Fortress: A Crypto-Agile Software Defined Network by American Binary

Summary

Fortress is a highly secure and cutting-edge networking solution that offers a number of benefits for businesses and organizations. The ability to be Crypto-Agile ensures that all data transmitted across the network is compliant with today's requirements while effortlessly allowing for Post-Quantum Encryption to be deployed. Post-Quantum encryption will ensure your organization's data is protected, even against the threat of future quantum attacks. Fortress' architecture enables centralized control and management of the network, which results in increased efficiency and reduced operational costs.

Get the White Paper

Benefits

Cut IT Costs
  • Get a larger ROI on existing hardware
  • Deploy containerized, on white-boxes, line cards, on edge metal, or on the cloud
  • Don't wait on the chip shortage
Canvas 1 Layer 1
Multi-Cloud
  • Deploy effortlessly across multiple clouds, edge servers, and even on-prem
  • Effortlessly use the best DevSecOps and/or Platform Engineering practices
  • Rapidly scale your network securely
Crypto-Agile Encryption
  • Utilizes state-of-the-art extended shelf-life cryptography good for the next 30 years
  • All communicating on a highly encrypted, incredibly fast transport layer.
  • Validated FIPS 140-2 Encryption also available
Centrally monitored
  • Managed, and controlled with ease
  • Supporting 10K+ nodes
  • Infrastructure as Code (IoC) Ready

Features

Crypto-Agile Data Plane
Best-in-class Data Plane utilizes either Validated FIPS 140-2 P384 with AES-256-GCM with SHA384 encryption in BlueFalconFork or CRYSTALS-Kyber 1024, NIST Level 5 Authenticated Key Exchange.
It works by using a CRYSTAL-Kyber 1024 static key along with a CRYSTALS-Kyber 512 ephemeral key.

Be compliant today with US Federal standards while being prepared for a seamless transition to Post-Quantum Encryption when NIST gives the final green light.
The Control Plane
Builds on the power of the Post-Quantum Data Plane to provide Restful APIs for every possible operation an Administrator, Agent, DevOps Employee, or Data-Comptroller would need to perform. This allows for the network to be fully automatable and a level of reporting/instrumenting capability unmatched.
Management Plane
Also be referred to as the Software Defined Network (SDN) Controller uses another best-in-class DevOps first (DevSecOps as well) API First administrator panel. Every feature of the administrator panel is API driven and can be automated through Ansible or Terraform.
  • Two factor authentication
  • Single Sign On (SSO) through SAML, Active Directory/LDAP, OAuth
  • Modular enough to facilitate any other authentication scheme that an organization requires.
OCI Engine
A native feature of the Application plane.
  • Application aware
  • Natively embeds “runc” allowing deployment of OCI Containers.
  • Docker is most popular OCI Container
Blob Storage Engine
A native feature of the Application plane.
  • Deploys a Restful Blob storage engine
  • API compatible with S3.
  • Revision control built into the filesystem– can automatically roll back in the event of disaster/malware infection.
  • Can retrieve files on a delta basis, facilitating WAN Optimization saving bandwidth
API Hooks for Anti-Malware
A native feature of the Application plane.
  • Deploy powerful APIs across your enterprise to leverage best-in-class third party Anti-Malware solutions
  • Get Metrics from your Anti-Malware platform to ensure compliance and security
  • SDK available for third-party developers (soon)
Certificate Management
A native feature of the Application plane.
  • Native built-in Certificate Management
  • Facilitate crypto-agile x509 certificates soon.
  • Can integrate with any other valid Certificate Authority

Frequently Asked Questions

Post-quantum encryption refers to encryption methods that are secure against an attacker with a quantum computer. Current encryption methods, such as RSA and Elliptic Curve Cryptography (ECC), are vulnerable to quantum computers (cryptographically relevant quantum computers) and could potentially be broken by them. Post-quantum encryption is important because it ensures the security of encrypted communications even against a quantum computing attack. It is important to care about post-quantum encryption because it can protect sensitive information from being compromised in the future as quantum computing technology advances.

Being crypto-agile refers to the ability to quickly and easily adapt to changes in cryptographic methods and technologies. This includes the ability to upgrade encryption algorithms and protocols as new weaknesses are discovered or new technologies become available. It also includes the ability to switch between different algorithms or protocols as needed to ensure continued security.

Crypto-agility is important because it allows organizations to maintain the security of their communications and protect sensitive information even as cryptographic threats evolve. It enables organizations to respond to new vulnerabilities and attacks by quickly deploying new cryptographic methods, rather than waiting for a complete system overhaul.

Adopting a crypto-agile approach can also help organizations avoid vendor lock-in and maintain flexibility in their security strategies.

The National Institute of Standards and Technology (NIST) is concerned about Elliptic Curves, Diffie-Hellman (DH), Elliptic Curve Diffie-Hellman (ECDH), and RSA (Rivest–Shamir–Adleman) because they are all vulnerable to quantum computing attacks. Quantum computers can potentially use algorithms such as Shor's algorithm to break the encryption used by these methods, which would allow an attacker to access sensitive information that was thought to be secure.

In 2016, NIST launched a process to identify new post-quantum cryptography standards and algorithms that will be more secure against quantum computing attacks than existing standards. The goal of this process is to develop and standardize new cryptographic methods that will be secure against both classical and quantum computing attacks, and will replace the existing standards that are vulnerable to quantum computing.

Given the recent progress in quantum computing, NIST is concerned that it is important to start the process of transitioning to post-quantum cryptography now to ensure that sensitive information remains secure in the future.

The benefits of post-quantum encryption are:

Security against quantum computing attacks: Post-quantum encryption methods are designed to be secure against attacks from quantum computers, which can potentially break current encryption methods such as RSA and Elliptic Curve Cryptography (ECC).

Long-term security: As quantum computing technology continues to advance, post-quantum encryption methods will provide ongoing security for sensitive information, protecting it from future attacks.

Compatibility: Post-quantum encryption methods can be designed to work with current systems and infrastructure, making the transition to post-quantum encryption more seamless.

Flexibility: Post-quantum encryption methods can offer different levels of security, depending on the specific use case and the level of protection required.

Encourage innovation: The development of post-quantum encryption methods can encourage innovation in the field of cryptography, leading to the discovery of new and more secure methods.

Compliance: Some countries and industries have or will require the use of post-quantum encryption methods, so it would be beneficial to be ready and in compliance.

It Depends on your use-case. Deployment can happen as quickly as a few hours to several months. The use-case determines the deployment time. Please feel free to reach out to us for more information.