Overview

What does the Universal Key Exchange do?

Generally speaking, in cryptographic applications key exchanges are used to negotiate a secret symmetric key (a random number) between two users. The negotiated key is then used by other symmetric cryptographic primitives such as block ciphers, stream ciphers and hash functions to enable messages to be securely transmitted between users at higher speeds. In many cryptographic applications the identity of one or more of the users exchanging key material is authenticated as part of the key exchange. This is called an authenticated key exchange. E-commerce uses authenticated key exchanges to validate the identity of the website to the user.

The Synaptic Universal Key Exchange (Universal KX) is an online authenticated key exchange technology designed to enable any two users on the planet to securely communicate irrespective of the trust relationships the users hold with respect to each other, or with respect to any given online key exchange server. Technically speaking, Synaptic Labs' Universal KX is a distributed decentralised key exchange overlay network that enables secure and efficient communication between billions of users.

The Synaptic Universal KX is designed for use on low-cost smart cards and network attached hardware security modules. Secure desktop communications is enabled through the use of smart cards that run the Universal KX protocols.

What problem does Universal KX solve?

The Synaptic Universal KX solves several important problems:

• how to build a high assurance many-to-many key exchange that is secure against code-breaking quantum computers without the use of quantum physics
• how to create a many-to-many key exchange network with a 100+ year security rating over traditional data networks that can support millions of users
• how to securely initiate a secure communications infrastructure in a way that ensures that the technical administrators cannot subvert the system, even if they had access to a code-breaking quantum computer
• how to scale symmetric key-exchange protocols to create a distributed decentralised system of federated organisations of online relay servers in a way that can be trusted by all users of the system
• how to ensure global interoperability while simultaneously supporting autonomous local trusted zones of responsibility and private high assurance enclosures

What environments is Universal KX intended for?

The Synaptic Universal KX is intended to enable secure communications between everyone.

The system offers a very high level of security between individuals who have not previously met. The system has been designed to prevent collusion by the online service providers by exploiting the mutual distrust that exists between groups who will be providing services to the community.

Those seeking higher assurances of security against collusion have the ability to actively participate in the key exchange,  at very low cost, to guarantee its integrity.

The Synaptic Universal KX is a low cost solution scalable solution that employs off-the-shelf commercially available cryptographic hardware and standards based cryptographic algorithms and can be readily deployed internationally.

What applications is Universal KX intended for?

The Synaptic Universal KX is intended to be the interoperable back bone for global secure communication. The architecture can be extended using the Enterprise Key Exchange technologies to allow groups the ability to actively participate in assuring their high value security assets.

The Universal KX can be applied in a very large number of applications. Examples include:

• secure communications between people within a corporation or a small consortium
• secure communications between people inside a given industry or government agency
• secure communications between people from different nationalities
• e-commerce, secure e-mail
• ambient intelligence / sensor networks
  
• as a method of providing wider interoperability to Enterprise Key Exchange applications

What other components are required to make a complete system?

The typical online cryptographic system designed to enable secure communications between two users requires a privacy primitive (block cipher or stream cipher), a cryptographic hash function, a key exchange algorithm and may also use a digital signature algorithm.

Synaptic intends to offer the universal key exchange as part of a complete system that includes data privacy and data integrity operations that provide a higher level of security than currently offered by commercial systems that use standards based ciphers such as AES-256. For example the Synaptic Post Quantum Secure DES cipher (PQSDES) will enable interoperable communications between extremely low cost smart cards, ambient intelligence devices and desktops with 512-bit keys.

Can Universal KX use standards based cryptographic components?

Yes. Synaptic Labs' Universal KX can be deployed using the US NIST's strongest cryptographic primitives for data privacy and hashing: AES-256 and SHA-512 respectively. While it is strictly not required, the RSA algorithm present in smart cards will be used to provide an additional layer of assurance for the key exchange operation (that is, the Universal KX wraps around the inner RSA key-exchange operation).

How much will it cost?

Synaptic Labs' Universal Key Exchange will create a new commercial security ecosystem.

The system requires several independently managed online organisations to provide key-exchange services. Different organisations will be responsible for enrolling devices with different organisations in the ecosystem.

The real-world cost to the end-user is anticipated to be relatively low. There will be a one time cost in purchasing a preconfigured smart card and an additional transaction fee for each new introduction between smart cards that have not previously met. As mentioned before, each additional key exchange operation between those two smart cards will be without charge if they do not use the online servers to increase their security. Additional value-add services such as key strengthening and global identity-based encryption can be provided by the same online key exchange service providers.

Groups and organisations wishing to provide their own additional online key exchange services can take advantage of low cost smart card and rack-mount HSM to perform these operations.

Where can I register my interest?

We welcome all expressions of interest in our range of key exchange technologies. After your registration has been approved you may be provided with access to additional information such as slide shows and other technical documentation as it becomes available.

Further Information

Additional information is available via the menu bar on the right of the screen under the Universal Key Exchange menu item.

The Universal Key Exchange was presented by Synaptic Labs at the IEEE Key Management Summit 2010.  The presentation titled: "Synaptic Labs' global-scale Identity Management and Cryptographic Key Management Proposal" can be watched as streaming video here.

The Universal Key Exchange has been described in a short 4 page peer reviewed technical abstract presented at the U.S. Oak Ridge National Laboratory - Cyber Security and Information Intelligence Research Workshop. A longer and more detailed version of that paper has been published on ePrint.

Synaptic Laboratories and the Gozo Business Chamber (EU) have co-founded the ICT Gozo Malta cluster of excellence. This cluster of excellence will work in close collaboration with key Government and private stakeholders and leading International companies to develop many of Synaptic Labs' innovative technologies. The Universal Key Exchange proposal will be implemented as part of the ICT Gozo Malta Global-scale Cyber Security project and Exoskeleton extensions. The relationships between projects is visually illustrated here.