Guardtime's KSI® blockchain enables organizations to ensure the integrity of their networks, prevent loss of critical digital assets and track data securely throughout its supply chain.
KSI blockchain technology enables customers to tag and track the veracity of every component, configuration, and digital asset within a network to achieve real-time awareness of the asset integrity state, no matter where that asset is transmitted, stored, or received.
The KSI blockchain platform enables real-time cybersecurity and data-centric asset protection, directly supporting enhanced continuity of operations, data loss prevention, and is a new form of real-time Advanced Persistent Threat (APT) detection.
The KSI blockchain technology stack consists of a specialized Black Lantern security appliance hardware with advanced anti-tamper functionality, software suite for real-time monitoring of the integrity state of your network and a service that provides KSI blockchain based signatures needed for network instrumentation.
The Platform records the state of all KSI-instrumented digital assets by registering them in a global KSI Blockchain, generating a mathematically verifiable baseline image of the network - a Clean State Proof. Once this state has been achieved, it becomes possible to continuously verify that the network remains in a the clean state, and act when a compromise is detected.
The Platform enables continuous verification of whether your network is still free of compromise and Clean State Proof still valid. We call this concept Active Integrity and it provides you with a real-time situational awareness of digital assets like firmware, operating systems, network routing tables, switch and router configuration parameters, event logs, data stores or computer memory.
The changed integrity state provides a real-time alert, enabling you to make immediate decisions in the event that the network and/or asset is compromised and rapidly identify the cause and specific components responsible. I.e. if an asset is affected by malware, the asset can be ‘sandboxed’ or fire-walled before further propagation.
The Security Appliance's software is encrypted at rest using ETSI approved encryption algorithms. The hardware is incapable of executing unsigned code; it will not boot if the software and hardware runtime environment is not authentic.
Black Lantern Appliance uses advanced ASICs with customized tamper protection features and escalation reaction monitors for added security given a variety of physical attack vectors
Black Lantern Security Appliance is self-protecting. Tamper events are immediately evident and the device engages protection mechanisms to wipe keys and software, rendering the system inoperable, or into various maintenance modes.
It is not possible to use Black Lantern to stage an attack, either against the device itself, or against other assets in your network.
The KSI Service is rendered using fault-tolerant globally distributed physical infrastructure and accessed via the Black Lantern Security Appliance.
The Black Lantern Appliance also performs the data hashing operations, as well as the first level of hash aggregation to preserve not only privacy of the data contents, but also the privacy of the data volume - only one hash value per second ever leaves your perimeter and is entered to KSI Service infrastructure.
The KSI Service is available globally in more than 180 countries.
|Guardtime offers KSI Service globally for selected governments and organizations.|
|Ericsson offers KSI Service globally, based on its telecom-grade KSI infrastructure buildup.|
The KSI Service does not ingest any customer data, ever – instead the system is based on one-way cryptographic hash values that uniquely represent the data, but are irreversible such that one cannot start with the hash value and reconstruct the data - data privacy is unconditionally guaranteed at all times.
The current build-out of the KSI Service enables to sign and verify trillion (1012) data items, every second.
The KSI Service is designed to be available globally and the hash aggregation points are physically located in every continent to ensure consistent response times.
The KSI Service is rendered using a stateless software defined network - the hash-tree structure that makes up the network is created, validated and destroyed once per second, and no data is stored during the process, apart from the root hash value of the hash-tree structure that is added to the KSI Blockchain after achieving a distributed consensus.