mind your own business” adage by attempting to make it impossible for others to mind your business. Tracing the trail of encryption (or cryptography, as they were almost synonyms until more recently as encryption has become digital) back through time, some of the very earliest encryption was used to protect military orders. This isn’t surprising, as an effective military must keep its movements secret from the enemy. The Arabs, Greeks, Romans—almost all the cultures of the ancient world, in fact—used encryption in some form, though the Arabs are thought to be the first to document the subject. Military secrets needed to remain secret.

In his history of cryptography and encryption, The Codebreakers, David Kahn describes a 3″ x 2″ tablet from around 1500 B.C. This Mesopotamian tablet described the earliest known formula for making pottery glazes, protected with a cipher to safeguard trade secrets. Information was protected with encryption.

Fast-forward through time. More people in the world meant more secrets. Religions split and collided. Sciences grew, hid, grew more, and blossomed. And during all these changes and growth spurts, information about many topics had to be kept hidden from some group or another.

Today, information is just as valuable as ever and, since there is more of it and it is more accessible, protecting information has become a job in itself. Therefore, we encrypt to protect our organizations, our intellectual property, our families, our country, and, most importantly, our security.

 

But Really, Why Encryption?

We know there is information we need to protect, but is that the only reason we encrypt things? Nope! The tree of encryption bears three other fruits: authentication, integrity, and nonrepudiation.

Authentication refers to proving the sender is who they say they are. This is simple to picture. If you receive an encrypted message from someone and it’s using the encryption you both previously decided on, then you know the person sending you the message is the person you think it is. By using encryption, the sender has provided some proof of their identity or, at least, their authority to send an encrypted message.

Dual Encryption Methods

Integrity provides assurance that the information hasn’t been altered. Again, this is simple to picture: if you take a piece of data, encrypt it, and then decrypt it, you will have the same piece of data. If anything happens to that data, it won’t decrypt properly, and you’ll have a mess of random characters. If you have a mess, you know the integrity of the information has been compromised.

Nonrepudiation is a fun word that means the sender can’t say they didn’t send the information. If only two people have the encryption keys and information is encrypted using those keys (and assuming the receiver didn’t send it to themselves), then the sender is the sender. If the sender says they didn’t send it, the fact that the encryption was used proves they did. That is, the sender is unable to repudiate (or disavow) they sent the information.

 

Dual Encryption Matters

So, your information is protected with encryption, which is great. But what if someone breaks that encryption? One virtual lock picked, and your information is now in peril. Perhaps the easiest way to visualize this is a door with both a door lock and deadbolt. Any attempted intrusion has to bypass both locks before the door can be opened. By using two levels of encryption, information is safeguarded against a single point of failure.

encryption methods to protect devices

Encryption should ensure the amount of time required to defeat the encryption is longer than the amount of time the data is of value and required to be secure. With AES-256 encryption, the current accepted standard, block lengths support 256 bits from which to create a key. Imagine guessing an ATM pin that was 256 characters long and the variations that it could contain. That’s a lot of really long numbers.

To put this in another context, breaking a symmetric 256-bit key by brute force would theoretically take longer than our universe has existed—multiplied by a billion. Now imagine two layers of AES-256 encryption and you can see why dual encryption matters: having to brute force through two layers of such a tough encryption standard borders on statistically impossible.

 

Two Heads are Better than One

Most cryptographic solutions make use of a single software library to provide encryption and decryption of data. A single software library does give you encryption, true, but also comes with the risk that in the event of a zero-day compromise of the library, the entire encryption fails.

To combat this single point of compromise, Fognigma (our enterprise software solution which gives organizations the power to build encrypted, invisible, and anonymized cloud-based networks, thus securing your communications and online activities) offers the ability to add in a completely separate secondary software library to dual layers of encryption. In the event of a zero-day exploit or other compromise of one library, the second library remains uncompromised and your data remains safe.

