If you missed Paula Bernier’s article (free registration required) in our IoT Evolution Magazine, you may not have known Tempered Networks is the new name for Asguard – which is pronounced the same way as Thor’s home-world but spelled with and added letter u.
The idea behind the company is to build trust between systems to go beyond encryption by using Host Identity Protocol for encryption and IF-MAP. “This is a way to have inherent security in your network because it doesn’t happen at the application layer, it happens at the protocol,” said Jeff Hussey, who established F5 Networks and is now President and CEO of Tempered Networks.
Some months later the company outlined their vision – or the problem they are out to solve in more detail:
Implementing traditional security products—such as firewalls, VPNs, or VLANs—to protect M2M communications over shared networks is notoriously complex and cumbersome. As the scale and diversity of endpoints and systems increases, so does the complexity. And those security solutions still rely on IP or MAC addresses to establish identities, which is what hackers try to spoof to compromise the network.
This really nails it but the article goes into more depth:
Recently, we caught up with Marc Kaplan, VP of Solutions Architecture
to get an update. He went over how the company accomplishes its goals – to build secure networks dynamically by creating isolation via the HIP protocol. Network switches go behind HIP switches to determine a host identity, a digital certificate he refers to as DNA.
It’s a layer of abstraction beyond MAC or IP address and it is designed to work over unsecured networks and to allow such operation assuming all networks are not secured. The IDN fabric is designed to be forward and backward compatible providing a trusted, cloaked, segmented, encrypted overlay. The network consists of a Conductor and HIP Services endpoints which are software services supporting both physical and virtual appliances.
The solution applies to level 2 and level 3 simultaneously and also allows the changing of IP addresses on the fly – allowing a company to move machines to the cloud and back or to different clouds with ease.
The company’s latest release adds a relay concept so devices can directly and securely communicate anywhere on the globe.
The details of the technology are as follows:
- Device A & B connect via TCP/IP to physical hardware or software.
- The cryptographic identity is bound to the host device
- The Conductor authenticates and authorizes the HIP services via their provable host identities and then white lists both HIP switches to communicate with each other.
- Once whitelisted, the HIP services build a tunnel between them for encrypted communications.
- The Conductor defines policy but no traffic passes through it. Even if offline, HIP services continue.
The company’s goal is to provide their technology to all devices, from servers to mobile and IoT.
The bottom line is Tempered Networks wants to boost security by reducing reliance on spoofable IP addresses and $85 billion in extra levels of security which can still be penetrated.