Share

Why Guardtime?

An Industrial Blockchain Solving the Biggest Problem in Cyberspace


A trillion dollar problem

With an estimated 95% of all enterprise networks having been compromised it is no surprise that every day the news headlines inform us of a new data breach, a new loss of intellectual property, more damaged reputations and increased legal liability. Indeed, the loss of intellectual property from Fortune 500 firms has been described as the biggest transfer of wealth in history. A study published jointly by the World Economic Forum and McKinsey in Jan ’14 estimates the cost of ineffective cybersecurity to rise to three trillion dollars by 2020.  

Further reading

Davos ’14, Cyber Security… The 3 Tn Dollar Problem for Governments & Corporations

Our answer to Peter Thiel 


Our answer to his question "What important truth do very few people agree with you on?”" and the reason that we founded Guardtime is that we believe that integrity, not confidentiality is the answer to the trillion-dollar cybersecurity problem that plagues our society. It is a big statement and one that provokes a strong reaction from the Silicon Valley encryptionistas whose mantra is "encrypt everything”.

If Integrity is  defined as the absence of corruption, in systems, networks, processes and data then it's importance for security becomes clear. You can have all the firewalls, malware detection, sandboxes and big data analytics in the world but if you can’t prove they are working – if you can't verify the absence of compromise, then your strategy ultimately comes down to hope that the attackers aren’t one step ahead. Unfortunately they always are.

Our answer to Peter Thiel: in order to build secure systems you must start with integrity. Confidentiality is what you get when your systems have integrity. 

Further Reading

Our Answer to Peter Thiel

A security dog that barks

The challenge with all modern security solutions is that the dog doesn't bark; you have no way to verify if they withstand unforeseen attacks. Whether firewalls, anti-virus, sandboxing, IDS or multi-vector virtual execution you are given no choice but to trust that the security measures are working and hope for the best.
Geer's Law: Any security technology whose efficacy can’t be empirically determined is indistinguishable from blind luck.

Our technology, Keyless Signature Infrastructure (KSI), was invented to address Geer's law by instrumenting the digital assets that make up a network or system (binaries, configuration parameters, routing tables, data stores or events logs). Our philosophy is that you cannot prevent a breach from unforeseen attacks, you can only react when an attack leads to a change in an infrastructure state which implies a breach. In other words you need a security dog that barks.

Further reading

Implementing Data Governance at Internet Scale

KSI was invented in the world’s leading digital society - Estonia

Based on experiences from being the world's only true digital society  a  team of Estonian cryptographers, network architects, software developers and security specialists got together in 2007 to design and build a data authentication system  that could  authenticate the entire world’s information set within a single second. The result is KSI.
In Estonia Edward Snowden could not have committed his unauthorized act.
His attempt to cover his tracks would have raised an alert and he would have been held accountable for his actions.

Further reading

Wired: Tiny Estonia Hailed Best E-Gov by UN












The Innovations Behind Our Technology


Post-Quantum RSA

Public Key Infrastructure (PKI) is extremely effective for it's original use case; sharing a secret across an insecure channel.  For authenticating data at rest the complexity and cost of key management make it very challenging to implement at scale. KSI introduces an alternative to RSA signatures that uses only hash-functions, making it the first practical alternative to RSA for non-repudiation that will remain secure upon the advent of quantum computers. 

Efficient Quantum­ Immune Keyless Signatures with Identity http://eprint.iacr.org/2014/321

Keyless data authentication

The verification of KSI signatures does not rely on keys, secrets or trusted third parties. It means that electronic data at rest can be authenticated without reliance on implementation of procedure or any trusted insider.

As a practical example consider the implications of a connected car involved in a collision. Who is liable: the driver, the vehicle manufacturer, the software vendor, the network hardware manufacturer, or the telecommunications operator?  The answer is in the data and  with KSI there is no dispute as to exactly what happened when it can be verified without the need to trust any of the parties involved. 



A scalable industrial blockchain 

The KSI blockchain can process billions of transactions per second, uses close to zero power and most importantly scales at O(t) complexity as opposed to O(n). In other words the blockchain grows independently from the number of transactions processed, growing only at a fixed constant rate over time. 

Independent verification

The governance structures of the Internet are based on the equivalent structures in the physical world; hierarchies of trusted authorities such as PKI and DNS. 

Doveryai no Proveryai” is a Russian saying that was translated for Ronald Reagan and became his signature phrase “Trust, but Verify”. This worked in the physical world because it was possible to have extensive verification procedures that enabled both sides to monitor compliance. The  KSI blockchain enables the equivalent for digital society. Hierarchical trust authorities can be replaced with a distributed consensus based public ledger based approach. You can choose to trust; but you can also verify the veracity of statements using that public ledger.

FURTHER ReADING

KSI technology





A Team of Experts, Working With Governments and Partners


KSI is backed by leading researchers and cyber experts in the world

Ahto Buldas, the principal inventor of KSI, holds the chair of Information Security at the Tallinn University of Technology and has published over 30 papers in the field and has spent over 10 years researching the theory behind the technology.

Our CTO, Matthew Johnson, is a graduate of the United States Air Force Academy and a distinguished veteran of the United States Air Force with a focus on cyber security solutions for defense and cloud supporting national protection objectives for mission and information assurance.

Further reading

Ahto Buldas, scientific publicationsVideo: Matt Johnson on KSI technology

Strong government sponsorship and adoption

Our technology is being adopted by world governments, in Asia, Europe and the United States of America. We are actively working with accrediting authorities in all regions to ensure standardization of our technology across federal networks where deployment provides real-time authentication and monitoring for all digital assets, including firmware, software, configurations, data stores and event logs in compliance with regulatory risk management framework guidance (NIST SP 800-53, CNSSI 1253, and ICD 503).

Further reading

Governments

Our business model is to support our partner ecosystem

We do not have a direct sales force. We are a systems engineering firm that continues to develop the KSI technology stack, enabling the partners in our ecosystem to provide solutions built around our stack for their enterprise and government customers.

FURTHER READING

Design-Build-Operate-Transfer