Technology Genesis

Most Internet communication technologies in use today are multiple revisions and add-ons to networking protocols developed 20 or more years ago as part of the network OSI model. The current inefficiencies, complexities and insecurities of DNS, NAT, PKI, IKE and many components of the TCP/IP suite are well known, yet we still rely on them. Today’s legacy security solutions cannot defend against a growing adversary landscape armed with on-demand attack resources that easily uncover and penetrate even the smallest of corporate IT weaknesses. And certainly these outdated protocols are unable to keep pace with the extension of communications and computing beyond the perimeter.

To overcome these problems Aunigma Network Solutions Corp. was founded to develop a novel suite of holistically integrated security, data transport and network management mechanisms to provide users a Dynamic Adaptive Darknet (DAD) defense named ANS FabriX™. This solution enhances a select number of the OSI layers’ functions and manages them in a unique way. ANS FabriX automatically establishes and maintains authenticated communications across diverse network topologies while eliminating current and future threats.

Focusing on the TCIP/IP suite’s most significant and prolific security threat vectors—intrusion, MITM, DoS/DDoS and system/server/service hopping—Aunigma has developed three core mechanisms to form its DAD defenses. The first, named PacketLok™, is a method to uniquely filter packets dynamically for each frame. The second mechanism uses Aunigma’s packet filtering method to create a secure and multi-modal (lossful/lossless) UDP transport protocol named SFL™ (Secure Frame Layer). Thirdly, Aunigma employs both of these mechanisms to construct a “real-time” software defined security “control layer” that orchestrates drop-in dynamic access control and DDoS mitigation as a component of Aunigma’s ANS FabriX offering.

Technology Overview

PacketLok

PacketLok is a patented mechanism that provides an unspoofable authentication and authorization (AA) methodology.  Every transmitted packet contains a computationally transparent one-time filter (OTF) value that is a dynamic pseudo identity. Filter values are wire-speed processed (in memory) at the receiving node as a stateless AA and network access control (NAC) solution. The PacketLok mechanism establishes a stateless presence because it does not reply to nor create a state on an endpoint CPU for invalid packets. This attribute is the essence of stealth (by eliminating the attack vector), thus providing DoS/DDoS, intrusion and authentication manipulation protection on a packet-by-packet basis.

SFL

PacketLok works in concert with Aunigma’s patented Secure Frame Layer (SFL) transport protocol. SFL dynamically encrypts each transmission session with a symmetrical block cipher one time pad (OTP), and the entire packet (including filter value) is dynamically cypher-texted.  As an additional level of security, users can specify the degree of randomness for each session key. Most importantly, keys are never exposed to the wire, thus making decryption extremely unlikely. Even if SFL data streams were captured, unlike common encryption techniques, the OTF and OTP values are never repeated; so the more SFL data captured, the further away key deciphering becomes.

Operating from a lower level OSI model layer, SFL is purposely built not to rely on problematic legacy IP suite components. Therefore, by not depending on TCP, DNS, MAC addresses and digital certificates or credentials, SFL provides MITM, eavesdropping, and advanced snooping protection. When combined with a built-in QoS feature, these breakthrough SFL attributes provide unlimited flexibility and efficiencies for network connectivity.

ANS FabriX

ANS FabriX solution is Aunigma’s real-time, high availability, software defined, node-based security and networking platform. Our solution suite incorporates ANS PacketLok, ANS SFL and several other cutting-edge security and network/data transport features and functions like:

• real-time adaptive communication detection and defense,
• granular access control segmentation or micro-segmentation,
• real-time topology visibility, and
• event logging with near zero false positive alert notification for each ANS FabriX node.

ANS FabriX operates within, conforms to, supports, or exceeds common flexible or open framework functionalities and requirements defined in current and evolving standards, such as: NIST, ISO, HIPAA, SDN , SDP, SDDC, and SD-WAN.