Q-Net Security (QNS) provides security by design. Even if the design is known to an attacker, secrecy is not compromised because of the randomly generated keys. This contrasts with systems that provide security by way of shared secret. These systems are often described as security-through-obscurity and are vulnerable if ever the shared secret is exposed. The QNS design is patented and installation requires only simple network understanding without any advanced cybersecurity knowledge. QNS devices are placed in-line and nearby the endpoints to be secured. No external key management is necessary. All keys are generated locally when they are needed. They can be set to be refreshed as frequently as every packet. Strong symmetric encryption is used to provide quantum compute-resistant security including strong authentication that includes non-repudiation. The QIO units work as a part of distributed firewall and provide true micro-segmentation. Network telemetry can be collected at the remote locations and may be processed to complement other tools for a full picture of the network health and activity. Once deployed, the QNS devices never need to be upgraded or patched.
QNS achieves superior security through a hardware security barrier that incorporates the True Random Number Generator (TRNG) delivering up to one million keys per second to enable packet-level encryption, where each packet or transaction can have a unique and truly random key. This is known as a Derived Unique Key Per Transaction (DUKPT) scheme. In this scheme, if a single key is compromised, both future and past transactions are still protected. The QNS key management scheme monitors key entropy continuously to assure its randomness. This permits industry-leading, secure communications anywhere, even over public links including LTE and the Internet. The QNS approach removes all opportunities for an attacker to ever discover a security key, thereby thwarting many internal exploits as well as remote attacks.
This hardware-based solution offers superior security, yet it is fast and easy to deploy. The in-line hardware I/O elements (QIOs) are small devices that secure precious data flowing between every endpoint in a network. Complete security is built directly into each QIO’s silicon. Creating security directly in silicon avoids the use of vulnerable software and/or Operating Systems which are both stored program-based. The heart of a general-purpose processor is its set of stored programs, which require frequent updates to patch newly discovered security flaws.
The core of the hardware-enabled solution is AES encryption (using 256-bit keys) and a novel symmetric Just-in-time Key (JitKey) distribution that can provide a unique random key for each packet. The keys are not discoverable by man or machine and require no active key management or key filling. There are no secret algorithms; everything about the QIO is assumed to be public knowledge yet the chances of cracking a JitKey packet are infinitesimal. Compromising a single data packet provides no information to assist in cracking the next. While each packet is encrypted using different keys, transmission efficiency is very high (greater than 97% throughput).