Kryptera’s High Speed
Mass Encryption of Files

Robert Masse, Montreal partner at Deloitte's Enterprise Risk Services, recently commented that cyberattacks “are always happening and the level of impact is increasing. The gravity of each breach is getting more important.... You basically have to swallow your pride and say: “We're going to get hacked no matter what.”

Six months later, Deloitte was indeed hacked.

In this introduction, we review how and why the current state of cybersecurity leaves all governments, corporations and organizations vulnerable to high level attacks.

We describe the ways Kryptera can offer enterprises the industry's first foolproof file protection in the event of a network breach by cybercriminals. It describes how our Kryptera Enterprise and Mirage server products are initially set up and installed on a network, how they rapidly mass encrypt and decrypt files, and directories of files, without the need for passwords and external private keys, and how they can automatically backup encrypted files to a secure user space.

We also demonstrate how Kryptera's speed and efficiency, highly-secure encryption, secure backup, and strict protocols can save the organization from the worst effects of cybercrime. We cannot guarantee freedom from hacking, but we guarantee that Kryptera cyphertext is immune to private key breakage. Kryptera cyphertext cannot be decrypted in the wild.

The Problems Kryptera Solves

Kryptera technology solves a major cybersecurity problem for the modern organization where "protection" often means relying on risky key management systems to encrypt and decrypt files.

KMCycle

Most encryption today is done at the single file level. Each encrypted file has a key. Some companies have to manage millions of keys and passwords in a variety of formats and key management systems (KMS).

Inefficient Key Management

Today’s software key management using the Advanced Encryption Standard (AES) NIST standard is notoriously slow. AES-NI encryption on a chip (Intel, AMD, Broadwell and others) gives decent speed, but it is still largely used for one at a time encryption, and there are dangers of leakage of passwords with a KMS.

Kryptera Plays Nice with AES

Kryptera is an ideal encryption tool where NIST compliance is not necessary.

It’s important to contrast Kryptera with AES. The two approaches are radically different. AES is a global standard that benefits the open Web. We fully realize the importance of NIST compliance, in the domain of the Internet, publicly available files, secure connections and more. AES-NI, or AES on a chip, is very useful, and fast, but most often used for one-file at a time encryption.

We specifically designed Kryptera as a stand alone high speed multi-file encryption tool to be used for private files only, those not exposed to the Internet. This means that NIST approval of our technology is not required or desired. That does not mean that Kryptera cannot operate alongside AES.

With some exceptions, AES must be used with a Key Management System, and follow a complicated KMS lifecycle that includes the use of passwords.

With Kryptera, the server is the key. And Kryptera can handle many files at a time.

Kryptera's Mass Encryption Features

The hassles and costs of managing the KMS lifecycle contributes to the fact that vulnerable organizations are only only encrypting 10% of their digital assets - a dangerous state of affairs, seeing that almost 60% of dangerous hacks now come from within.

Kryptera's breakthrough technology does away with KMS hassles with its high speed mass encryption algorithm, and two server products – Kryptera Enterprise (scalable) and Kryptera Mirage (very high speed, for encrypting very large files such as videos or database backups).

Current encryption technologies are time consuming and complicated, and in the end, inadequate.

Kryptera's groundbreaking advance lets clients quickly and efficiently mass encrypt private files, and directories of private files, without the use of external private keys or passwords. Kryptera is a tool that can encrypts or decrypts large numbers of files and directories of files at a time. VaultKey

Kryptera also incorporates a feature to automatically backup encrypted files to user space on the Kryptera server products. This feature is disabled by default, and can be easily enabled by a client system administer who will assume responsibility for Kryptera.

Client-selected users can also utilize this user space to store file backups. This is safe RAID storage that can be accessed by using SFTP or SCP through a secure communication channel. This storage space cannot be mounted as a networked drive, and cannot be touched by ransomware or other malware.

Persistent Software Vulnerabilities

VulnerabilitiesPiChart

The most dangerous cybercrime threats today come from highly sophisticated gangs, state sponsored hackers, and cyber terrorists, who relentlessly monitor governments, corporations and organizations.

Enterprises may spend millions of dollars on securing their servers, but they still run the daily risk of running software that can be compromised.

Attackers will either introduce faults into the code bases, or discover the faults. Once this happens, sites are quickly compromised. And because most sites use client and server side scripts, the attackers have the privileges to run commands on the client that could fully compromise the server, and all servers that are connected. Most sites fail to safeguard command line extraction of their site software and resources. Many also rely on open source products that attackers also use to determine weaknesses to use for attacks.

It is becoming increasingly clear that advanced network monitoring solutions are not enough to fully protect the private files of the enterprise from cybercrime. Skilled attackers have created an endless whack-a-mole situation. New web sites pop up daily. It's nearly impossible to keep filters up to date, as malware writers continually modify their attacks to detect and fool network protection that they also install on their test servers.

Other touted safe havens such as security in the public cloud, in blockchain technologies and in AI and machine learning also show major vulnerabilities.

Some have put their faith in future quantum computing to protect organizations from cybercrime, but we can demonstrate that quantum protection clearly cannot match Kryptera’s algorithmic approach.

