©KOOLSPAN | Confidential and Proprietary Secure Communications Secured by TrustChip ® Encryption...

transcript

©KOOLSPAN | Confidential and Proprietary

Secure CommunicationsSecured by TrustChip® Encryption Engine

KoolSpan – Samsung S-1 Corp. (SafeTalk)

KoolSpan – SafeTalkComo estan protegiendo sus comunicaciones mas sensibles?

• Viajes al exterior (Monitoreo por parte de Gobiernos de cada pais)

• Movimiento Ejecutivo/Proteccion

• Despliegue de personal / Activos

• Postura de Seguridad Física

• Proteccion de data confidencial

• Cumplimientos Regulatorios Cumplimiento (HIPAA, SOX, FISMA, GLBA, Dodd-Frank Act)

• Politicas de Comunica Internas

• Informacion Clasificada

Many Attack Vectors

Operator A Operator B

Access atNetwork FacilityTower

Spoofing

IllegalMonitoring

Unwanted Surveillanceby a Foreign Government

Hacker Exploit of Lawful Call Monitoring Taps

3rd Party Application Exploits

Secure Data (TrustBox)

TrustText – Secure SMSTrustCall – Secure Voice

xI843tT 2Wz

8+/p #@RBvc

Trusted Apps – Chat, Video (TDK) etc.

Trust Satellite

Suite de Productos

Trusted Platform

• TrustChip® siendo la columna vertebral a traves de proteccion de hardware micro-SD

• Voz Segura, Texto y data a estandares FIPS 140-2

• Trabaja con 2G, 3G, 4G and LTE

• Funciona entre diferentes Carriers (GSM or CDMA)

• Alcance Global: En mas de 150 paises

• TrustSuite = TrustCall, TrustText, TrustBox (data)

• Llamada se convierte en VOIP (data) = Ahorros Significantes ***

S-1 trabaja con Koolspan para proveer cifradoextremo a extremo de Voz, Texto y Data

Encriptado movil de voz, texto y transferencia de data (archivos) de extremo a extremo utilizando smartphones via GSM y Wi-Fi para BlackBerry, Android y iPhone

TrustCall Ecosystem

TrustBridge PBX

Android, Blackberry

or IOS Smart Phone

TrustRelay

Internet

TrustCall Desk

Any Enterprise Phone

Android, Blackberry

or IOS Smart Phone

TrustCall Desk

EnterpriseNetwork

TrustCall PC

KoolSpan Background- Oficinas Corporativas en Area de Washington, DC

- Fundada in 2003

• 16 Patentes, 32 Pendientes

• NIST / FIPS 140-2 Solution Set

• Clientes de Gobierno y Comercial

• Clientes en mas de 60 Countries

• Soluciones Robustas y con varios Premios de Industria

• Mencionado en libros de espionaje y accion

ComponentesTrustChip®

Data StorageNAND Flash

CPUMemory S

CryptoEngine

KoolSpanFirmware

Hardened 32-bit

Processor

SecureKey

Storage

microSD“Mobile Encryption Engine”

• Hardened, self-contained security

• No puede ser reprogramado

• Todo en uno - autenticacion, adminsisttracion de claves y encriptado

• Soporte Multi-applicativo

• Puede ser Administrado Remotamente

• Compatibilidad amplia, microSD (USB con adaptador)

• Claves invulnerables al “rooting” del telefono

©KOOLSPAN | Confidential and Proprietary9

Call Notificatio

Management Notification & Communications

Call Communications

TrustCall Call Set Up

Call Set UpDevice Discovery

Carrier Network or WiFi Initiation

Core TrustChip functions:– Add TrustGroup Installs new TrustGroup into a TrustChip– Remove TrustGroup Deletes TrustGroup from a TrustChip– Password Reset a user’s TrustChip password/PIN– Stun Temporarily disable a TrustChip– Destroy Keymatter “zeroized”, TrustChip inoperable

• Enterprise or MSS Server

• Encrypted, Remote, OTA Management

• Manages keys, users and application config

• Each transaction uniquely encrypted/sequenced to specific TrustChip – Replay Attack protection

• All transactions have complete feedback loop

Remote Key Management/Enterprise Management:TrustCenter™

Two Factor Authentication- Algo que tiene: El TrustChip- Algo que sabe: PIN/Password hasta 120

Caracteres

TrustChip puede ser bloqueado- TrustChip <-> SIM- TrustChip <-> Dispositivo

TrustChip puede ser Inactivado/Destruido Remotamente

Caracteristicas de Administracion de Seguridad : TrustChip™

SeniorStaff

EncryptedKey

Storage

TrustGroups® enable Communities of Interest (COI) to communicate securely

TrustGroups® are…• Collections of 1,024 256-bit Symmetric Keys• Shared by all TrustGroup members• Used for authentication • Securely loaded OTA by TrustCenter• Never exposed outside TrustChip during use• Each TrustChip can support 45 TrustGroups• There is no implied trust between groups

ProposalTeam

ProjectX

DoD-FBI

FBI-NYPD

KoolSpan All

Fireteam2

Remote Key Management/Enterprise Management:TrustGroups®

Use of Multiple TrustGroups® for Secure Voice

UniversalTrustGroup

Operations

Executive

AliceSr. VP

CarlosPartner

UniversalTrustGroup

BobDirector

Operations

Universal TrustGroup

UniversalTrustGroup

Information Systems

Executive

DaveVP

• IP-based (Carrier Networks, Wi-Fi, SATCOM (IP)

