WHAT IS CODE-X?
Code-X is 5 Dimensions of simultaneous and continuous data protection.
Fractionalization involves deconstructing all data and applications into equal and identical 4 kbit blocks, and then spreading them across all local computer or edge device memory and geographically distributed servers within a local network operations center, or across a state, region, country, or the globe. Also, for “cloaking” purposes, the information can be encrypted and interleaved down to 16B wide. Why? Security of data is paramount. With the assumption of system compromise, an intruder into a system or network will essentially see nothing of value, since the data is econstructed. Also, as the data is transmitted, any “man-in-the-middle” sees only a fraction of the data.
The Fractionalized data is transmitted through an IP connection (Transmission Control Protocol) and split into several parallel connections. This allows the spreading of data across local or geographically dispersed servers, while splitting the networking traffic via indirect and direct paths, leveraging independent interleaving and other obfuscation techniques individually on each channel. Why? This technique defeats many hacker tools since they are typically reliant on observing and interrupting data flow, which is normally sent through a single channel due to router functionality.
The combination of system, process, or component identity, coupled with any other security-relevant contextual information such as location, time, previous logged communication behavior, and paths is used to make our unique authentication techniques called the Network Watermark. As part of the Network Watermark, an explicit authentication of both the user and the device is required. CODE-X begins by hashing metadata that represents packets received and/or transmitted over the communications channel. Then, unique system data and routing path identifiers indirect or direct of the packets is used to calculate the Network Watermark tag, which can be used as a type of certificate or other system verification mechanism. The Network Watermark creates a non-replicable, essentially “single pad” capability for communications, in many cases making public key encryption unnecessary.
The CODE-X decision engine examines the Network Watermark during the access request and compares that to the security policy for the data or resource being requested. It then makes a risk-informed decision on whether to allow access and sends a log entry of that access request and decision to be part of future suspicious activity analytics. This process is conducted for every individual access request to each sensitive resource and can be repeated periodically during extended access to a resource. Why? The Network Watermark is a unique and non-replicable capability enabling continual authentication and non-repudiation, among authorized people, processes, and components.
Intelligent Machine Authentication™
Since the Network Watermark is uniquely calculated at each end and never transmitted, it can be used as an authentication, like a certificate, key, or token to uniquely identify a transaction or transmission. The purpose of the Network Watermark is to provide a distinctive identifier to characterize the authorized communication channels and authenticate parts of the network to the system. Why? Authentication is a key component to providing a Zero Trust environment. This allows authorized people, systems, and components to continuously re-validate “trust” for each other, while “shunning” those that are unauthorized. Continual authentication allows for second-to-second reverification of identity and authority to operate in the system or network.
Measurement of Change
The Fractionalization, Multipathing and Watermarking of data over the network enables the integrated CODE-X components to instantly detect when system, process or data tampering is attempted. If the calculated “puzzle” changes unexpectedly, there are two possible reasons. The first could be a bit-error rate but given the quality of modern communication systems this is unusual. The more likely reason is intentional attack. As soon as this is detected, the system automatically repairs the problem and notes the anomaly. The warning can be transmitted to a Security Information & Event Management to ctively monitor the attack in real-time. The Network Watermark also provides a forensic capability based on the paths the packets of the communications traverse. Why? Assuming the adversary or malicious insider has compromised a system, constant and immediate detection of tampering or unauthorized activity is critical to the Zero Trust Architecture.