Qosmos™ is an Entropy as a Service (EaaS) offering that provides quantum random numbers as a simple web-based service. The random numbers that Qosmos™ provides is generated using quantum processes, ensuring the highest quality of randomness that any physical process can provide. Qosmos™ solves the entropy starvation problem of the network security layer, operating systems, embedded systems or at the network edge, providing a seamless upgrade from computational security posture to information provable security. The high throughput, low cost of upgradation and ease of integration with the existing set up makes this a very cost-effective and simple-to-deploy solution over the existing infrastructure.
The strength of an encryption key is tied very closely to how it is generated. This is called the “root of trust” and must be traceable to a trustworthy source. So, where do the encryption keys derive their root of trust from? To understand this, let us see a typical key generation process. Today, the seed generation algorithms are based on mathematics. There is an algorithm which takes some random input and provides a random output. The input is called the seed (which is a random number) and the output is called the key. Even if we give the same random number as the input, the key output changes according to the algorithm.
As we can see, everything boils down to the seed. If the seed is random, then the output will be random. This means that if there is no correlation between the input random numbers, then there will not be any correlation between the output keys. Hence, the first and most important step for key generation is a random seed.
Random numbers are normally generated by a reliable source. These days, Pseudo Random Number Generator (PRNG) are generally used to generate seed for key generation which is essentially a software-based algorithm.
There is also True Random Number Generator (TRNG), which uses hardware-based inputs to create random values. The noises from the physical processes like avalanche noise, thermal noise, or atmospheric noise are converted into electronic signals, and thereafter into digital signals to generate random bits.
Network security demands a solution that offers perfect randomness at a very high throughput but is not algorithmic in nature. QNu meets this demand for absolute randomness with its Qosmos™ offering.
QNu Labs has partnered with Zeblok Computational, a unique AI PaaS provider to provide MSP/MSSPs with Qosmos™, a robust cloud service for high-quality entropy at a high throughput, which complies with NIST recommendations. The solution uses Zeblok’s cloud native AI Platform-as-a-Service foundational utilities to provide the API runtime to easily integrate the Qosmos™ service with the external world.
The foundational utilities on the SaaS layer of the Zeblok AI PaaS accesses random numbers from Qosmos™ and provides these to client applications. Zeblok’s AI runtime environment provides APIs that can be easily integrated into various applications. The Qosmos™ server accesses the random number stream, which is signed, encrypted, timestamped and sent to the client application. Cloud native architecture is scalable and can include multiple servers.
Another important part of Zeblok AI PaaS is the dashboard. The dashboard is a GUI (Graphical User Interface) given as part of the platform to the MSP/MSSPs. It helps manage clients, track the usage of client, check the usage—thereby giving all kinds of usage statistics. The randomness of the numbers along with the health of the system is continuously monitored.
To understand the access to Qosmos™, let us trace the steps the client should take to get the application up and running.
Quantum entropy device Tropos™ generates a continuous stream of random bits that are then fed to Qosmos™ within the foundational utilities of the SaaS layer of the Zeblok AI PaaS. Random numbers are then generated from this quantum source and transferred to the user’s model or applications via the Qosmos™ architecture.
Each block of random numbers goes through NIST test suites on a continuous basis. The random numbers are available for serving only after they have passed through the NIST security suite.
Hacking of random numbers is possible in two ways: first by being able to guess the next sequence that a random number generator will provide and second by tampering with the random source to make its output predictable. In the case of Qosmos™, both these methods do not work as the randomness is generated using a physical process that is immune to being tampered with. The random source is also maintained in a high-security sterile environment.
Tampering of stored random numbers is also avoided by using a mutual two-way authentication with client applications. There is no other access available to these random numbers in the Qosmos™ server.
The SSL handshake used in the https connection of a website will use digital certificates based on the PKI. Now, as the whole infrastructure is moving to TLS 1.3 for more security, the master secret key generated from client and server should be obtained from Qosmos™ for higher security. This essentially replaces the PRF (Pseudo Random Function), which generates deterministic randomness.
Apart from using a https-encrypted tunnel, emails generally use a pair of public and private keys generated from the randomness of a system (key strokes, mouse movements etc.,). Instead, a TLS encryption based on Qosmos™ supported by email service providers can make the data exchange more secure.
With video conferencing becoming a medium to share information, the security need also has increased. The introduction of random seed from Qosmos™ to generate initial authentication keys and then using Qosmos™ OTP for continuous authentication will provide added security
PKI keys like RSA are created in the firewall to allow only authenticated user into the network. Firewalls do not typically have enough entropy to create unpredictable keys, which makes them vulnerable to attacks. Integrating Qosmos™ to generate the keys will increase security of firewalls by many folds.
Data at rest and motion are important for data backup and recovery. Qosmos™ can be used for continuous authentication for each data transfer to maintain the security in motion. Our clients have already adopted HSM or KMS for data at rest; their security will increase when they use Qosmos™ random numbers as seed to generate the keys.
The RMM software continuously collects and monitors critical data logs from servers and desktops. Qosmos™ will help in generating OTP keys for present PKI keys used for encryption and continuous authentication for security between different data collection points.
Digital signatures are a crucial part of the PKI and with the increase in demand due to digital adoption, the randomness generated now has become deterministic. Integrating Qosmos™ to the present certificate-generation systems will increase the security and start the organization journey towards quantum-safe security.
The learning speed of an AI or ML algorithm depends on the randomness of the data set. By using Qosmos™ random numbers, we can select random data elements from the whole set without any bias, thereby decreasing the learning time of the algorithm.
Zeblok has created an innovative, decentralized,scale-as-you-go, cloud-native Artificial Intelligence Platform-as-a-Service (AI PaaS), by providing composable foundational components, specializing in AI-HPC orchestration and an AI algorithm marketplace, which delivers a single unified preconfigured environment, with familiar frameworks and a growing library of curated AI algorithms, enabling enterprises of all sizes to build AI models and integrate them into mission-critical business processes from Core to Edge.