• Carrier-Grade: Official Secure Voice for AT&T (Encrypted Mobile Voice)

• Cross-Carrier: GSM (AT&T, T-Mobile, INTNL), CDMA (VZW, Sprint)

• Cross-Platform: Blackberry, Android (Various), iPhone (Q3/4)

• Hardware-Anchor: Defendable TrustChip Engine

• Low Profile: Standard Devices, Simple App, Discreet Chip

• Easy Management: Remote OTA (TrustCenter)

• Scalable/Flexible/COI Focus: (TrustGroups)

• Rapid Deployment: Relay Server

• SBU-Grade: AES-256 Encryption (FIPS 140-2)

• Peer-to-Peer: Seamless Encryption

TrustCall Secure Voice

Low bandwidth consumption◦ Approximately 16Kbps, full duplex

◦ 100 minutes of calling uses about 23.4MB of data

◦ Designed to support GSM Edge network bandwidth capabilities

Low power consumption◦ Only connects to relay server during calls

Proprietary VoIP Gateway/relay server◦ Very low overhead

◦ SMS/KNS used for call setup/peer call request

TrustCall Secure Voice

Cellular Operator Network/Internet

Secure Voice<<UDP>>

Secure VoIP Bridge- Call Set up- Notification

Service

Internal EnterpriseNetwork

SIP/RTP

TrustBridgeEnable Secure Mobile to Desktop conversations PBX

Integration

TrustChip Encrypted File Transfer

TrustGroups are granted and revoked

Universal TrustGroupMobile TrustGroup

TrustChip RoadmapWhere We’re at…Where We’re Going

iPhone 4/4s and 5/5s: Jan 2013 - Launched

◦ Protective sleeve with an SD Card slot TrustBridge: Mar 2013 - Launched

◦ Enable secure Mobile to Enterprise conversations TrustText for iPhone: Q1 2014 – End of February

◦ Compatible with Blackberry and Android TrustBox: Q1 2014 – Beta now, End of February Launch

◦ Sending of encrypted attachments (file transfer and DAR) TrustCall PC: End of Q1 2014

◦ Laptops, tablets, PC and desktop phone PKI Integration (Soft Certificates/HSPD-12): Q1 2014 TrustChip App Validation/Root of Trust: Q1/2 2014

• Eliminate Smart Card Readers: PKI functionality organic to the TrustChip

• Low Profile: No sleds, sleeves or smart cards exposed from the device

• Hybrid Key Usage: PKI for authentication, TrustGroups for encryption

• Standards Based PKI: Hardware protected derived credentials

• Certificate Security: Certificates invulnerable to jailbreaking or phone rooting

• Remote Management: Add or remove PKI certificates via the TrustCenter

• Compatibility: Ability to perform PKCS#11 and PKCS#7 operations

• TrustAPI: Exposes PKCS#7, PKCS#12 and PKCS#15 drivers

• PKI Middleware: Open SSL standards-based crypto, standard crypto libraries

• Next Step: TrustChip w/Smartcard integrated circuit – Local loading of certs

TrustChip PKI Evolution

• App Challenge and Response: Mutual authentication between TrustChip and apps to

verify and validate that the TrustChip is present and is the correct device, and that

individual apps are intact and have not been modified or tampered.

• Application Code Signing: TrustChip will serve as an anchor and secure repository for

code/application signatures, allowing for the applications to self-validate or for

management applications to invoke validation via application signature.

• Trusted Application Installation: Application installation system in which application

packages are encrypted and wrapped with a special installation package that will only

allow the application to be installed if the device has a TrustChip with the appropriate

TrustGroup.

Root of Trust – Application SecurityHardware Anchor for Mobile Applications

Simple set of API's and samples that allow for rapid TrustChip application development

Integrated with application as “application layer device driver”

Bilateral Protocol – Encrypted live sessions for two TrustChips

Unilateral Protocol – Encrypted data streaming (such as multicast) or file storage

Binaries licensed for redistribution

“Crypto-Enabling” AppsTrustAPI - TrustChip® Developer Kit (TDK)

Provides FIPS crypto for:

• Android J2SE+Native

• BlackBerry OS

• Win32/J2SE+Native

• Linux

• MAC OS

• Windows Mobile/Phone

Suite B Algorithms added to TrustAPI

TrustChip PKI Support using soft certificates deployed OTA from TrustCenter

Next Generation TrustChip with integratedsmartcard

“Derived credential” – NIST FIPS 800-157

FIPS+EAL TrustChip

Today – FIPS 140-2 Level 1

2013-Q2 Q3Q22014-Q1Q42013-Q3 Q4

SuiteB

FIPS 140-2 Level 3 of current TrustChipSuite

TrustChip PKI Evolution - Roadmap

TrustChip Dispositivos Samsung Aprobados

Galaxy S2 (I9100) Galaxy S2 (I777)

Note (N7000)

Galaxy S3 (I747)

Galaxy S3 (I9300)

Galaxy S4

Y demas dispositivos Samsung con MicroSD slot

Android Secure VoiceSelectContact

Choose “Secure”Or “Normal” Call Connected!Incoming

Call Authenticating

Android TrustText – Secure SMS

Launch TrustText App Reply Received

Choose Contact

Type MessageMessage Sent

©KOOLSPAN | Confidential and Proprietary Secure Communications Secured by TrustChip ® Encryption...

Documents