By Inside Products, Inc
What is the problem? And … how do we solve it?
With end-to-end encrypted protocols, the decryption key is typically available only to the endpoints. However, there is often a legitimate need to see the content of a network packet at locations along the communication path, in addition to at the endpoints. For example, a bank may need to view a network packet at multiple locations along the path to combat fraud. Having said that, it is imperative that any such visibility along the path is provided in a way that ensures security of the transmission, and in a way that ensures that unauthorized persons cannot view the network packet.
We use a different communications path that securely provides the visibility needed in end-to-end communications. Our separate parallel channel provides visibility into keys in transit to authorized individuals, without revealing such data to unauthorized parties. Our separate parallel channel is implemented using a secure group messaging architecture. Think of it as a WhatsApp group for your network equipment!
The separate parallel channel is implemented using unmodified Requests for Comments (RFCs) defined by the Internet Engineering Task Force (IETF). The protocols ars standardized and are able to interoperate with one another so as to provide the described benefits in many different contexts and environments, including the increasingly complex multi-vendor environments that characterize today’s networks. These standard protocols are created supported by some of the smartest people in the world — the participants of the IETF!
In addition to secure key management, our solution integrates all needed network equipment in the end-to-end connection across layers and protocols into a secure messaging group. In many modern network architectures, routes and even devices are dynamic. The evolution of Software Defined Networks, Infrastructure-as-a-Service, containers, and virtualization of nearly every component means that static networks are a historical relic. These advances, which may be implemented as cloud technologies, provide tremendous flexibility and scalability; however, they can also pose a challenge for security and problem diagnosis for both failures and performance degradation.
Our solution maintains security by implementing visibility into network communication via secure, scalable messaging groups based on a ratchet tree protocol so as to guarantee forward as well as post-compromise security. For more information, you may wish to read about the Message Layer Security (MLS) protocol as defined by the IETF.