Protect your valuable data
Encryption means security
Cyber attacks are hardly headline worthy anymore - they are almost part of the daily news. Companies are forced to make their IT security as unassailable as possible. Central to this is the protection of the data that is transported via your networks: Seal off your sensitive information so that hackers have no access. This is possible with graduated encryption solutions, which we implement precisely for your security requirements.
Unprotected data can be read or changed by hackers
If data falls into the wrong hands, losses are imminent that can be associated with incalculable costs and even insolvency. It is generally known that data transmission via the internet is insecure. But even carrier networks, which are used for company and data centre interconnections, are not secure per se. And this applies to all transmission lines, even optical connections. Because by means of certain techniques, unauthorised persons can read or record the data streams and filter out specific data. In addition, data can be changed during transmission and recorded data can be retransmitted.
Standard encryption with AES-256Bit
For standard encryption, we use the AES-256 method recommended by the German Federal Office for Information Security (BSI), whereby data is encrypted in real time before it is transported over the data line. AES-256 supports a variety of protocols on different transmission routes. The encrypted data is practically impossible to decrypt with today's computers in a finite amount of time.
The so-called Diffie-Hellmann method is currently used for key exchange. Random numbers, which are generated by a software algorithm, play an important role here. For even more security, the key is changed frequently.
For particularly high security requirements, we offer encryption solutions that are approved by the BSI for the classification levels VS-NfD, EU restraint and NATO restricted. In an elaborate process, the BSI not only checks the hardware structure of the solution, but the manufacturers must also disclose the source code of the software. This prevents vulnerable vulnerabilities and backdoors. In addition, a special hardware random number generator is prescribed, which supplies the Diffie-Hellmann method with random numbers for key generation. In contrast to a software implementation, the random numbers are thus not predictable for attackers.
Hackers are already looking forward to quantum computers
Quantum computers are already in the queue: work on the development and marketability of the computing giants is underway at full speed. Attackers will not miss the opportunity to use the power of supercomputers for their machinations. There is a danger that they will be able to decrypt recorded data from today without any problems in a few years. Experts agree that data encrypted with AES-256 is not at risk in the foreseeable future. However, the common key exchange methods (e.g. RSA or Diffie-Hellmann) can probably be cracked by quantum computers.
It is best to protect your data now against the attack scenarios of tomorrow. With innovative procedures that make your sensitive company information quantum-safe.
Quantum Key Distribution for optical connections
With Quantum Key Distribution (QKD), the previously common key exchange is supported by a key transmission that makes use of the approach of quantum mechanics: The reading of the data can be recognised as a change and the key can be discarded as compromised. This technique works on optical connections - i.e. typically via optical fibre. In simplified terms, the transmitted photons are counted at the sender and the receiver. If the transmitted key has been read, photons are lost. The encrypted data exchange can therefore already be aborted in case of suspicion.
Post Quantum Cryptography for all transmission types
Post Quantum Cryptography (PQC) is an alternative to Quantum Key Distribution. Algorithms are used for key exchange that are assessed by the BSI as quantum secure (e.g. McEliece or Frodo). A complex mathematical procedure is used here that can be used for numerous types of connections between encryption devices. In contrast to QKD, no additional hardware is required here.