SmokeNet Technologies and Features
Moving Target Defense
One of the key technologies SmokeNet uses is “hopping”. After the first patents were filed, the Department of Homeland Security identified the technology as a type of Moving Target Defense or MTD. This is a broad term used anytime movement of assets, in this case data, is used to hide those assets. SmokeNet uses port, subnet, and physical network changes to hide data in the network. Port hopping or changes are always used.
To target data for a cybersecurity attack, you need to know the originating port (think port 80 when you go to a website) and the target’s IP address. SmokeNet constantly changes that originating port. This port is also unknown. Ports are selected at random and only the two sides know what these ports are, making it impossible to guess the next change. This is done without any noticeable change in network performance.
The Vernam Cipher is an uncrackable encryption technique that was first patented and documented over 100 years ago in 1918. It was used during WWI and is still used to this day for manual encryption of information. This encryption has not been available for general purpose networking prior.
What this provides for SmokeNet is encrypted data that, even if some of it is found in the network, is not crackable by any means. The Vernam Cipher creates an uncrackable problem. The proof for a Vernam Cipher is quite simple: X + Y = Z. Where X is the data, Y is the random information and Z is the encrypted data. If you keep X and Y hidden, there is no way to solve for Z. This means even if your data is recorded in a mass collection of data, there will be no way to decrypt it.
One way SmokeNet hides your data is using a tunnel that employs Moving Target Defense with port hopping. The ports are constantly changing making your datastream invisible to anyone trying to locate the tunnel in the network. When you use the Internet directly from the SmokeNet network, your data is mingled with that of other users, making it truly anonymous.
Zero Network Vulnerabilities
SmokeNet is the first known IP networking technology to achieve this feat. This level of security was discovered during an official Red Team assessment – a military grade test to try to break into the network – done at the request of USAF CyberWorx. The test was repeated with a different tester but their results were the same.
All attacks need to know the originating port. Because SmokeNet uses Moving Target Defense with ports that are unknown to bad actors on the Internet, there is no way to start an attack. This is a critical feature and why SmokeNet is a credible solution for Streaming Encryption using a Vernam Cipher.
For Zero Trust Architecture, it is critical to remove trust in the public Internet. At the same time, the public Internet provides a ubiquitous, cost effective utility for networking. SmokeNet allows this utilization of this public infrastructure while directly removing the trust in using the mostly insecure protocols. SmokeNet networks provide Zero Trust Private Networks inside the public Internet or shared IP network. Even on a private line network, SmokeNet removes the concern of carrier employees stealing your data.
SmokeNet, because it has zero network vulnerabilities, is foundational to any Zero Trust Architecture.
Network Edge Threats Removed
The removal of threats extends all the way to the network edge. This is another benefit of Moving Target Defense and Port Hopping. Even the SmokeNet switches, routers, and gateways do not reveal what they are actually doing. Scanning a SmokeNet core network device yields zero information about how the network is configured at any time as the SmokeNet network is being constantly reconfigured. On each edge, an absolute firewall is put in place that only allows SmokeNet traffic to pass. There is simply no way to penetrate the SmokeNet Zero Trust Private Network.
Remote Workers and Private Home Users
The removal of all threats on the network and its edge provides complete security for data in motion from homes and remote locations. With the SmokeNet Access Point (SNAP) devices, you can be assured that you are not only protected from the local network, but other devices on that network.
At home, this includes all of your “Smart” devices. These are a launching pad for attacks if they are breached. If you are directly connected to the same wireless or wired network, you are extremely vulnerable. Operating systems consider this a “safe” network when, in today’s world, it really is not any more. SmokeNet isolates connected devices from the tainted, local network.
At remote locations, like a coffee shop, things get even worse. You have devices being directed by other users who may be looking to probe your device(s). Your device is going to consider this a “safe” environment yet it is anything but. With a SNAP1 plugged into a device’s USB port, SmokeNet isolates the user from the remote, public Internet Access network. Your data is backhauled to a safe location and processed through a remote firewall completely hiding your location and anonymizing your data as well.
SmokeNet does not use software on a user device to do encryption. The encryption is done on a separate device the user has no access to. This ensures there is no way to Spear Phish like there is with Software VPN solutions. Doing encryption on a separate device is a recommendation for Zero Trust Architecture. This is the way the US military separates encryption responsibility for its most critical needs.
For employees working remotely to be cybersecure, SmokeNet is a must.
One of the largest cybersecurity issues and a point of many Spear Phishing attacks is to obtain a user’s or cloud resource’s VPN encryption key. Once that is obtained, cybersecurity is breached and all data is exposed. These keys are very small and easy to send over the Internet if the user or Systems Administrator is convinced to do so. This turns out to be easier than one might think when up against a skilled adversary.
SmokeNet uses Streaming Encryption with a Vernam Cipher. Encryption is done through a virtually never ending stream of random data. This pool of random data is cached well in advance of encryption so it is offset in time and, with the port and potentially network hopping, space (virtual and/or physical). There is no key to steal and the encryption is isolated on its own device that that user cannot access. This is a critical consideration and recommendation for Zero Trust Architecture. Having short keys that can be accessed is simply not reasonable for a true Zero Trust solution.
Pending Quantum Threat
One of the biggest concerns when it comes to encryption is the pending Quantum Computer Threat. There is a lot of misinformation on the safety of the pending Quantum Resistant algorithms. The work on the post Quantum algorithms predates the US recommendation to move to Zero Trust Architecture as a means of a greater movement to real cyberdefense. In short, those post quantum algorithms use the same short keys that can be stolen and are designed to run natively on devices in software. They are extremely vulnerable. The Post Quantum Encryption Algorithms are simply not following Zero Trust recommendations when it comes to encryption.
A quantum computer is dangerous because anyone can rent time on one and, theoretically, decrypt data using a standard Quantum algorithm that is well understood. Moreover, the bad actor will get the encryption key(s) very, very quickly without any risk of contact.
It should be becoming clear that the Post Quantum algorithms that were dreamed up nearly a decade ago are not going to be secure and will not move the needle with the key theft issue. SmokeNet, on the other hand, will not only resist the power of a Quantum Computer, it is completely impervious to it. A Vernam Cipher, the encryption method used by SmokeNet, creates an unsolvable problem. A quantum computer, no matter how powerful, cannot break the basic rules of math. It will be unable to solve an unsolvable problem. This makes SmokeNet not simply resistant to quantum computers; it makes it Quantum Proof. It is again, well thought out, complete, proactive protection from this looming threat.
SmokeNet Is a Foundational Zero Trust Technology
Zero Trust cybersecurity is a philosophy which, simply put, prescribes that we do not trust elements in our digital ecosystems. This includes private networks, the Internet, devices, people and anything else that engages with the base private network. What is just now being discovered is that Spear Phishing for a VPN key is not that difficult for a determined actor. We also know that the Internet was turned over to the public with little concern for cybersecurity. On top of this, laws were passed and systems created to collect or farm data under the guise of law enforcement. Based on the fact Zero Trust was born in 2002-2004, it seems the original methods, which clearly have left us less secure, were to be set aside for Zero Trust Architecture. That did not happen. Instead, we got the Patriot Act which removed the need for legal oversight when collecting this data and the Snowden leaks which revealed that the NSA had been working with industry to create intentional back doors along with the methods for collecting data. This has led to Ransom attacks and showed how to successfully “spear phish” to get encryption keys among other critical security information.
SmokeNet removes all the current network vulnerabilities. Spear Phishing is pointless as there is no key to steal. SmokeNet is foundational for anyone’s Zero Trust Architecture. It removes Trust in the Public Internet.