We are also convinced that even traditional symmetric encryption standards are no longer secure, and that smaller symmetric keys can be broken.

We argue that foolproof protection can ONLY be accomplished by the use of unbreakable encryption, combined with ongoing backup of files to a non-networked storage, behind a firewall, and by strict protocols. This is the solution that we are now offering enterprises with Kryptera.

Custom Builds

The Kryptera Enterprise Server encryption algorithm is highly scalable. Clients will be able to license custom builds of Kryptera that are unique to their organization. This option will only be available until further customization proves unfeasible. Kryptera Mirage has far less latitude to be customized, but is built to handle very large files efficiently and quickly.

Hierachical or Secure Node

The Kryptera Enterprise and Mirage products lines can be created to support hierachical utilization within an organization, or can be created to support secure nodes.

Hierachical by Default

An example of hierachical utilization is to envision a simple organization that has several divisions, all reporting to a single level of upper management. Each division would make use of a Kryptera server to mass encrypt and decrypt files, including files within complex directory chains, without reliance on key management solutions. The division that encrypted a file can decrypt that file. No files encrypted by one divison could be decrypted by another division. Upper management could also utilize a Kryptera server to mass encrypt and decrypt files, including files within complex directory chains, where they alone could decrypt files they encrypt. The Kryptera server used by upper management could be updated to allow it to be used to decrypt files from each division that reports to it. This design can be extended to as many layers as needed. This is an early design feature of our products lines, and is enabled by default.

Secure Nodes

Envision a Kryptera secure node server located in several remote locations, such as Toronto, New York and Beersheba. A file, files, or directory of files, encrypted by any secure node in the group can be decrypted by any secure node in the group, without reliance on key management solutions. No Kryptera server outside of this secure node group can decrypt any files encrypted by any secure node in the group.

Customization

We are open to working with clients to assist in the development of custom uses of our technology. For example, we could help develop secure node communications between end points, where encrypted traffic can be restricted to secure nodes within a select group. As with our Enterprise and Mirage secure node technology, use could be from office to office, office to ship, office to air, ship to ship, ship to air, air to air, remote to office, etc. Secure nodes can be set up for groups of two or more nodes, where there is no upper limit on nodes within a group, and no upper limit on supported secure nodes.

How Does Kryptera Work?

Kryptera is a Linux service (daemon) that is deployed on a standalone server or networked appliance.

Kryptera does not communicate across the network, and is configured to provide extremely limited access to the server.

The Kryptera product line uses private key sizes that are larger than symmetric keys used by AES. We do this because of the architecture of our products and not because it is necessarily more secure than smaller key sizes. Our key sizes are mathematically determined.
Rack

Kryptera's Random Number Generator (RNG) has been proven to generate extremely high quality random numbers. The Kryptera product lines primarily rely on randomly generated numbers to create private keys used to encrypt and decrypt files.

The Kryptera Enterprise product line utilizes a modern take on an ancient encryption algorithm. The ancient algorithm pre-dates computers by several hundred years and has never been refactored to bring it up to date. It has been thoroughly discussed in many textbooks, papers, articles and courses, where it has been mathematically proven to work, yet dismissed as insecure.

Our approach derives entirely from original research that resulted in the Kryptera Theo algorithm. We had no prior knowledge of the ancient algorithm, and were able to have a clean start by creating a unique personal challenge to solve using custom computer software. We solved our problem in a manner that has been proven to be mathematically sound, highly secure, and customizable. After comparing equations, then developing software to test both algorithms, we have proven that Theo is truly a modern, extremely secure take on an ancient algorithm.

The Theo algorithm is used within the Kryptera Mirage product line, but the primary algorithms used to encrypt and decrypt files were invented and created specifically for Mirage to achieve extremely high speed results. The Mirage algorithms have been proven to be mathematically sound, and are highly secure.

Speed and Stability Testing

The speed and efficiency of Kryptera’s Mirage technology was tested and validated with the help of CENGN – Canada's Centre of Excellence in Next Generation Networks, during the month of August 2018.

Kryptera Mirage validated its blazing speed and efficiency in processing extremely large files, and directories of files.

Our fastest server-side processing time for Kryptera Mirage was 1.63 billion bytes/second when decrypting 12 25 GB files.

Our fastest server-side processing time for Kryptera Enterprise was 885.8 million bytes/second when encrypting 2,050 150 MB files.

Processing speed directly relates to the impact of processor core heat during processing, which can be minimized through use of liquid cooling. Fan cooling was used for the tests, where fans were operating at their maximum speed of 12,000 RPM.

The fastest client-server processing time for Kryptera Mirage was 482.5 million bytes/second when encrypting 1,000 100 MB files.

This speed was calculated from the start of file transfer to the server, during wait for processing to complete, transfer of the file from the server, and deletion of the file on the server after retrieval was complete.

We also tested the processing speed of standard AES-NI encryption using OpenSSL on the server. It reached a maximum speed of 419 million bytes/second when encrypting a single 5 GB file.

For further details at CENGN and for further technical details.

If you need more detailed information about Kryptera please contact us today.

Follow our Twitter feed @krypteratweets