Please tell us a little bit about your background and current position at Secure Channels.
Although I was born in California, I received my formal education in Switzerland and lived in Europe for 20 years before returning to the U.S. I’ve been a frequent tech investor and entrepreneur, and always had a knack for spotting the market trends that will be profitable and represent important technological advancements. I have a deep passion for tech, innovation, and improving the security of all types of tech infrastructure. My main goal is to encourage our company to embrace change and innovation that will lead to disruptive technology breakthroughs.
Briefly explain Secure Channels main products.
Secure Channels’ main mission is to provide companies tools for securing their data themselves and managing the access and authorization rules for that data. Our patented breakthrough products meet these needs for a wide range of small and midsize businesses. For example, we recently released a patented Pattern Key, Multi-Segment, Multi-Standard (PKMS2) protocol that significantly improves the security of modern block ciphers. It represents a significant enhancement over AES-256, and is offered within our ParaDoxBox™ and Superencipherment Engine solutions. ParaDoxBox Enterprise, our data security platform puts together our endpoint encryption management platform with a cloud-based administration interface. It’s simple to use, deploy and protects device, network, and cloud storage locations. SUBROSA® is our access authorization and password replacement web service that helps companies eliminate the vulnerabilities associated with password-based authentication. It effectively thwarts brute-force attacks by allowing users to choose unique data resources to generate their keys and establish a personal interaction pattern with the resource.
XOTIC™ is our state-of-the-art streaming cipher protocol that is considerably more flexible and faster than any other available protocol. It enables in-flight streaming encipherment on any type of data, in real-time. XOTIC Encipherment strength can be dialed-up or dialed-back depending on the use case. Outmaneuvers legacy public/private key (asymmetric) encryption methods currently in-use, and eliminates the attack surface provided by (symmetric) encryption methods such as AES. XOTIC can be incorporated into standard email clients such as Gmail, Yahoo!, Hotmail, as well as Microsoft Office products to create deeply hardened private conversations between recipients. Additionally, by setting your email client to only accept mail secure using XOTIC, it eliminates the possibility of receiving “phishing” emails from spoofed senders. XOTIC is ideal for securing large files, volumes, IoT data, data in public cloud environments, on mobile devices, within big data sets, or in large enterprise environments.
What is the problem with data sets having to be encrypted ‘for’ someone and decrypted ‘by’ someone and how does Secure Channels’ solution solve that?
This question is a classic cryptography problem. It’s why the German’s Enigma code failed in World War II, and why we can’t use one-time password. It isn’t enough to just scramble a message, but how to provide the recipient with the protocol/key to unscramble it. This has bedeviled cryptographers for years, and pushed them to use both symmetric cryptography, where both parties have a copy of the key, and asymmetric, where there is a public and private key. Asymmetric is computationally expensive, and too complex. Our ParaDoxBox solution explicitly addresses the core problem of key distribution by safely moving information around among multiple stakeholders. The biggest problem has been how to get all of the data security in one place, and how to handle the person-to-person communications, since organizations are mainly concerned about maintaining control. With ParaDoxBox, all the files, drives, and volumes are encrypted, but set up in a way that an organization (not an individual) always has control.
What are social engineering attacks and how does ParaDoxBox™ eliminate them?
Social engineering attacks prey on the fallibility of humans. Consider the thousands or millions of years it would take to brute force to crack a 256-bit key to access a system, compared to the relative ease of duping a person into providing that information. You’ve probably heard the term “PICNIC”, or “Problem in Chair, Not in Computer” that references how security flaws are often tied to the user. If you walk through a busy airport, it’s likely you could pick up conversations where people share bank account numbers, credit card info, and other personal data. Not to mention the data that’s flowing over the airport’s public Wi-Fi. That’s the access point, the willingness of people to offer up such information. Our solution ParaDoxBox looks to improve any application that’s vulnerable to social engineering attacks. It really comes down to the authentication mechanisms, which means poor “Password1234” type passwords. We built a solution with idiomatic recognition, which is one of the authorization mechanisms with the SUBROSA platform. Combined with a token such as facial recognition or fingerprints, and it’s very difficult for an attacker that is phishing or spoofing to fully obtain the right credentials. So, they essentially only get a small piece of the access puzzle.
How do you mitigate the security risks to your clients’ Internet of Things (IoT)?
Once you know what your IoT devices are, what they’re connected to, and what they are communicating with, understand that everything in that connection loop is potentially vulnerable to attacks. Therefore, we need tight access controls around every connected object. We need to see, administer and understand the overall connection, because currently most people in the industry are not seeing this whole view. We provide solutions for IoT security in a host of ways, including encryption, strengthening authentication, and thwarting ransomware.
What are the vulnerabilities associated with password-based authentication? What more secure method(s) do your products use?
Password-based authentication is generally fully exploitable. Single-factor authentication can no longer hold up to today’s sophisticated attacks. The problem is not the password’s complexity, but the length. The computers that are doing brute force attacking use random number generators that can quickly cycle through enough combinations to crack the typical four to twelve-character passwords in hours, sometimes minutes. Even password with a mix of symbols, upper and lower, etc., are just not long enough. Our approach it is to produce a super long password of around 65,000 characters through SUBROSA, which would take billions of years to crack through brute force. It’s very easy for the user, as they create a personal interaction pattern that generates keys securely.
What is the Health Information Technology for Economic and Clinical Health (HITECH) Act and how does Secure Channels help with compliance?
HITECH addresses the security concerns of transmitting health information such as health records. It’s a precursor to the broader General Data Protection Regulation (GDPR), and comes with various compliance rules and possible fines for noncompliance. So far when it comes to HITECH compliance, companies have done a decent job on the back end, but not user’s end. As more and more medical practitioners go virtual, there’s more data being created, modified, and stored on laptops and workstations. You can encrypt the data, which might protect it when machines are powered down, but you need protection while clinicians, staff, and others are handling and creating data. There’s the vulnerability, and because medical records fetch upwards of $200 a piece on the dark web, this data is very valuable to cybercriminals. ParaDoxBox encrypts data while the user is active, and the machine is operating. Data never goes out in a clear state, so if a bad actor gains access to the network, they’ll quickly move onto softer targets as they can’t access and sell this encrypted data. There really hasn’t been a mechanism like this — a one-stop shop tool that does all the protection at the point of production. It isn’t disruptive at all to the individual’s workflow and provides very impactful protection.
What are the security concerns in the media & entertainment industry and how does your Entertainment Security Operation Center address them?
The principal concern is the theft or unauthorized viewing of pre-release content. We’ve been fortunate enough to work directly with Hollywood producers and others in the field, and have developed security solutions to mitigate their concerns. Our new XOTIC platform for example can encrypt content once the light hit the lens, so the content is protected at creation. This is a huge development for the media and entertainment industries who are always trying to prevent leaks or spoilers from damaging the demand for their content.
Please tell us a little about your upcoming product COPTRAK™ Digital Media Tracking and Tracing.
With COPTRAK™ we have the technology for the insertion and injection of a unique identifiable serial number or tracking number within the video and audio stream. It’s not visible to humans, but is trackable through forensics. Armed with COPTRAK, content owners can prevent the theft of their digital content and streaming media because it can always be traced back to the source.