Technology

Snowpack uses a Technology so powerful that Trust is unnecessary. 

 Our patented solution brings both conceptual and practical innovation to ensure you don’t need to trust anyone.

Why creating Snowpack ?

From a conceptual point of view, although they rely on similar or even identical technologies, privacy and security are nowadays separate or even antagonistic properties. Privacy is often a by-product of security technologies (typically VPN services or even Tor). Snowpack starts from the idea that in order to attack a content, one must first be able to identify it. Its concept is therefore based on a mutual reinforcement of these properties.

In practice, Snowpack brings a radically different approach to the threat model of network security and privacy technologies, which are essentially based on encryption techniques (E2EE, VPN). Today, end-to-end data flows contain all the information. In theory, the current symmetrical flow encryption mechanisms (e.g. AES 128 or 256) guarantee a very high level of information security because brute force attacks are in practice impossible. However, the public key exchange mechanism offers fewer guarantees. Moreover, history has shown that attacks can still be conducted: man-in-the-middle, vulnerability in pseudo-random number generators, attacks on certificates, or directly on keys. In general, encryption will rely on the principle of trust in the PKI infrastructure and/or technology providers. An alternative approach to prevent this type of attack is to circulate complementary information on separate routes with secret sharing. Accessing the information then requires identifying all of the complementary fragments (our snowflakes), as retrieving the original information by intercepting a single fragment (or n-1) is impossible. This idea has been explored since the early 2000s and has been subject of a large number of publications and even a few patents. However, since these fragments are transferred directly via classical protocols or more advanced ones such as mptcp (multipath tcp), an external observer can easily detect the complementary fragment(s), especially by observing the traffic concentration areas (backbone, submarine cables…). Snowpack introduces a new approach by making these fragments anonymous and circulating them on anonymously created circuits.

Thus, an attacker using classical “industrial” probes on the backbone will certainly have a high probability of “seeing” the complementary fragments, but since they are anonymous and similar (same size, no intelligible content), he will have to recombine them with all the others in order to identify complementarities. As the traffic factorial grows much more strongly than the computing capacity, a brute-force attack becomes unrealistic. In practice, Snowpack will also implement 3 additional encryption levels (between nodes, at the fragment level and at the packet level) to provide privacy performance natively on each circuit equivalent to the Tor platform. The first level is already implemented and we are pursuing research activities to define the best approaches for the additional levels.
The only realistic way to conduct an attack is for the attacker to get close to the targeted user, i.e. to control the edge of the Internet. However, such an attack is not industrializable, even for attackers with almost unlimited resources such as states, especially the foreign ones.

Overall, our architecture makes possible to introduce the notion of “Beyond Trust” or “No Trust” to the ICT sector. Indeed,  Snowpack architecture guarantees by construction that none of the system nodes is able to have the complete information. Thus, provided that the infrastructure is sufficiently heterogeneous, an attack by compromising the infrastructure becomes impossible. As a result, thanks to Snowpack, users do not need to trust the hardware and software infrastructure, including the security and Snowpack layers.

What is Snowpack ?

Similar to VPNs or anonymization networks, Snowpack is fully transparent for applications. Network heterogeneity is an important element which re-enforces security. As such, Snowpack network is made of nodes fully operated by Snowpack, others deployed at customer’s premises (for customers requiring the highest level of security) and finally some at independent operators. Two different nodes can be distinguished: S-node which can be consider as a relay and Holonode which is used for the Privacy/Browsing mode. A customer establishes a “route” consisting of at least two “ways” by choosing a subset of nodes. These circuits are built anonymously via an auto-discovery mechanism. All the IP packets exchanged by the client and its interlocutor are then “separated” into complementary fragments by secret sharing that circulate along the circuits. Since these fragments are anonymous, a node can neither identify the end-points nor access the content in any way.

snowpack vs traditional routing

Communication Protocol

Privacy / Browsing mode

In the privacy mode, Snowpack allows users to create their own hologram to contact Internet services. This hologram is then considered the correspondent of the service and allows to guarantee the anonymous navigation of our user. 

