AKRON C4SEC products are designed to allows a user to securely connect a PC Client to a network. The connection is established across a VPN over a public network (internet) with absolute confidence. As a result, the user is able to reach all the services available within the protected network (voice, video conferencing, File Sharing, Mail, etc.) in a safer and controlled approach.

The solution is able to integrate itself with any existing cyber security infrastructure ensuring compliance with security features and policies.

KEY POINTS

The Shield Family Products are an innovation in the current cyber security market.

Main points are:

• Protection of communications through robust cryptographic algorithms

• Overcoming key distribution vulnerabilities with key agreement mechanisms

• Capability to interface common services (VoIP , VTC, File Sharing, Mail, etc.) available in any network infrastructure

• Isolation and defense capability of the Client System

• Low power consumption (USB port supply)

• Extreme portability to allow a simple remote use

In addition to increase network security, it is also possible to decrease network infrastructure costs bypassing high-priced systems, often inefficient, for cybernetic protection of the whole system.

OPERATIONAL CAPABILITIES

It is possible to identify the following operational capabilities:

• User identification via token hardware

• Crypto-Hardware Authentication

• Automatic renewal of cryptographic keys used by Shield Family Products at each session

• Traffic data encryption on the Crypto-Hardware with secure encryption keys, always different to prevent the comprehension of possible data to be filtered during their transfer

The system features provided guarantee the canonical security aspects:

• Identification

• Authentication

• Access Control

During the data transfer phase it's guaranteed:

• Confidentiality of information

• Integrity of information

• No Rejection

THREATS RESPONSE

The Shield Family Products system as a whole will respond to the threats listed there:

Masquerade

Inability for a hacker to imitate a false identity. In the system, each user will always be identified with a strong authentication and the entire communication session will depend on the outcome of the identification, authentication and key agreement phases.

Spoofing at Application Level and IP, TCP and UDP level

It will be impossible alteration of identity at the application level, or IP, TCP and UDP. This is because any alteration of a packet or datagram on the network will make communication unintelligible, as undecipherable, then altered packets will be automatically rejected by the system. In addition, being encrypted packets on startup, it would be impossible for a hacker to locate the exact points where to modify the information.

Replay

In a replay attack, the hacker catch data on the network retransmitting then the same at a later time and get the desired responses with the encryption system in question, any data on the network will be treated with a very high random encryption. Thus, an always equal number sent n times will appear n times different on the same network connection, so a possible replay attack will be useless because the data sent will be indecipherable to the recipient.

Man In the Middle

It will be impossible to make a Man In the Middle attack by using the key agreement mode implemented in the cryptographic system.

Data Sniffing

All network data will move encrypted with a strong encryption algorithm and cryptographically secure keys with a high degree of noise. Even if network information will be captured, they would not be decipherable in any way.

Physical Theft

It is impossible for a hacker to compromise the privacy and integrity of the PC Clients in the case of casual possession of the same.