"Whitenoise is an efficient and cost-effective algorithm for securing direct communications from point-to-point over different media. It is also ideal to be utilized to create a secure network layer for the Internet."
-Dr. Issa Traore, Michael Yanguo Liu, University of Victoria, February 2003

White papers

Patents

Conference Presentations

Telecom/Enterprise Product/Service Offerings

Technology

White papers

View a brief description of the Whitenoise Algorithm (Presentation)

Paper on Whitenoise 3 Byte Substitution (PDF)

The following was written as a response to the purported break of Whitenoise by Wu. To put things into the proper context a little history is required. When Whitenoise was first designed, 3 distinct variants or versions were proposed, each with the same core whitenoise internal keystream generation but different de-linearization layers. The second variant, Version 2, uses 3 bytes in its de-linearization layer, using a suggestion from Wu to solidify that the output was secure. This is what we use in our applications. Version 1, the one attacked by Wu, had a simple substitution as the de-linearization layer and was only proposed to simplify cryptanalysis and academic interest.

Response (PDF)

Security Evaluation of Whitenoise™ - David Wagner (PDF)

Biography of Assistant Professor David Wagner

David Wagner of the University of California, Berkeley, an Internet and Computer Security, Wireless Networks and Cryptography expert, established his reputation in cyber-security at the age of 21 when, in 1995, he cracked Netscape's software security code that was designed to encrypt credit card numbers. He since has drawn attention to other security flaws, warning of privacy and fraud risks in encrypted cell phone conversations and of security vulnerabilities in wireless computer networks. Most recently, he co-authored a report disclosing serious flaws in a federally funded Internet voting system. Due to be used in the 2004 primary and general elections, the voting system project was scrapped by the Pentagon largely because of the security flaws highlighted by Wagner and his co-authors.

In 2003, he was awarded a Sloan Research Fellowship to "recognize and support young scientists and scholars" in various fields. He was also named one of Popular Science's "Brilliant 10" researchers for his work in cryptography the same year. Wagner remains active in the areas of computer security, Internet security, privacy, cryptography, and e-voting security.

Dr. Issa Traore

View Dr. Traore’s Report

The Information Security and Object Technology (ISOT) Research Lab ISOT was founded in 1999, and since then has been carrying out innovative research in computer security and software engineering.

The main research thread pursued in the ISOT lab lies in rigorous development of secure and dependable computing systems and in the protection of these systems. Their recent and current research activities include the following:

• Software verification technologies
• Validation and verification of Cryptographic systems
• Software security
• Distributed systems security

Patents

The Whitenoise™ is patented in the USA and broadly internationally. Currently we have been notified of the issuance of 28 patents with 12 more patents pending.

The International Patent Examining Authority (IPEA) granted all claims in May 2005. The United States Patent Office granted all claims in October 2006. Whitenoise is patented or patent pending in 40+ countries covering two thirds of the world’s population and economic activity.

WNL Receives 27 Patents in the European Community

US Patent Number 7190917 Issued for Whitenoise

International Patent Opinion May 2005

US Patent Examination Approval Oct 2006

Educational Seminars/Conferences on Technology

Please contact Andre Brisson for presentations at your conference or seminar.

Topic - Dynamic Distributed Key Infrastructures [click to play] 22MB

Presentation given at ISC2 at IBM Canada June 2006

Abstract - This narrated presentation provides a technical look at the architecture of the Whitenoise symmetrical stream cipher and examines why its characteristics facilitate massive secure networks. An architecture using AES algorithms and Whitenoise as an Identity Management authenticator is examined. Trans-encryption is explained. Finally, we examine how millions and millions and millions of legacy appliances, like cell phones, can easily and inexpensively be brought into secure networks.

Topic - A Scalable Identity Management and Authentication Architecture [click to play] 21MB

Building Huge Scalable Dynamic Distributed Key Secure Networks

Presentation given at The West Coast Security Forum November 2005

Abstract - This narrated presentation describes a scalable architecture that has been developed to simplify Identity Management and the Authentication of users, as applied to the storage, access and transmission of corporate information assets. This authentication technique combines the identification of a person, and the securing of their electronic information, into one manageable, extremely secure process. Secure File Interchange is examined as an alternative to Public Key systems and we examine how it can be deployed in telecommunication systems.

Topic - In Denial: Code Red Digital Winter - The Failure of Critical Infrastructures [click to play] 6MB

Abstract - Our lifeblood is safeguarded by the security of the networks running our critical infrastructures. The consequence of failure is Digital Winter. Dynamic Identity Verification and Authentication [DIVA] provides point-to-point secure communications through a server. 100% accurate continuous authentication, inherent intrusion detection, and automatic revocation address the deficiencies of asymmetric networks in the simplest manner. Man-in-the-Middle attacks like Silent Banker are neutralized!

