End-to-end encryption hardware for unsecure networks

x.o.ware has debuted the ExoNetTM VPEx Gateway and its companion product, the ExoKey Secure Communications Extension, this week at Black Hat USA 2014.

These two new products, which provide secure Internet access from an insecure open network, are priced and designed to motivate individuals, and not just large enterprises, to adopt end-to-end encryption.

The VPEx (Virtual Private ExoNetwork) protocol that x.o.ware created (from open source technologies) relies on hardware encryption devices that store and privately exchange their keys, without the use of a third party. In addition to eliminating the possibility that a third party sever might get compromised and expose its clients, it also eliminates the cost of buying certificates, and monthly or annual service fees.

The initial application for the ExoKey will be to encrypt data communications over unsecure networks (like open wi-fi hotspots), back to the ExoNet, at a location where it has secure access to the Internet. While many devices exist to perform a similar function, the x.o.ware products are notable for their low cost (initially $39 for the ExoKey and $65 for the ExoNet), and their ease of use.

They are simpler to install than most networked devices, as the typical user will not even need to configure the ExoNet (just plug it into an AC outlet and a router’s LAN port), and the ExoKey just needs to be assigned a name and password, along with installing a driver on the host computer it is used with.

Both devices utilize 256-bit AES encryption, and incorporate IPSec, while masking its normally complicated configuration with a user interface so simple you would think it was developed in Cupertino.

In addition to low cost and ease of use, security was a top priority for the Exo products. The ExoKey not only stores keys and performs encryption, but it also authenticates identities (anonymously, if desired). The contents of an ExoKey (and the ExoNet) can not be copied or extracted; both systems are closed in that they do not allow users to install software or applications. This rule prevents any user information being extracted from, or malware being installed on, both devices. Since they perform their own encryption (in dedicated crypto accelerators), there is never a reason to pass keys to another device, so in effect, the keys are write-only.

The longer term goal of these products is to get people to use end-to-end encryption. While many companies are developing software implementations for that purpose, a software-only solution is only as secure as its host operating system, which is often compromised by attacks that have nothing to do with encryption.

Malware and viruses that infiltrate an OS cannot exploit an external closed device like the ExoKey. To overcome the threats that software-only system will face, x.o.ware has created TENTM, the Totally Encrypted Network. TEN utilizes VPEx hardware and existing secure relationships, with other ExoKeys and trusted brokers, to establish new secure relationships that expand an individual’s encrypted network.


Subscribe to the Help Net Security breaking news e-mail alerts:


Don't miss