The user selects the S-nodes he wants to use to create his routes as well as the holonode which will serve as his hologram to communicate with the service.

  1. He then creates his circuits with the input nodes of the network.

  2. Then he anonymously creates circuits between the following nodes.

  3. The user designates a “master” node, S-node3 in the video, which will be responsible for reformatting the message. To be able to do so, it must find the complementary route which is achieved thanks to a self-discovery mechanism based on secret sharing message exchanged on the complementary routes.

  4. Each of the exit S-nodes receives the information of the holonode to be used and creates a circuit with it to recover the output messages.

During a communication, the user fragments the message into complementary fragments that he sends on separate routes. Each node relays to the next node and when S-node3 has received the two fragments, it recombines them and sends the message to the service by spoofing the holonode address. The service then considers it is communicating with holonode and sends its response back to holonode. From there, holonode fragments the message and sends a fragment to each of the S-nodes to which it is connected. The S-nodes then route the message to the user who only has to recompose the message.

Communication privacy is guaranteed against a possible network node compromise thanks to an architecture built to prevent any network element from having access to all the elements of the communication: {Sender, Recipient, Message content} as shown at the end of the video.

Security / Peer-to-peer mode

In the peer-to-peer mode, both parties aims to connect anonymously and securely. First, they establish independently circuits up to the middle of the Snowpack network. Then, thanks to a self-discovery mechanism based on a defined secret, exchanged through a secure channel, the two pieces connect to each other. The connection is established. The connection is then fully bi-directional.

Trust Rings

Create communities where users can anonymously share sensitive information

Pain point

Critical information like successful hacking can’t be shared publicly reinforcing hackers’ ability to repeat attacks. Therefore, how can organization share this type of information as required by NIS Directive while mitigating reputation and legal risks?

Solution

Snowpack can ensure full anonymization of certified users in a given ring as well as the security of the data shared. As a result, information can be shared while ensuring it only benefits to trusted partners.

Benefit

Ensure anonymity of the users in a closed-community

Secure Enterprise reputation whilst disclosing sensitive information that benefit to the entire community.

Telecom

Counterbalance MPLS business erosion and create SD-WAN based opportunities

Pain point

Driven by Cloud adoption, SD-WAN rise completely disrupts legacy MPLS business forcing telecom providers to massively decrease price. Therefore, how can they protect their revenue base and transform SD-WAN revolution into an opportunity?

Solution

Snowpack provides a much higher level of security than traditional MPLS based encryption. By implementing Snowpack on their internet offers, Telecom providers can prevent customer churn and win new business with new added-value offers.

Benefit

Create new highly secured internet-based offers

Avoid existing customer loss

Cybersecurity providers

Guarantee customers their data remains safe even if infrastructure is hacked

Pain point

Even the best cybersecurity solution can be hacked (VPN, hardware, software compromission). Therefore, how can data safety be fully ensured?

Solution

Hiding Snowflakes into trillions of other similar Snowflakes, makes impossible for hackers to reconstitute original data. Even within a compromised infrastructure customer data is secured.

Benefit

Data invulnerability

New business opportunity for cybersecurity providers

Energy - IoT

Protect electric meters from hacking

Pain point

Energy providers and suppliers develop everyday new IoT based solutions to seduce their customers. Therefore, how can they defend those devices against hacking?

Solution

Snowpack makes devices invisible. Once an IoT device can’t be accessed nor found, it is impossible to hack it.

Benefit

Protect country critical assets

Secure customer data integrity and prevent national regulators fines

Oil & Gas

Digital oil field

Pain point

Oil field are complex to manage and need to send massive data to HQ supercomputer in order to efficiently manage the fields and make the best productions decision. If data is hacked or production streams are blocked, impacts are worth hundreds of millions. Therefore, how can Snowpack help secure Digital Oil Fields?