It is in the national security interest to have a ready solution for securing digital grids in a time of deepening recession, plunging Information Technology budgets, and exploding computer crime. Remote, inexpensive, electronic provisioning scales secure networks to any devices with memory and connectivity in one step.

Topic - Stop Credit Card and Identity Theft [click to play] 10MB

Abstract - This narrated presentation examines a single private key system where the key is NEVER given to the client and the key is used in a non-cryptographic context. As such, the use of this technique is not regulated. This technique provides an easy to implement technique for the prevention of credit card and identity theft and provides a powerful non-cryptographic authentication technique that can be used in a host of contexts.

Topic - Dynamic Identity Verification and Authorization(DIVA™) [click to play] 344KB

Abstract - This un-narrated presentation examines the use of a Whitenoise key to provide continuous real-time authentication during a session. Current authentication techniques are restricted to authenticating a person at the beginning of a session or transaction but are susceptible to spoofing afterwards. This is another implementation of the single private key non-cryptographic authentication technique where the client is never in possession of their private key (it remains at the controlling enterprise i.e. bank). For use in sessions of duration, either the server, or the client, can periodically make calls to ensure the proper person is on the system and is not being spoofed.

Topic - Total Cost of Ownership Comparison [click to play] 84KB

Abstract - This un-narrated presentation quickly examines the different costs to secure your enterprise with Verisign Public Key system, Microsoft Voltage Identity Based Encryption and Dynamic Distributed Key systems.

Topic - Bringing in Legacy Appliances into Secure Networks [click to play] 6.5MB

Abstract - This narrated presentation quickly examines an electronic technique for bringing in the millions and millions and millions of legacy appliances like cell phones into secure networks.

Topic - The Security Summit Contest Presentation [click to play] 304KB

Abstract: This un-narrated presentation is the 6-minute presentation for the Security Network technology contest. Whitenoise Laboratories (Canada) Inc. is proud to have been one of four Canadian companies invited by International Trade Canada to attend the Security Summit in San Diego, California in June 2006.

Telecom/Enterprise Product/Service Offerings

Whitenoise Laboratories (Canada) Inc. was one of just 11 Canadian companies chosen to give a presentation the Service Provider Investment Forum which is comprised of the world’s largest telecommunication players and facilitators.

Service Provider Investment Forum presentation February 2007

This presentation examines product/service offerings for telecommunications companies. We examine both managed services offering characterized by monthly pricing models as well as VAR offerings that is characterized by providing your clients with complete, self contained enterprise Secure File Interchange solutions.

Telecom/Enterprise Service Offering Secure File Interchange

Subsequent Telecom/Enterprise service offerings

The value proposition for telecom's is most impacted by control points within their infrastructure and the control points they can sustain while delivering products and services to their client base. The original study was commissioned by market leading telecommunications companies to Oxford University. This study superimposes the value proposition of Whitenoise within this model.

The Value Chain for the Telecom Industry

Total Cost of Ownership or the total cost of a product or service ultimately becomes the determinant factor in the purchase of secure products and services by consumers, both individuals and enterprises.

The ideal scenario for telecommunication companies is to provide services based on monthly charges.

The following two Total Cost of Ownership presentations are done based on the model of selling complete secure network systems to enterprises and only having recurring annual license and maintenance fees.

Secure File Interchange Total Cost of Ownership

Total Cost of Ownership Comparison

Public Key Infrastructure versus Identity Based Encryption versus Pretty Good Privacy versus Dynamic Distributed Key Infrastructures [click to open or save] 53 pages

This is a lengthy (53 pages) but useful comparison between the various security schemes available, how they work, the problems which are introduced, and a Total Cost of Ownership comparison.

PKI Research Materials [click to open or save]

"Exhaustive key search is not a threat.

Whitenoise uses keys with at least 1600 bits of randomness. ... Even if we hypothesized the existence of some magic computer that could test a trillion trillion key trials per second (very unlikely!), and even if we could place a trillion trillion such computers somewhere throughout the universe (even more unlikely!), and even if we were willing to wait a trillion trillion years (not a chance!), then the probability that we would discover the correct key would be negligible (about 1/2¹³⁴⁰, which is unimaginably small).

In this report, I tried every attack I could think of. All of them failed. This provides evidence for the hypothesis that Whitenoise is cryptographically secure."

-Professor David Wagner, Berkeley, October 2003