In addition to the standard versions of these libraries (OpenSSL and wolfSSL), Fognigma also offer a FIPS 140-2 validated version of each library (OpenSSL – Certificate #3284; wolfSSL’s wolfCrypt – Certificate #2425).  By using one or both of these FIPS-certified cryptographic libraries, Fognigma can comply with the most rigorous regulatory requirements.

Dual layers of encryption. Dual software libraries. Fognigma is ready to give you the power to protect everything your organization holds dear. Contact us today to learn more or to schedule a demo.

File Share Solutions-01

Info Sharing & Safeguarding

“It’s not reality unless it’s shared.” – Pete Blaber, The Mission, the Men, and Me

 

Information Sharing is Key

Information that just exists has almost no value. Only when information is analyzed and acted upon does it become meaningful and valuable. Information has built the world around us, and many of our most important advancements have been due to the sharing of information. In today’s hyper-connected world, where information is a valuable commodity, sharing the wrong information with the wrong people is disastrous, especially when that information is important for national security. Information sharing is inevetable, but ensuring the right security is behind it is where the focus should be.

private information key

This is why, in six of the seven objectives of the 2019 National Intelligence Strategy, controlling the sharing of information is mentioned in one form or another. Sometimes the sharing is within the Intelligence Community (IC), but quite often it is sharing with external partners. In its simplest form, external partners fall into two categories: trusted and untrusted. Trusted partners include other agencies, institutions, or organizations within our borders or those of our allies. Untrusted partners would be those same groups but in countries who are not yet our allies, or not as close as other allies, plus individual sources and informants. To make matters even more complicated, sometimes our trusted partners are in untrusted environments or the partnership is only for a single mission. So, sharing information isn’t as easy or safe as it sounds, but it can be . . . with Fognigma.

“[C]ritical decision making data will be made available through modem cloud networking, access control, and cross domain solutions to those who require access.” – Department of Defense Cloud Strategy

 

Fognigma Protects Sharing within Agencies

When Agency A collaborates with Agency B, data needs to flow back and forth in a safe and secure manner. But (and this is a really big but), it has to be tightly controlled so as to share only the information intended. That is, it can’t be everything Agency A and B know, but just those bits of information applicable to the mission at hand. This is the exact reason we call Fognigma’s traceless and encrypted networks Mission Partner Networks (MPNs).

But first, a little background. Fognigma’s patented enterprise software creates networks using strategically leased virtual machines (VMs) spread out over one or more cloud service providers. These VMs work together, forming one network that is wrapped in FIPS 140-2 validated, cascading AES-256 encryption. MPNs are as persistent or temporary as needed, created manually or on a schedule for optimum cybersecurity and conservation of resources.

mission partner networks

Now back to the MPN name, itself. When multiple agencies need to work together, they create an MPN and tailor it to their needs. Inside the MPN, they’ll have access to communication tools (such as traceless phones, secure chat messaging, and encrypted video conferencing) and protected file share.

The key here is that MPNs are brand new networks that are created when agencies need to work together. Resources and components inside the MPN can be shared between agencies and agents on a granularly controlled “as needed” basis. And then, when the mission has concluded, the MPNs are destroyed leaving no trace the networks (and, equally important, the collaboration between agencies) ever existed. This temporary nature of the MPN makes it supremely difficult to discover, which makes its protected data even more secure.

“6,515 breaches were reported [in 2018,] exposing approximately 5 billion records.” – 2018 Data Breach QuickView Report

Fognigma Protects Sharing in Untrusted Locales and with Untrusted Locals

Often on missions agents must venture into untrusted or unsecured territories—places where communicating over the public infrastructure is almost synonymous with handing third parties access to your communications (i.e., interception is a given). When using Fognigma in these scenarios, agents use any device to connect to their agency’s MPN. Once connected and inside their MPN, any data shared is encrypted and invisible to outside eyes and ears.

