QOSMOS (Entropy as a Service)
Securing Virtual Environments with Entropy for Generating
Unpredictable Keys and Bolstering Security
What is Qosmos?
Qosmos solves the entropy starvation problem of systems, whether in a cloud, embedded systems or at the edge. Qosmos provides the highest quality randomness and a secure method of providing the seeds for entropy starved systems or applications.
Main advantages that Qosmos bring to the table
Ease of Integration
API runtime environment provides a seamless integration
Multiple Deployment Options
Host the entire solution in your data center or client location
Proactively Quantum Entropy
Dramatically increases true entropy using quantum-based encryption keys
Qosmos Architecture
There are 3 main parts in the architecture
QNu Tropos is quantum entropy device which is the root of randomness. The random numbers are generated from a quantum source and then transferred to applications as a service through Qosmos architecture. Tropos generates continuous stream of random bits which is fed to EaaS Server.
EaaS Server
EaaS (Entropy as a Service) server acts as a bridge between Tropos and client application. EaaS server accesses the random number stream Tropos which is signed, encrypted, and sent along with timestamp to the client application. EaaS server architecture is scalable and can include many of the servers across the world. NIST recommends access from multiple EaaS servers to increase the security of the seed.
Client HRT or Application
HRT (Hardware Root of Trust) is a classical computing device with secure hardware component for storing, seeding and generation of cryptographic keys. HRT would normally be TPM, Intel IPT, ARM TrustZone, HSM or any encryption key generation device. It can also be combined with a client software application which enables communication between EaaS server and client hardware. It is not required for the client system to have dedicated hardware, but the hardware availability will make the process more secure.
Unconditional Quantum Security on World-class AI
Zeblok + QNu
Zeblok Computational and QNu Labs have partnered to provide MSSPs with Qosmos, a robust solution for providing high-quality entropy, which complies with NIST recommendations. Qosmos uses the encryption key seed generated by QNu Tropos. The QNu Tropos is a quantum random number generator, based on quantum mechanics, rather than an algorithmic/mathematical random number generator. The solution uses Zeblok’s cloud native AI Platform-as-a-Service foundational utilities to provide the API runtime to easily integrate the solution with the external world.
Main advantages that Qosmos bring to the table :
Ease of Integration- API runtime environment provides a seamless integration
Multiple Deployment Options- Host the entire solution in your data center or subscribe to QNu/Zeblok’s Entropy-as-a-Service.
Proactively Quantum Entropy- Dramatically increases true entropy using quantum-based encryption keys
Traditional sources of entropy no longer viable for today’s cryptographic need.
Do your applications have sufficient entropy?
Key Features and Capabilities
Randomness
Entropy is a measure of the randomness or unpredictability of information that’s collected by an operating system or application to use in generating cryptographic keys that require random data.
Encryption keys, especially the RSA keys are at risk of compromise when using deterministic number generation. Many weak keys can efficiently be discovered and subsequently compromised by finding reused prime factors in a large data set. When a high level of entropy is used for encryption, user data can be securely protected against attacks both in transit over the network and at rest on storage devices.
Speed
Assures high throughput required for digital devices such as IoT, embedded systems, cloud, 5G and other applicationsLack of Patterns Being a step ahead in cybersecurity threats is the need of the hour. Qosmos provides steady supply of new information, free of patterns that hackers cannot predict and exploit.
Lack of Patterns
Being a step ahead in cybersecurity threats is the need of the hour. Qosmos provides steady supply of new information, free of patterns that hackers cannot predict and exploit
Applications
The applications are transparent to random numbers required for security purposes. Any application that uses TLS will automatically get the random numbers via Qosmos, through the TLS library. This way, no application needs to be changed to use random numbers.
Web Browser Security
The SSL handshake used in the https connection of a website will use digital certificated based on PKI. Now as the whole infrastructure is moving to TLS 1.3 for more security, the master secret key generated from client and server random should be obtained from Qosmos for higher security. This essentially replaces the PRF (Pseudo Random Function) which generates deterministic randomness.
Encrypted E-Mail
Apart from using a https -encrypted tunnel, emails are encrypted using a public and private key pair generated from randomness of system (key strokes, mouse movements etc.,). Instead we can use a TLS encryption based on Qosmos supported by Google, Microsoft, and Virtu etc., and making data exchange more secure.
Secure Video Conferencing
With video conferencing becoming a medium to share secret information, the security need also has increased. Introduction of random seed from Qosmos to generate initial authentication keys and then using Qosmos OTP for continuous authentication will continuously provide security.
Firewall Security
The PKI keys like RSA are created in firewall to allow only the right user into the network. The firewalls do not typically have enough entropy to create unpredictable keys making them vulnerable to attacks. Integrating Qosmos to generate the keys will increase security of firewalls by many folds.
Data Backup & Recovery
Data at rest and motion are important for data backup & recovery. Qosmos will be used for continuous authentication for each data transfer to maintain the security in motion. Clients have already adopted HSM or KMS for data at rest whose security will increase when they use Qosmos random numbers as seed to generate the keys.
Remote Monitoring & Management Software
RMM software continuously collects and monitors data logs from Servers and desktops that is critical. Qosmos will help in generating OTP keys for present PKI keys used for encryption and continuous authentication for security between different data collection points.
Digital Signatures
Digital signatures are a crucial part of PKI infrastructure and with increase in demand due to digital adoption, the randomness generated now becomes deterministic. Integrating Qosmos to present certificate generation systems will increase the security and start the organization journey towards quantum-safe security.