Q&A With Anthony Scott Thompson – Introspective Networks

Aviva Zacks Aviva Zacks

Safety Detectives: Please share your company background, how you got started, and your mission.

Introspective Networks: The company was formed in 2013 after parting from Level 3 Communications. I, the founder and T-CEO of Introspective Networks, had been creating global mission-critical distributed systems at Level 3 for 13 years ranging from data collection to network provisioning. Most of this work was also sold as a service to large customers like EDS, Microsoft, Internet2. The goal of founding the company was to create a generic distributed framework for the Industrial Internet of Things (IIoT). We filed our first provisional patent application on that concept in January of 2013. Just weeks later, the NSA leaks came out. Doing some quick research, it was clear that methods were being leaked which, looking at this historically, made this a ground zero event for the cybersecurity issues we face today. For myself, this was a call to action.

Having had several undergraduate and graduate classes in encryption, I understood two things: Current encryption “standards” are nothing but a complex algebra problem and, with the right level of resources, could be defeated like Turing’s Bombe Machine famously defeated the Enigma encryptor in WWII. The fact you are standardizing the calculation makes it completely vulnerable not to cryptanalysis, but simple mathematical proof. There are only two variables to solve for: a key of some kind and the data. This is simply solving for X and Y. I took note of this in the ’90s during my encryption studies which include the then soon-to-be AES standard. During those studies, I also took note that the One Time Pad (OTP) aka Vernam Cipher was the only known cipher that can not be broken, even in theory.

With this knowledge, it started to become clear that the encryption standards were designed to be cracked. Because of the power of computers in the ’90s and early 2000s, there was a barrier of entry to be able to crack the encryption with commodity hardware. That all changed around 2007-2009. Even Bruce Schneier, one of the top cryptographers, caves to this reality on his blog. The big issue was the advent of graphics processing which includes single-instruction/multi-data (SIMD) processors. These are really good at doing linear algebra very quickly using massive parallelism – doing many things at the same time. Linear algebra is the study of doing algebraic calculations in parallel with vectors. This is designed to do calculus for modeling and is a key component to how 3D rendering first-person gaming and simulations works and looks so realistic. Not only were you getting the parallelism of using a Vector, but there were also massive numbers of these SIMD processors being added to graphics cards in the form of GPUs. At that point, anyone could potentially create a cracking machine with commodity hardware that would be fast enough to crack AES in software with proof for AES. Brute Force Attacks – the method of using all possible key combinations—also would be possible at data-center scale with massive numbers of GPUs. I followed all this as a side curiosity during the 2000s, understanding from the 90’s just how vulnerable we were with regards to calculated encryption and data interpretation on the Internet.

So, back to the 2013 leaks, it started to become clear that the “security” of AES 256 was likely propaganda. While the AES calculation was complex, it was standardized to the point in the U.S. of becoming a compliance requirement. This makes building a cracking machine based on algebraic proof quite possible. Also, all of the methods for offensive attacks, backdoors, and other NSA capabilities had been revealed. The provisional patent just filed weeks before would not work without something akin to perfect security for data in motion.

Noodling on this for a few weeks, I filed the provisional patent for Streaming Transmission One-time-pad Protocol (STOP). (Credit for the catchy acronym goes to Steven Cummings—the company Co-Founder.) This solved the classic “key exchange” problem in a practical way allowing an OTP to be used in the network directly.

Around 2016, after several visits to the USAF 688th Cyber Wing, two things became clear: we were on to something as there were concerns about this technology blocking ill-advised offensive capabilities and, because of this focus on offense, the cybersecurity calamity we are seeing today was about to happen. We were told by the Director of the 688th to stick with it as there would be a day soon when the country would do a hard pivot from cyber offense to defense. The country would need a working solution. With this understanding, we formed a dba—Introspective Networks—and pivoted to focus on building products around STOP technology. The U.S. hard pivot just mentioned is happening right now with a May 12, 2021, executive order.

SD: What is the main service your company offers?

IN: Introspective Networks offers Next Generation Private Network (NGPN) services through the SmokeNet line of products. SmokeNet service transcends the security offered by VPN services or even private lines. This is a foundational technology for the upcoming Zero Trust Architecture cybersecurity methods.

