Foto: Shutterstock

Cyber security: spin-out makes data immune

Systems and data security Information technology

IT security firm Cybercrypt turns the question of cyber security upside down and focuses on only protecting the most critical data: the secret encryption keys.  

If a king wants to keep his crown jewels safe, he builds a moat around his castle to keep enemies at bay.

In the same way, common antivirus programs try to close all of the hackers’ entry points into a given system. But as we connect more and more devices such as intelligent drones, coffee makers, and wind turbines to the Internet, we create entries for hackers who can take control of the devices or use them as a rear entrance to the computers with which the devices are connected.

The DTU spin-out Cybercrypt has built its business on this phenomenon.      

Unlike other suppliers of anti-virus programs, Cybercrypt does not protect computer networks against all hacker attacks. On the contrary, the company focuses on protecting individual devices locally by making the core data of the devices immune to cyber-attacks.

Attack surface grows

The need to protect devices connected to the Internet is growing. In addition to telephones and computers, there are allegedly between six and eight billion devices currently on the Internet of Things. This number may well increase to 30 billion by 2020, several analyses find.

“Our systems are becoming increasingly complex with more digitized parts, making the attack surface greater for hackers. A modern car, for example, has hundreds of microchips which are connected to each other and the outside world. The same applies at home, where smartphones, computers, speakers and refrigerators are connected to the Internet. All these devices can be hacked, so the need for a solution that can protect them individually will only become bigger,” says founder of Cybercrypt, Associate Professor Andrey Bogdanov, DTU Compute.

The main idea in cyber security is to defend against all threats. Cybercrypt does the opposite.

Since hackers today have so many entryways into a system that it is almost impossible to guard each port, the company’s system only protects the most important data in the individual devices. Peter Jerry Sørensen, Chief Commercial Officer in Cybercrypt, says:

“Our technology protects the core of the system with many layers of encryption. So even if a hacker for instance penetrates the company’s server, he or she may still not gain access to the company’s core data.”

"In 2016, 357 million new variants of malware were sent out."
Source: The Global Risk Report 2018

Core data is the secret keys used to unlock an encryption. All intelligent systems are locked with an encryption to ensure that only those with rights to the devices can use them.

“The core of cyber security is cryptography, and the basis of all encryption is a secret key, which is therefore the most important thing to protect,” says Andrey Bogdanov.

Several large companies have already shown an interest in protecting their units with Cybercrypt’s solution.

The Japanese IT giant Sony will use the technology in the company’s products and, in return, the company has been involved in the development of Cybercrypt’s solution. And the people behind one of the world’s largest cryptocurrencies, IOTA, has recently signed on as a customer.

The art of hiding information

Encryption is used everywhere on the Internet to prevent unauthorized access to digital information.

“All encryption algorithms run on a physical system such as a server, a telephone or an Internet of Things device. Inside the encryption algorithms, the decryption key is hidden somewhere deep in the CPU (the central processor of the computer or device, ed.). Even if the encryption algorithm itself cannot be broken, you can hack into the machines that run the algorithm, and then you can access the key,” says Andrey Bogdanov.

The encryption algorithm is often locked inside the software of a unit in a virtual black box of sorts, so you cannot read the secret key located somewhere in the system’s long strings of code. The so-called ‘black box’ technology may, however, be broken if a hacker finds a security flaw in the code which is unknown to the programmer.

In contrast to this form of encryption, Cybercrypt’s cyber-immunotechnology takes apart the secret key, since the company’s encryption software is based on the opposite—that is, a ‘white box’ technology.

The difference is that hackers can look into the system and read the encryption algorithm from the outside, but the algorithm itself has been encrypted with a sophisticated mathematical formula, so the secret key can never be found in one continuous place in the text.

It is divided into hundreds of small bites, so you cannot pull out the key, says Peter Jerry Sørensen:

“It’s really a game of resources because there’s no technology that is 100% unbreakable. But imagine we’re in a castle. Even if a hacker manages to swim across the moat and enter the castle, our technology has hidden the king’s crown jewels in a security box consisting of many layers of protection. It requires an incredible amount of resources in the form of time, knowledge, and finances, which few are willing to sacrifice.”

Cyber security theme

 Photo: Shutterstock  

 

Vulnerability can be turned into an advantage

 Photo: Shutterstock  

 

The best defence is a flexible organization

 Photo: Shutterstock  

 

New method to boost efficiency of quantum cryptography

 Photo: Colourbox  

 

New hacker lab aims to improve security on the internet