Tempered Networks Boosts Trust with Identity-Defined Networks

If you missed Paula Bernier’s article (free registration required) in our IoT Evolution Magazine, you may not have known Tempered Networks is the new name for Asguard – which is pronounced the same way as Thor’s home-world but spelled with and added letter u.

The idea behind the company is to build trust between systems to go beyond encryption by using Host Identity Protocol for encryption and IF-MAP. “This is a way to have inherent security in your network because it doesn’t happen at the application layer, it happens at the protocol,” said Jeff Hussey, who established F5 Networks and is now President and CEO of Tempered Networks.

Some months later the company outlined their vision – or the problem they are out to solve in more detail:

Implementing traditional security products—such as firewalls, VPNs, or VLANs—to protect M2M communications over shared networks is notoriously complex and cumbersome. As the scale and diversity of endpoints and systems increases, so does the complexity. And those security solutions still rely on IP or MAC addresses to establish identities, which is what hackers try to spoof to compromise the network.

This really nails it but the article goes into more depth:

Cellular carriers offer MPLS VPNs as enhanced security infrastructure for wireless communications, but dedicated MPLS networks are extremely costly, especially at scale. MPLS connectivity for a single site can average $1200 a month. Imagine a car manufacturer with 5 sites or a retailer with 100 sites to connect. That quickly adds up to an annual bill of $72,000 for 5 sites and more than $1.4 million for 100 sites.

With all of the security, cost, and control and issues around M2M 
connectivity, it’s no wonder that businesses and industries that have the potential to gain huge advantages have been slow to take on M2M initiatives. But, there are solutions that can take the cost and complexity out of securing M2M communications over cellular networks, and they are available today.

Recently, we caught up with Marc Kaplan, VP of Solutions Architecture 

mark-kaplan-tempered-networks.jpg

to get an update. He went over how the company accomplishes its goals – to build secure networks dynamically by creating isolation via the HIP protocol. Network switches go behind HIP switches to determine a host identity, a digital certificate he refers to as DNA.

It’s a layer of abstraction beyond MAC or IP address and it is designed to work over unsecured networks and to allow such operation assuming all networks are not secured. The IDN fabric is designed to be forward and backward compatible providing a trusted, cloaked, segmented, encrypted overlay. The network consists of a Conductor and HIP Services endpoints which are software services supporting both physical and virtual appliances.

The solution applies to level 2 and level 3 simultaneously and also allows the changing of IP addresses on the fly – allowing a company to move machines to the cloud and back or to different clouds with ease.

The company’s latest release adds a relay concept so devices can directly and securely communicate anywhere on the globe.

The details of the technology are as follows:

  • Device A & B connect via TCP/IP to physical hardware or software.
  • The cryptographic identity is bound to the host device
  • The Conductor authenticates and authorizes the HIP services via their provable host identities and then white lists both HIP switches to communicate with each other.
  • Once whitelisted, the HIP services build a tunnel between them for encrypted communications.
  • The Conductor defines policy but no traffic passes through it. Even if offline, HIP services continue.

The company’s goal is to provide their technology to all devices, from servers to mobile and IoT.

The bottom line is Tempered Networks wants to boost security by reducing reliance on spoofable IP addresses and $85 billion in extra levels of security which can still be penetrated.

    Leave Your Comment


     

    Loading
    Share via
    Copy link
    Powered by Social Snap