This Israeli cyber security startup may have revolutionized how we transfer data
Data security has always been a cat and mouse game with each side trying to outwit the other. Up to this point, encryption has been the key, relying on cryptography and computing power to send coded transmissions from end to end. Most of the encryption technology that is in use today revolves around the same concepts that were developed 37 years ago with VPNs and PKIs.
Now a team in Be’er Sheva has announced a whole new way to send secure data, showing creativity not only in their approach to security, but also in their company name.
Founded in May, Secret Double Octopus (SDO) throws encryption out the door in favor of a cryptosystem that utilizes information theory. SDO is the brainchild of Chief Science Officer and Professor Shlomi Dolev and CTO Dr. Shimrit Tzur-David, who launched the company in May along with CEO Raz Rafaeli and VP R&D Chen Tetelman.
Putting theory into practice
The seven member team is a part of JVP’s Cyber Labs incubator near Ben Gurion University in Be’er Sheva. VP Marketing and Business Development Amit Rahav spoke with Geektime, saying that, “Be’er Sheva has grown from its desert city image to the must hit spot for nearly all security heads from around the world.”
In their lab, Dolev and Tzur-David started their work as academics attempting to answer a question. As they viewed it, encryption methods are unreliable for a number of reasons. First they say that attackers can manipulate standard encryption systems to interact with much less protected frameworks that leave them at risk.
Secondly, systems like PKIs rely on keys from both the sender and receiver of the information. These keys are essentially long lines of code that decode a message when the public and private keys match up. However they can be compromised, rendering the transmissions vulnerable. Finally, systems that use certificates can also be compromised if one of the holders has weak protections.
Dolev and Tzur-David turned to information theory and Adi Shamir’s secret sharing cryptosystem for a solution. They theorized that if encrypted data could be easily compromised by heavy duty computing power, then they would use Shamir’s method that was “crypt-analytically unbreakable.”
Rahav breaks down their process by explaining that if the data transmission is likely to be compromised, then the best way to send it is through multiple channels (like 3G, Wi-Fi, SMS, etc) as smaller chunks and then reforming it on the other side. As he explains, “It’s like running a letter through the shredder and then taping it back together later. Only if the receiver has all the parts of the letter can they understand what’s in the message.”
Essentially they want to deny a “man in the middle” or other attacker from accessing enough of information for it to be useful. Imagine the equation of 2a + 3b = 500. According to the team, even with the full weight of NSA’s data farms, it would simply be uncrackable due to a lack of enough data.
Simply put, Secret Double Octopus has come to divide and conquer the security industry.
Market targets and advantages
Uses for SDO’s technology would appear to be endless. There are however a few key areas where it could be particularly useful. First is in fintech where secure data transfer both internally and with customers is constantly under threat. Moreover, from the B2C angle, there is an additional challenge. Your bank goes through hoops to verify that you are really you, often using Two-Step verification like sending an SMS, which is also vulnerable. The flip side is that you do not have an easily accessible way to know that the message you just received is really from your bank. SDO’s method allows for sending multi-channel communications back to the bank as well.
Also, keeping the growing collection of IoT devices in your house working and secure is a challenge, with standard encryption failing to keep up with the necessary computational power. Removing the need for the keys could make these devices much more flexible and agile.
Their product line includes a communication gateway program, an SDK, and a client/app for installation on devices.
SDO’s approach to security has the potential to turn the industry on its head. It seems so simplistic that it might be hard to take seriously if the team and their JVP backers did not have such solid backgrounds.
In their marketing, the company is billing their solution as either complementary or in some cases a replacement to encryption. While this technology may bring some spectacular ideas, I am betting that nobody is ready to throw their current protections out the door yet. This product will likely begin to work its way in as security experts have their chance to suss out its own weaknesses.
Rahav cites SDO’s close ties with academia as being an essential element behind their development. Be’er Sheva has snuck up on the world of cyber security in the past few years, emerging with a bullpen that will be well worth watching as they continue to grow.
Featured Image Credit: Vittorio Bruno / Shutterstock