SmokeNet removes trust in the public Internet as well as calculated encryption – a method that will always be theoretically insecure. SmokeNet has a military-grade, independent assessment that shows it has zero network vulnerabilities. It also uses the strongest known encryption cipher. This is the same encryption technique used for top secret information worldwide for over 100 years. This is the first time this level of encryption has been offered to the public. SmokeNet is a cloud service with edge devices that provide access to the network.

Business users with Internet access can create private networks quickly and efficiently. The complexity of the network and its configuration can be changed as your business grows. This scales to all sizes of networks. You can also have discrete SmokeNet virtual LAN networks inside an existing SmokeNet network. This allows your Zero Trust Architecture to create discrete networks based on your security needs. This can be by group, department, or even project. Networks can even be brought up and down to provide spot networks for private virtual meetings. Imagine your Zoom-style meeting being inside a private network that can provide further protection against even insider threats.

Personal users get their data anonymized by hiding the user’s location and mixing internet traffic with other users. It also separates your devices from all the low-security devices connected to your home network. This is a different level of home security and is a base technology for personal privacy. From the Internet, no one will be able to determine your location or collect your data. Private VPN, realistically, provides neither. VPN actually puts all your data in a static stream making it easy to intercept all of your internet traffic. It uses calculated encryption that is forever theoretically not secure. Why would you use something that is theoretically insecure when you can utilize encryption that can not be cracked; even in theory? The reality is you wouldn’t.

SD: What is something unique that helps you stay ahead of your competition?

IN: There are two main differences between SmokeNet and standard VPN services:

  1. Moving Target Defense (MTD) – This removes all current network attack vectors including data recording.
  2. One Time Pad (OTP) encryption – This removes all decryption threats including by Nation-State actors, massive-scale parallel processing, or even the growing Quantum Computer threat.

This is complete protection for data in motion with a multi-patented, mature solution.

SD: What do you think are the worst cyberthreats today?

IN: Internet data in motion not using SmokeNet is completely exposed. If the public realized how bad this situation was, it would have massive economic ramifications. This is starting to get reported but the public should be aware that the entire tech industry, including online shopping, does not appear to care about the risk they are having consumers and companies take.

Firstly, data going across the internet natively can be recorded. This is not difficult to do. Anyone with access to a core internet router, including small ISPs, can request your data by just knowing your originating port (think port 80 for web browsing) and your internet address. They will get a copy of all of your web traffic. Data can also be recorded with a Man in the Middle attack. The middle man can keep a copy of all the data it is collecting even if it is encrypted. Decryption can happen at any time in the future. For data with long-term value like passwords, bank account information, and credit card numbers this is a major issue. You can guarantee there are criminals banking data right now. MTD stops this as the port remains unknown so attacks relying on a port (like data copy/recording) will not work.

The second problem is encryption. As aforementioned, calculated encryption, like any other calculation, can be solved. This appears to be by design so nation-states can surveil data in motion. The 2013 NSA leaks show that spy agencies in the US and UK had the ability to crack encryption. Nation-States do not need to rely on commercial hardware so, given the revelations from the 2013 leaks, it seems reasonable that the U.S. develops the ability to crack encryption before it is standardized.

The first problem has been an issue since ARPANET was turned over to the public. The ability to get copies of data from a core router is actually codified in U.S. law. What is confusing is the apathy of the media. It does not feel like the right amount of attention is paid to these very serious issues. Many are starting to conclude that this is nearing conspiracy levels of complacency based on the economic implications of the truth being revealed. This, along with the focus by the NSA on offense, has led to the Solar Winds attack leaving the U.S. government completely exposed.

Our mission with SmokeNet has been to be ready for the time when the U.S. moves to defense. This appears to have happened which has spurred MITRE and NIST into action. Introspective Networks is engaged with MITRE and starting an engagement with NIST. The switch to cyber defense is starting and we are prepared to meet this challenge.

About the Author
Aviva Zacks
Aviva Zacks
Cybersecurity Expert and Writer

About the Author

Aviva Zacks is a content manager, writer, editor, and really good baker. When she's not working, she enjoys reading on her porch swing with a cup of decaf.