Non-attributable Virtual Dissimulate Encrypted Server with Post Quantum Decryption Resistance Algorithm
The Virtual Dissimulate Encrypted Server was designed as a new approach to solve one of the most critical segments within the Cyber ecosystem. Protection and security of the unique address that identifies a device, server on the internet or a local network.
For the past two decades the IT and Cyber industry has created and implemented numerous layers of securities at the Open Systems Interconnection (OSI) model. Whether it is the network layer, or the application layer, firewall rules, virtual Lan separation or another anti-virus, anti-malware signature, the industry kept building on the same core infrastructure as onion layers. The definition of a good cyber security posture is “the more layers the better security”.
At CIS, we know that the current concept of layered security within the OSI model is still a temporary solution. If a state-sponsor, effective adversary allocates the necessary resources, means, and time – it is still just a matter of persistence to take down sequentially one layer at a time regardless of how sophisticated their security design.
We look at this problem with a different approach. We “think out the box” and created something different from the core itself. We developed and engineered the VDES design based on a unique concept “it’s difficult to attack something if you are not aware of its existence”.
Solution Concepts and Components
The VDES server is designed to obfuscate the real end point IP address of a landing server. VDES assumes the role of traffic redirector by accepting a connection from end-user devices, generating an encrypted tunnel over a private IP scheme, and re-routing the traffic through an encrypted tunnel to the destination IP platform.
The VDES server is configured with multiple security layers revealing only two open ports as seen from an outside cyber scan. After an initial assessment, it appears the server is running a web server on a proprietary port while blending in with cyber space noise while sporting no proprietary digital signatures.
Inside the VDES resides a proprietary VPN server configured with post-Quantum attack resistant technology: Kyber-1024, NIST Security Level 5. The server generates one PQC certificate with no DNS resolution. The certificate is then exported and hard coded onto the real Destination Server (blockchain servers, Web server, VOIP server, Citrix server, database server etc.) that must be protected and obfuscated. Once a symbolic link is created for the PQC certificate connection to the VDES, the destination server becomes a non-routable object within the cyber ecosystem. Therefore, the IP address of the destination server can no longer be seen from the outside cyber world, also known as a decoy obfuscation tool (DOT).
From the user’s perspective, when a device initiates a request to the destination server, the request is sent to the VDES server, the VDES server generates a PQC tunnel to the destination server and redirects the request through the PQC tunnel to the destination server. The destination server then responds through the same tunnel back to the VDES and back to the origination device request.
The VDES infrastructure is designed and configured based on the highest security standards, with multiple layers of protection and an Intrusion Detection System (IDS) in place.
Unlike any other providers, once the infrastructure is established, the customer has direct access to the dynamic VPS’ server logs via an SSH key for monitoring live activity and traffic control. CIS performs the management, maintenance, and upgrades of the servers’ proper functionality; however, the customer has direct access to the VPS live logs to ensure privacy and security.