Trineba Technologies is Enabling a Brighter Future for Private Communications
Properly implementing cryptography in communications technologies is a problem for many developers. Cryptography itself is a study to become an expert on, and learning its ways and means can be like learning a programming language all on its own.
Trineba Technologies was recently well received at the 2015 RSA conference, and this is not in the least because they have a good business strategy. It is also because their technology makes compromising communications a monumentally new effort for bad actors. The technology behind what Trineba is offering is the brain child of CTO Aleksander Mancic, a man who says he came into cryptography almost by accident. Hacked recently spoke with him and CEO Trineba CEO Gabe Goldhersh via Skype.
Aleksander started in the field of programming as a 3D programmer and worked in that field for 15 years. While living and working in his home country of Serbia, his firm was working on a way to securely run distributed rendering, and they were having security issues. This is when he became interested in cryptography, as he says in his own words:
That’s when I got lured into cryptography. Then I developed a CCTV system in Belgrade for remote monitoring of premises and so on, and that’s when I got even more into cryptography. […] It was basically for a security company that was contracting with the government. So we had to follow some standards. So that’s how I started with cryptography.
A few years ago, I developed a system for self-verifying integrity of embeddable widgets that allowed you to actually embed an advertisement and a shopping cart within any website as an iFrame, that allowed instant purchases even if there wasn’t an SSL. That was vetted by McAfee and we got certification for that. I evolved the idea for a secure a secure and anonymous messenger and we had an initial problem with key exchanges and relying on certificate authorities and out of that idea, after a couple of years of brewing and now actually working on it, we developed the TrulyPrivate platform.
Gabe Goldhirsh also has a programming background, and he previously owned a small company that largely contracted with the US government. He sold his company to the KEYW Corporate in late 2012. One of the pieces of software they developed enabled analysts to put together mission plans for combat units with relative ease by using aggregated data the software was able to sort and utilize. At KEYW Corporation he oversaw the analytics portion of his company’s software being transferred into a more cyber-security focus and helped launch the company’s commercial company, Hexis Cyber Solutions.
He was brought on as CEO because of his experience successfully running a security-minded software firm in the past, and potentially because of connections he might be able to leverage to further the mission of Trineba.
Truly Private API and Communications Platform
Trineba has developed a platform that allows organizations to decide how many layers of authentication they want to implement. The keys are generated and can be transmitted over several different channels, including SMS or even a Facebook message, for the user to be granted access. All channels would have to be compromised at the same time for a user to be eventually compromised. This makes it far more difficult for an attacker to gain complete access, as has been done with other security protocols. They focus largely on huge clients, such as banks with high-wealth clients who do not trust technology at all. This is a high-tech way for such clients to be able to access information and communicate with their financial institutions securely, much faster than the ways they currently find acceptable.
Goldhirsh gave an example of how a bank might be able to use their technology to authorize a transaction.
There’s a lot of time lost in transacting with those folks. So what we had in mind to do was enable those banks to create a direct line of communication over a trusted platform, where no data is being monitored, no identifying data can be captured. […] One of th banks we’re working with will be using three cryptographic keys. One of them would come from the download of the application and verification of the server. Another one would be sent over SMS. And a third one would be by a QR code that’s printed up in real-time from a bank teller. And the idea is that at that point, you can be pretty sure that no actor could intercede between the communication between the bank and the actual user.
He clarified that someone could still potentially compromise an IT administrator at the bank, but those situations already have many existing channels for being dealt with.
Standard Cryptography Brought to the End User
One of the driving goals of Trineba is to make using systems securely as simple as possible. And, to encourage development on their platform, they are offering free developer licensing indefinitely. This will enable firms that are interested in utilizing their stuff the opportunity to try it out with no risk. Once they actually consider using the API, there will be costs associated with expanding it, things you just can’t do with the developer license. But these are industry competitive.
Talking to these gentlemen from Trineba, Hacked certainly got a sense that they are doing their best to innovate within their space. The kind of clients they are looking to service and the amount of investment interest they have already received make it seem that they could become a big player in the industry in the months and years to come.
They have already developed two applications in order to demonstrate the capabilities of their platform. They call it “Truly Private” because the channels transmitting the data have no way of knowing whose data it actually is without several authenticating keys. They admit that, like all things in security, you can’t program the user out of the equation. User error will always be an issue. This is part of why they want the system to be as easy to use as possible for the end user.
Images from Shutterstock and Trineba.