In computer networks, whenever one machine or application transmits data to another machine or application, the data is vulnerable to eavesdropping, interception, copying, modification, rerouting, duplication, deletion, or other potentially insecure actions. For example, when a server transmits application code, a secret or credential, or sensitive data to another server, a “man-in-the-middle” or another type of eavesdropper may potentially obtain access to the transmission before it reaches the receiving server. Such attacks or insecurities may arise at several points along the transmission path, including at the transmitting server itself, at one or more intermediary points along the path (e.g., servers that reroute the communication, proxy servers, etc.), or at the receiving server.
When one or more of these resources is compromised (e.g., with malware, an insecure application that may be exploited, privileged access rights, etc.), the data being transmitted becomes insecure. For example, an attacker may identify attributes about the data itself or its metadata, such as the identities of the sender and recipient, network addresses of the sender and recipient, the file size or data size, embedded credentials, timing or patterns in the transmission, and other attributes. Even if this transmitted data or metadata is encrypted, the attacker can still use these attributes to plan future attacks.
Existing techniques are inadequate to protect against these threats to the transmission of data, application code, secrets, and other communications. For example, encrypting the communication may raise the difficulty for an attacker to obtain the contents of the communication. But as noted above, even if the communication is encrypted, attackers can still use attributes of the encrypted communication as well as its metadata to obtain information they can use in orchestrating an attack. Moreover, if the attacker is able to gain access to the encryption key or otherwise penetrate the encryption scheme, the attacker will also be able to access the communication itself.
In view of the serious security vulnerabilities associated with transmitting data or other content across a network, and the technical deficiencies of existing security approaches, technological solutions are needed for securing the transmission of network communications. Solutions should not require preestablished trust between parties in the communication, since preestablished trust (e.g., between two servers) is cumbersome to implement and also gives rise to security gaps when an attacker compromises one of the trusted parties. Solutions, therefore, should be able to operate in a zero-trust environment, where parties involved in transmitting a communication do not necessarily have any trust relationship or even any prior knowledge of each other. Moreover, solutions should be able to securely transmit communications both within a particular organization or enterprise (e.g., within one company's network environment), as well as across different organizations or enterprises. For example, the techniques discussed below may be employed to securely transmit an organization's data among network resources of the organization itself, or may be employed to transmit the organization's data among network resources of one or more other organizations.
According to techniques discussed further below, security may be enhanced by transmitting communications in a manner where no network resource along the transmission path knows what resource is the final, receiving resource. In some embodiments, the identity of the recipient may be known only to the transmitting resource or transmission manger. Further, techniques discussed below allow for transmitted data to be broken or split into two or more pieces according to predefined algorithms, or randomly, such that the intermediary network resources along the transmission path also do not know how many pieces the data has been split into. In addition, the sequence of transmission along the path may be unknown to the intermediary network resources, and the data pieces may be encrypted such that intermediary resources can decrypt only one layer of the encryption before passing the data piece they received to another intermediary resource or to the recipient.
For added security, in some embodiments while the transmitting resource or manager may determine or learn the number of intermediary resources through which to transmit data, the particular path or sequence, or the identity of the receiving resource, the transmitting resource or manger may be configured to forget (e.g., delete) that information upon transmission of the data. In that manner, not even the transmitting resource or manager can be compromised as a vulnerability after a transmission.
Additional security may be added in embodiments where the receiving network resource itself cannot determine in advance from which other network resources it will receive portions of the transmitted data, or in what order. Indeed, the receiving network resource may not be configured to determine, or be capable of determining, how many pieces of the partitioned data it needs to receive in order to reconstruct the original transmitted data until the receiving network resource compares a hash of the received data with a computed hash and confirms that the two hashes match.