Reliable and strong encryption underpins GDPR protection and disclosure obligations.
Whitewood, a developer of crypto-security solutions based on advanced quantum technology has introduced its new Entropy-as-as-Service for Microsoft Windows. The cloud-based service delivers pure quantum entropy – the foundation of randomness – to generate truly random numbers for creating cryptographic keys that are impossible to guess. The new Whitewood netRandom Free service is now available for Windows, running on servers, desktops and laptops, as well as the Linux operating system.
“Random number generation is critical for security but is often poorly understood and is a point of attack and vulnerability - highlighted by the SANS Institute as one of the 7 most dangerous attacks for 2017,” said Richard Moulds, General Manager of Whitewood. “Software-based systems are fundamentally predictable and rely on capturing signals or events from the physical world, ranging from mouse movements to hard drive activity and network traffic to increase the level of randomness. Quantum entropy is the only true source of randomness and with our new netRandom Free service, we can now make this universally available as a supplementary source of randomness to organisations of any size.”
The trend towards virtualisation, containers and distributed environments compounds the problem by abstracting applications from the physical world and the entropy within it. In the virtual world running on shared hardware with dynamic replication, there can be little or no real entropy, increasing the risk of entropy starvation and making it virtually impossible to guarantee the quality of key generation and system security without entropy from a trusted source.
At the heart of the netRandom service is the Whitewood Entropy EngineTM, born out of a decade long research program by the quantum security team at Los Alamos National Laboratory. It is designed to strengthen cryptographic security systems in traditional data centres, virtual cloud environments and embedded systems, such as the Internet of Things (IoT), where random numbers in the form of keys underpin the level of trust and security. The use of crypto tools such as encryption have become ubiquitous in modern IT environments and play a critical role in GDPR (General Data Protection Regulation) as well as rapidly emerging technologies such as Blockchain and Bitcoin services.
The netRandom Free service for Windows is part of a broader product portfolio from Whitewood that includes support for Linux as well as on-premise entropy management systems and quantum random number generators (QRNGs) for organisations that prefer to deploy their own dedicated or private security infrastructure. The netRandom Free service delivers on-demand, quantum entropy from a cloud-based server over standard IP networks to continuously re-seed existing random number generators within Windows and Linux-based instances and devices.
The growing widespread use of cryptography raises the bar for randomness, making the current ‘best-effort’ approaches to random number generation no longer sufficient. New data protection and privacy regulation such as GDPR raise that bar even further as organisations seek to use strong encryption both to protect data from theft by making it unintelligible and to potentially avoid data breach disclosure obligations. The rapid growth of the IoT is also focusing attention on crypto security as a means to ensure correct operation and trustworthiness of safety-critical devices and systems such as drones, driverless cars and smart grid infrastructure.
“Cryptographic keys can be compromised through theft or calculated guesswork,” says Moulds. “There is a constant race to keep ahead of the attackers who can exploit ever faster processing resources to break traditional random number and key generation methods and crypto algorithms – a capability that will get a further boost with the availability of quantum computers.”