The Tempered Networks Solution

The ongoing digitalization of information has posed a number of challenges for organizations of every size and industry. Cloud storage, an increased need for mobility, and big data analytics are just a few of the areas where organizations face many challenges when it comes to digitally storing and managing their information.

Unfortunately, increased connectivity naturally leads to increased complexities within networks – complexities that can leave organizations highly susceptible to cyber attacks from malicious outside parties.

Furthermore, the problem goes beyond human or technological error. In fact, the root of the problem lies within IP’s own shortcomings. Since the dawn of wide area networking – where connectivity was limited strictly between networking PCs and their servers – the Internet has evolved to the version we are familiar with today: TCP/IP. This model’s primary focus has been on networking everything (e.g., mobile devices, IoT nodes) as businesses and organizations look to increased connectivity to reduce costs and increase efficiency within their networks.

The problem is that TCP/IP was not created with security in mind. Therefore, as the number of devices on a network increases, so too does the vulnerability to cyber attacks that can severely damage an organization. In today’s climate, traditional IP networking is not enough to ensure network security. The answer to these challenges is a trusted networking architecture model based on cryptographic identities.

This trusted networking architecture model moves beyond the restrictions of the old address-defined networking paradigm of TCP/IP by instead using an architecture that is built with security and mobility at its core. The reason is that it does not blindly network everything with an IP address like TCP/IP. Instead, it offers a network of only provable host identities. In other words, it delivers networking of only trusted and cryptographically identified “things,” allowing organizations to use a network that is more secure and flexible than the traditional TCP/IP model.

Since the 1960s, when computer scientists established the basic framework of IP networking by running an experiment that connected one computer to a different computer in another building, TCP/IP’s focus has been solely on connectivity – not security or mobility. IP addresses began to take on a dual function, determining both the name and location of a device connected to the Internet. While location should have been the lone function of an IP address, the dual-use function leaves networks vulnerable when it comes to mobility and security.

While IT teams can take measures to counter the security shortcomings of traditional networking to a degree, protecting a TCP/IP network is complicated, time-consuming, and meticulous work that requires lots of resources and daily modifications. These unnecessary costs and lost hours can be remedied with the implementation of the Tempered Networks Solution.

Tempered Networks is the first organization to commercially offer the Host Identity Protocol (HIP), an open standard network security protocol that provides provable host identities. This technology has been recognized by the Internet Engineering Task Force (IETF) as the next possible major improvement in IP architecture, making HIP a true paradigm shift in networking that solves the fundamental security flaws of TCP/IP. HIP was formally ratified by the IETF in 2015, capping 15 years of successful development and deployment in coordination with several major companies (e.g., Boeing, Verizon, Nokia) and standards bodies (i.e., Trusted Computing Group, IEEE 802).

Instead of using the flawed dual function of the IP address, HIP assigns identity with 2048-bit RSA public keys and assigns location with the original IP address. These identities are permanent, location-independent cryptographic identities that are connected to machines or networks, enabling security by default with verifiable authentication, authorization, and host-to-host encryption.

Within TCP/IP, there are two globally deployed namespaces that allow Tempered Networks to uniquely identify a host or service: IP addresses and DNS names. However, due to the fundamental flaws of TCP/IP, both namespaces are problematic for networks. HIP introduces a third option for namespaces: the Host Identity Namespace (HIN). The HIN is compatible with the current namespaces, providing global IP mobility and overcoming many of the fragile and costly challenges of traditional TCP/IP networking while offering security policies based on unique cryptographic identities.

HIP is deployed between the network and transport layers of the Tempered solution. The network’s applications and transport protocols then use the host identity tag in their traffic instead of a device’s IP address. Each host now has its own cryptographic identity on the network, while the IP address is used only to determine location.

The fabric is non-disruptive and can be deployed over any IP network across all networking domains (physical, virtual, and cloud). Unlike traditional IP networking approaches, our solution requires few (and sometimes zero) changes to the underlying network or security infrastructure.

In an identity-first architecture, all provable host identities are centrally managed through the Conductor. The Conductor is a powerful management and orchestration engine designed to easily manage a network, regardless of how many devices are part of it. Our HIPservices are software products delivered in different forms to support our commitment to securing any device, anywhere. Tempered's fabric allows our HIPservices to deploy in ways that are compatible with all devices and able to securely manage a network across physical, virtual, and cloud environments in a practical and easy manner.