QNu Labs

Our products Armos(QKD) and Tropos(QRNG) are available to Governments and Defence through

Gem-logo

QOSMOS™ (Entropy as a Service)

QOSMOS™ (Entropy as a Service)

Quantum led security on AI PaaS

Quantum led security on AI PaaS

What is Qosmos™?

Qosmos™ is an Entropy as a Service (EaaS) offering that provides quantum random numbers as a simple web-based service. The random numbers that Qosmos™ provides is generated using quantum processes, ensuring the highest quality of randomness that any physical process can provide. Qosmos™ solves the entropy starvation problem of the network security layer, operating systems, embedded systems or at the network edge, providing a seamless upgrade from computational security posture to information provable security. The high throughput, low cost of upgradation and ease of integration with the existing set up makes this a very cost-effective and simple-to-deploy solution over the existing infrastructure.

Root of trust

The strength of an encryption key is tied very closely to how it is generated. This is called the “root of trust” and must be traceable to a trustworthy source. So, where do the encryption keys derive their root of trust from? To understand this, let us see a typical key generation process. Today, the seed generation algorithms are based on mathematics. There is an algorithm which takes some random input and provides a random output. The input is called the seed (which is a random number) and the output is called the key. Even if we give the same random number as the input, the key output changes according to the algorithm.

As we can see, everything boils down to the seed. If the seed is random, then the output will be random. This means that if there is no correlation between the input random numbers, then there will not be any correlation between the output keys. Hence, the first and most important step for key generation is a random seed.

Present scenario

Random numbers are normally generated by a reliable source. These days, Pseudo Random Number Generator (PRNG) are generally used to generate seed for key generation which is essentially a software-based algorithm.

There is also True Random Number Generator (TRNG), which uses hardware-based inputs to create random values. The noises from the physical processes like avalanche noise, thermal noise, or atmospheric noise are converted into electronic signals, and thereafter into digital signals to generate random bits.

Network security demands a solution that offers perfect randomness at a very high throughput but is not algorithmic in nature. QNu meets this demand for absolute randomness with its Qosmos™ offering.

Qosmos™

The Qosmos™ service provides quantum random numbers at the highest order to integrate with multiple applications such as web browser security, email, video conferencing, firewall, RMM, authentication, data backup & recovery, IoT, AI, ML, scientific simulations and many more. The Qosmos™architecture is designed to be scalable, provides load balancing, has an active-active failover, and can be deployed on a public or private cloud.

Qosmos™ implemented on Zeblok AI PaaS platform

QNu Labs has partnered with Zeblok Computational, a unique AI PaaS provider to provide MSP/MSSPs with Qosmos™, a robust cloud service for high-quality entropy at a high throughput, which complies with NIST recommendations. The solution uses Zeblok’s cloud native AI Platform-as-a-Service foundational utilities to provide the API runtime to easily integrate the Qosmos™ service with the external world.

Zeblok AI PaaS

The foundational utilities on the SaaS layer of the Zeblok AI PaaS accesses random numbers from Qosmos™ and provides these to client applications. Zeblok’s AI runtime environment provides APIs that can be easily integrated into various applications. The Qosmos™ server accesses the random number stream, which is signed, encrypted, timestamped and sent to the client application. Cloud native architecture is scalable and can include multiple servers.

Another important part of Zeblok AI PaaS is the dashboard. The dashboard is a GUI (Graphical User Interface) given as part of the platform to the MSP/MSSPs. It helps manage clients, track the usage of client, check the usage—thereby giving all kinds of usage statistics. The randomness of the numbers along with the health of the system is continuously monitored.

How it works?

To understand the access to Qosmos™, let us trace the steps the client should take to get the application up and running.

Quantum entropy device Tropos™ generates a continuous stream of random bits that are then fed to Qosmos™ within the foundational utilities of the SaaS layer of the Zeblok AI PaaS. Random numbers are then generated from this quantum source and transferred to the user’s model or applications via the Qosmos™ architecture.

  • Access to Qosmos™ in Zeblok containerized services.
  • The end applications use RESTful APIs over https protocol to access the random numbers and integrate them into the applications for usage along with the timestamp from NTP server. The usage of random numbers is noted in the dashboard as soon as the client requests access.

Security of random numbers

Each block of random numbers goes through NIST test suites on a continuous basis. The random numbers are available for serving only after they have passed through the NIST security suite.

How secure are quantum random numbers?