Solution

By deploying Snow Enterprise in oil fields, the data sent becomes immediately invisible even through internet. Data is secured, oil fields are protected.

Benefit

Support preventing Colonial Pipeline like attacks.

Ensuring core Oil & Gas producer’s assets are secured

Retail

Strengthen infrastructure robustness by reducing attack surface

Pain point

With Cloud-based solutions rise, homeworking and the need for agility, Enterprises have massively increased entry points in their network, creating multiple hacking opportunities. Therefore, how can retail business protect themselves against this threat?

Solution

Snowflakes don’t carry sender and receiver information, nor they carry the routing path. Sender and receiver only know half of the routing circuits until the meet-me-point. Therefore, attack surface is hugely reduced, counter-balancing WAN entry points multiplicity.

Benefit

Reduced attack surface

Better WAN protection

Manufacturing

Protect Intellectual Property against piracy

Pain point

Manufacturing companies must implement capabilities everywhere in the world, including in countries where their IP can be hacked. Therefore, how can they grow their business whilst securing their Intellectual Property ?

Solution

Each Snowflake is unreadable as such. As a result, Enterprises can safely share their most critical data between HQ and remote countries: even if hackers look at it in the network, they won’t be able to read the data.

Benefit

Intellectual Property secured

Safely develop business in attractive but unsecure markets

Industry R&D

Secure collaboration with key suppliers

Pain point

R&D investments cost Billions of Euros and require strong interactions with external partners. Therefore, how can an innovative company ensure their most sensitive projects or knowledge are not copied ?

Solution

Snowflake anonymity (no sender or receiver info specified on packets) ensure hackers can’t isolate traffic between 2 specific entities. Data exchange is secured as hackers can not identify traffic on IP networks.

Benefit

Secured communication with external partners

Protection of share value impacting projects

SIs
-
Consultancy

Create competitive differentiation and drive business opportunities

Pain point

Each SI and consultancy firm work with similar equipment and solution providers. Therefore, how can a company differentiate from its competition?

Solution

With 4 years of R&D and 3 patents filed, Snowpack is bringing a new and unique solution to the market by leveraging both Security and Privacy. SIs and Consultancy firm can benefit from this innovation to propose new solutions to their customers.

Benefit

Create specific USPs to stand out from the crowd

Up-sell on existing customers

Banking

Enable banks to industrialize IBAN fraud detection

Pain point

IBAN transfer fund fraud cost banks 250M€ / year in France only. Due to GDPR and bank secrecy, banks can’t share the fraudulent IBANs and protect themselves against fraud. Therefore, how can banks work together to reduce fraud?

Solution

Snowpack anonymization removes regulatory critical information and makes data compliant. This enables banks to create and share databases. Banks can check fraudulent known IBANs and create a new level of fraud protection.

Benefit

Cost savings against fraud

Reputation preservation

Defense

Secure and enable critical communication in any kind of environment

Pain point

Defense organizations must be able to transfer critical data with absolute certainty they can never be identified. However, they can’t always control the environment they operate in. Therefore, how can these organizations provide secure communications wherever and whenever needed?

Solution

Thanks to its anonymization process, Snowpack ensures that both users’ identity and data shared are fully invisible even when information is sent using the most simple and remote internet connection available.

Benefit

Allow anonymous communication anytime, anyhow, anywhere

Ensure full privacy and data security

Energy

Protect Smart Grid

Pain point

Smart Grid manage more and more critical activities of our economy. Paralyzing these core elements would massively impact companies and / or country operations. Therefore, how can Snowpack help to protect those assets?

Solution

Protecting smart grid access to public internet as well as any smart grid interconnection by making them invisible prevents hackers to step into the smart network.

Benefit

OIVs compliance to regulation

Secure most critical states infrastructure