Design Insights

Threat Immunity through Comprehensive Security

Because the effectiveness of any privacy solution pivots on its weakest link, achieving an effective messaging privacy model requires that the entire range of threats cannot be allowed to operate to compromises any aspect of messaging privacy.  Only by understanding the attack surface and threat methods, and integrating complete threat immunity into the architecture of the privacy model, can true end-to-end privacy and security be achieved.  (see the TrustWrx White Paper – Threat Vector Analysis.)

The need for the defensive legacy security stack is not displaced by TrustWrx.  Perimeter defense will always be needed, protecting the enterprise behind the firewall while TrustWrx enables full security for IoT out on the open Internet.

TrustWrx Design and Performance Criteria

  • TrustWrx is a proactive and strategically designed privacy ecosystem for universal messaging within which almost all threats, malware and cybercrime cannot operate. Unlike the defensive posture of layered security solutions, TrustWrx is proactively focused on a deterministic architecture of safe messaging technologies and practices.
  • TrustWrx does not utilize the public DNS and its related publicly exposed routing. TrustWrx replaces the publicly exposed DNS with more robust private DNS-like database services that extend encrypted name resolution to fully encrypted addressing and policy management of all components of a TrustWrx enabled network.
  • Every part of TrustWrx packet traffic is encrypted (all metadata, content, attachments, domain names, message addresses, headers, routing, handshaking, etc.) – everything except the IP address pair – which is always endpoint disassociated. This means that all standard threats that rely on hijacking publicly visible metadata, addressing and routing cannot operate within TrustWrx enabled networks.
  • The IP address is the lowest common denominator for routing IP traffic over the public Internet and cannot be encrypted. However, TrustWrx disassociates all IP address message pairs through central gateway services to protect anonymity and privacy. TrustWrx further employs sophisticated server-relay measures to protect ports, operating systems and applications from unwanted and potentially harmful packets.
  • TrustWrx ports and applications do not operate on industry standard port numbers. They utilize policy-driven techniques and complex port and IP address hopping methods, encrypted port knocking and device fingerprints – validated through central policy services – to further protect the privacy of applications and messaging operations. However, TrustWrx packets pass seamlessly through perimeter firewalls with no changes to existing settings.
  • Having developed the capability to encrypt packet headers, TrustWrx is uniquely positioned to totally control – in complete privacy – the packet conversation between an endpoint device and gateway services, and on to another endpoint device or server. Insofar as the packet header is no longer subject to prying eyes on the open Internet – and can be seen only by the TrustWrx code at either end – TrustWrx is uniquely positioned to lock down the entire packet conversation.
  • TrustWrx utilizes only industry standard encryption that has been published, vetted and proven durable over time. TrustWrx’s triple layer encryption was designed to accommodate many different encryption algorithms and key lengths.
  • The company has White Papers and other documents that provide additional details – available on request to qualified individuals.
Identity is the New Perimeter.

Internet Packets have No Verifiable Identity

According to a recent IDSA report, 97% of IT security experts agree that identity is a foundational component of a Zero Trust security model. Until now, embedded packet identity and usage credentials have been universally ignored in the identity/security equation.

The overall threat and malware problem persists primarily because an IP address is the only identity a packet has. However, spoofed and uncontrolled IP addresses are often a common delivery mechanism for the more than 90% of packet traffic that is unwanted or dangerous.

Having no credentials and with no means of verifying the true packet source, the good packets are indistinguishable from the bad, and more than nine out of ten packets are unwanted or dangerous.

The critical innovation needed to solve this problem, and eliminate the majority of rogue packet traffic, is to arm the packet with true verifiable identity and usage provenance credentials – centrally validating packets and controlling packet usage across the local network and beyond to the cloud.

By giving packets verifiable identity, precisely controlling packet usage and significantly collapsing the threat surface, a new and much more powerful security paradigm emerges.

Ready to learn more about TrustWrx security for IoT. . .?