Information sharing with untrusted assets, such as informants or other sources, is also safer using a variety of Fognigma tools. If such an informant wants to deliver documents and photos, for example, a special link is created that allows the informant to transfer the information without being able to access anything else on the network. It’s like inviting someone into a bare room with no windows where they can store things, but there isn’t anything for them to look at or take and the only door is the one through which they entered. Containerized, for your protection.

encrypted file sharing

Fognigma’s telephony solutions provide two methods of safeguarding information over the phone: encrypted VoIP over cellular infrastructure and misattributed calling. Both methods assist communications to and from untrusted locations and assets. Organizations can create entire VoIP phone networks (complete with extensions and customized inbound and outbound numbers) for end-to-end protected calls. Misattributed calling is accomplished by creating a call chain where phone calls pass through two intermediary numbers which completely dissociates the end users and makes calls appear to be coming or going from local numbers, instead of to or from the agency itself.

“To improve cybersecurity in the United States through enhanced sharing of information about cybersecurity threats, and for other purposes.” – Senate Bill S.754

 

Fognigma Protects Sharing with Global Allies

In a world where information is constantly flowing and each day brings new stories of massive data breaches, it’s more important than ever to protect data. When data is traveling between agencies or beyond our country’s borders, safeguarding it becomes crucial (often quite literally a “life or death” undertaking). Whether it’s being shared with the Five Eyes alliance (Australia, Britain, Canada, New Zealand, and the US) or any other countries we’re partnering with, international info sharing must be protected. And not just protected, but also dissociated, as global diplomacy is a precarious (at best) balancing act of working together and putting one’s own best interests first.

As illustrated in the previous sections, Fognigma is ready, willing, and able to assist international information sharing with leading-edge and patented technology, while insuring that information remains secure. Fognigma is also constantly evolving—adding more features and technologies to provide agencies the most secure communications and collaboration tools possible.

For more information on how Fognigma can assist your agency with info sharing and safeguarding, contact Dexter Edward today.

Isometric businessmen with gadgets, work on virtual screens, on-line management of electronic devices, virtual glasses, virtual reality.

Fognigma Bolsters Strategic Intelligence

Strategic Intelligence and the 2019 National Intelligence Strategy

Recently, the Office of the Director of National Intelligence released their 2019 National Intelligence Strategy. The Director of National Intelligence, Daniel R. Coats, stated in his introduction, the purpose of this strategy boils down to a singular goal: “to ultimately keep our Nation safe.” The Intelligence Community (IC) is therefore charged with venturing out into the known and unknown, the safe and dangerous, to collect and analyze the “capabilities, activities, and intentions of states and non-state entities” with the ultimate goal of protecting U.S. national security. This information is used to identify trends and developments to better plan for issues that may arise in the future (Anticipatory Intelligence).

Without the information gathered IC, the safety of our country would quickly erode, falter, and crumble. It behooves the IC, then, to use whatever tools and solutions they can find to give them a competitive advantage in the global arena of information. Fognigma is such an advantage.

Where Does the IC Look?

Since all communication and online activity produces information, the IC has a vast landscape of information to scrutinize. One of the easiest ways to gather data about a group of people is to monitor and study social media. Ah, social media – those freeform beds of communication where people express their thoughts, wants, and observations, quite often with photos and video. Social media has created a culture wherein people feel the need to share everything. For the IC, this is a veritable feast of information.

intelligence community monitoring data

But it’s not that easy. For one thing, many regions and countries have their own social media platforms — often so government agencies can monitor their populace. An outside observer probably won’t be able (or want) to create an account or access another country’s social media — the data collection would be too overt and state-based social media platforms often block outside IP addresses. It would look bad (read: suspect), for example, for an account on a Russian social media site to have a U.S.-based IP address. Fognigma gives the IC many advantages to circumnavigate these issues. How? Well…