Hacking of random numbers is possible in two ways: first by being able to guess the next sequence that a random number generator will provide and second by tampering with the random source to make its output predictable. In the case of Qosmos™, both these methods do not work as the randomness is generated using a physical process that is immune to being tampered with. The random source is also maintained in a high-security sterile environment.

Tampering of stored random numbers is also avoided by using a mutual two-way authentication with client applications. There is no other access available to these random numbers in the Qosmos™ server.

Benefits of Qosmos™ EaaS
Mitigate Potential Attacks

▸ Message reply​
▸ Man-in-the-Middle​
▸ DNS Poisoning​

Multicloud Deployment

Flexibility to deploy composable foundational components of Zeblok AI PaaS within the MSSP’s data center or within third party cloud service providers like AWS, GCP, Azure or IBM.

NIST Reference Architecture

Qosmos™ uses NIST architecture to establish a standard way of accepting keys

Cloud Native, Scalable Architecture

Turnkey cloud native AI PaaS provides instant usability and seamless scalability, with flexibility to enable additional services

Quantum-Safe

The laws of quantum physics assures 100% randomness and cannot be predicted

Integration

Qosmos™ can be easily integrated into client architecture without any disruption and working as an additional layer providing the required security

Key Features & Capabilities

Randomness

Entropy is a measure of the randomness or unpredictability of information that’s collected by an operating system or application to use in generating cryptographic keys that require random data.

Encryption keys, and especially RSA keys, are at risk of compromise when using algorithmic random numbers. Many weak keys can efficiently be discovered and subsequently compromised by finding reused prime factors in a large data set. When a high level of entropy is used for key generation, the user data can be securely protected against attacks —both in transit over the network and at rest on storage devices.

Speed

Assures high throughput required for digital devices such as IoT, embedded systems, cloud, 5G and other applications.

Lack of Patterns

Qosmos™ provides steady supply of new information, free of patterns that hackers cannot predict and exploit.

Applications

The applications are transparent to random numbers required for security purposes. Any application that uses TLS will automatically get the random numbers via Qosmos™, through the TLS library. This way, no application needs to be changed to use random numbers.

Web Browser Security

The SSL handshake used in the https connection of a website will use digital certificates based on the PKI. Now, as the whole infrastructure is moving to TLS 1.3 for more security, the master secret key generated from client and server should be obtained from Qosmos™ for higher security. This essentially replaces the PRF (Pseudo Random Function), which generates deterministic randomness.

Encrypted E-Mail

Apart from using a https-encrypted tunnel, emails generally use a pair of public and private keys generated from the randomness of a system (key strokes, mouse movements etc.,). Instead, a TLS encryption based on Qosmos™ supported by email service providers can make the data exchange more secure.

Secure Video Conferencing

With video conferencing becoming a medium to share information, the security need also has increased. The introduction of random seed from Qosmos™ to generate initial authentication keys and then using Qosmos™ OTP for continuous authentication will provide added security

Firewall Security

PKI keys like RSA are created in the firewall to allow only authenticated user into the network. Firewalls do not typically have enough entropy to create unpredictable keys, which makes them vulnerable to attacks. Integrating Qosmos™ to generate the keys will increase security of firewalls by many folds.

Data Backup & Recovery​

Data at rest and motion are important for data backup and recovery. Qosmos™ can be used for continuous authentication for each data transfer to maintain the security in motion. Our clients have already adopted HSM or KMS for data at rest; their security will increase when they use Qosmos™ random numbers as seed to generate the keys.

Remote Monitoring & Management Software​

The RMM software continuously collects and monitors critical data logs from servers and desktops. Qosmos™ will help in generating OTP keys for present PKI keys used for encryption and continuous authentication for security between different data collection points.

Digital Signatures

Digital signatures are a crucial part of the PKI and with the increase in demand due to digital adoption, the randomness generated now has become deterministic. Integrating Qosmos™ to the present certificate-generation systems will increase the security and start the organization journey towards quantum-safe security.

Artificial Intelligence & Machine Learning

The learning speed of an AI or ML algorithm depends on the randomness of the data set. By using Qosmos™ random numbers, we can select random data elements from the whole set without any bias, thereby decreasing the learning time of the algorithm.

About
Zeblok

Zeblok has created an innovative, decentralized,scale-as-you-go, cloud-native Artificial Intelligence Platform-as-a-Service (AI PaaS), by providing composable foundational components, specializing in AI-HPC orchestration and an AI algorithm marketplace, which delivers a single unified preconfigured environment, with familiar frameworks and a growing library of curated AI algorithms, enabling enterprises of all sizes to build AI models and integrate them into mission-critical business processes from Core to Edge.