Fognigma Gives the IC an Advantage

There are quite a number of ways Fognigma supports the IC’s mission as spelled out in the 2019 National Intelligence Strategy. But first, a quick Fognigma primer. Fognigma is patented enterprise software that gives agencies the ability to create invisible and encrypted cloud-based networks built from strategically leased virtual machines. These networks are dynamically scalable and globally accessible from any desktop or mobile device, over any available public Internet connection. Once users connect to their Fognigma network, they have access to all sorts of communication and collaboration components, such as file share, telephony, video conferencing, chat messaging, and Virtual Desktops (VDI). [We’ll delve into these components more in just a bit.]

network with capabilities

Inside the Fognigma network, users exist in a safe space wrapped in cascading AES-256 encryption. They have access (based on their admin-defined permissions, of course) to the communication tools mentioned above. Fognigma networks and components are activated and destroyed with just a few mouse clicks. They are as persistent or temporary as needed or desired. And when a user leaves their Fognigma network and reaches out to the regular Internet, their IP address will match the specially created exit point from which they egress. That is, a user could join their network in Germany, leave through an exit point in the Middle East and appear (to anyone looking) to be a computer in the Middle East. Then, in an instant, switch exit points and suddenly appear to be a computer in Japan or anywhere else the Agency has set up an exit point.

Fognigma Gives the IC Another Advantage

VDI. The ability to launch a self-contained virtual computer from any standard computer is powerful in itself, but Fognigma VDIs have even more superpowers. Just like Fognigma exit points, VDIs are built on any cloud service provider (CSP) Fognigma is integrated with (as of this writing, 8 of the major CSPs world-wide). Also, just like a user can dynamically switch exit points, so can the end points of a VDI be switched without interrupting operations.

Fognigma Networks span the globe

VDIs are important to the IC’s Strategic Intelligence mission because they are self-contained entities which exist in the cloud yet manifest themselves on any regular computer. They make OSINT activities easier — agents can research any global Internet location (those aforementioned state-specific social media sites, blogs, forums, etc.) without the risk of compromising anything else about their mission or agency.

Fognigma VDIs take the self-contained nature of VDIs to the next level. Imagine if you collected some photographs and had them on a thumb drive. You want to transfer one of them to your VDI and use it in  your operations. With a Fognigma VDI, you can just drag it from the thumb drive to the VDI, without the host computer knowing the file moved across its circuits. So, if you had to make this transfer at, say, an Internet Café, you could do so without the Café’s computer ever having a record of the file transfer. No record equals no association which, of course, is key to covert IC operations.

To go back to the 2019 National Intelligence Strategy, more information allows the IC to better analyze the capabilities and activities of states and non-state entities to learn or extrapolate their intentions. But collecting information is just part of the Strategy; agents also need to safely disseminate said information. Fognigma is ready for that, too.

Fognigma Give the IC Even More Advantages

Briefly mentioned earlier, Fognigma hides various communication and collaboration components inside its encrypted web of invisibility. Agents have access to telephony, chat, and video conferencing tools. They can safely communicate with anyone they need to inside their organization and, using some additional Fognigma solutions, external to their organization — all without exposing their local network. Fognigma keeps intra- and inter-agency communications secure by utilizing containerized communication environments.

Also, to be effective, agents must work together while appearing to be physically separated. This is the other side of the communications coin — Fognigma’s tools allow agents to work together without actually knowing where each other is located. In fact, the whole construction of Fognigma ensures that a failure at one point of contact cannot compromise the entire system. As history shows, association amongst agents can lead to disaster. When an agency uses Fognigma to its full potential, this sort of disaster can be prevented.

Conclusions

In order to advance the directives of the 2019 National Intelligence Strategy, the IC needs to be free to gather information without exposing its true location and intent. It also must be able to communicate in a protected environment to analyze and evaluate said information. Fognigma provides a full toolbox of solutions to assist the IC in its mission to protect U.S. national security.

 

To learn more about how Fognigma can assist your agency or to schedule a demo and see for yourself, contact Dexter Edward today.