Skip to main content

MTE Key Features

The MTE library allows customers to choose the right features for the right circumstances. Features are compiled into your specific MTE library, and working with your Eclypses technical sales representative is essential to select the correct attributes for your environment. Upon request, we can also provide a runtime library for fine-tuning MTE options, but you should refrain from using such a library in production environments.

Base MTE

Random Streams of Values are Instantly Obsolete

Replay attacks are a massive issue for security because of how easy they are to pull off.

"Simply resubmit the payload to trigger the same action."

With MTE, we combat this problem very simply: Once a Random Stream of Values is used, MTE cannot use it again!

Time Stamps, Checksum, and Sequencing

Another common attack vector captures packets to manipulate and use later. The MTE combats this in three ways:

Time Stamps

An MTE Packet will expire if not received within a preconfigured period of time.

Sequencing

The MTE will track the sequence of received packets. If a packet is received out of order, the MTE may disregard it.

Alternatively, the MTE can self-heal from dropped packets due to lossy communication or decode packets out of order in an asynchronous environment.

Checksum

The MTE will confirm that there is no packet tampering or injection

Note

These features are optional and configurable at runtime.

Random Obfuscation

By randomly obfuscating the data before MTE or MKE secures it, it dramatically reduces the ability of an attacker to perform brute force attacks and eliminates any structure cues that may exist. In addition, the obfuscation is never related to the data and is unique for every piece of data, even if the data is the same.

Token Length

When substitute values are created from the Random Stream of Values, their length is configurable.

Pros and Cons

  • Small tokens are faster to generate, leading to smaller payloads but are not as random.
  • Large tokens are far more unique and tougher to guess but add more to a payload.

Add-ons

We understand that not every implementation of the MTE needs every feature. Sometimes, it pays to be small. To limit the library's size and ensure maximum scalability, the MTE has additional add-on libraries.

Fixed-Length Packet size

Some actions, while not giving the exact picture of what is happening, can be unique enough to differentiate themselves in an unintended way.

For instance - when voting for two options, a hacker may identify a vote for the candidate with the longer name because the payload is longer.

With the Fixed Packet Size add-on, a packet can be padded to the number of bytes determined by the process.

Managed Key Encryption

One of the main downsides to replacing data with a Random Stream of Values is the increased size of the payload.

For instance - the word "computer" is eight characters. The MTE will create a unique Random Stream of Values for each byte of the string. Suppose the customer is using an 8-byte Random Stream of Values; this would result in a final payload of 64 bytes. It is easy to see how quickly the payload will grow when the data to be encoded gets longer.

Can the MTE handle large amounts of data?

With the Managed Key Encryption add-on, data passed into the library will be encrypted using a unique, instantly obsolete encryption key.

Some common use cases for Managed Key Encryption:

  1. Larger Payloads.
  2. Streaming video.
  3. Images or web content.

Secure Data Replacement (SDR)

Operating systems and other mechanisms related to application data storage are prone to security flaws exploited by attackers. Zero-day attacks on operating systems and rogue applications are enormous concerns for mobile and web developers.

With SDR, the application secures add-on data that needs to be stored before passing it to the OS, eliminating the need for trust.

This Add-on is only available in MTE Mobile and MTE Web environments. Expect more to come soon!

Elliptic Curve Diffie-Hellman (ECDH)

For most-use cases, it is important for sender/receiver endpoints to handshake and negotiate a common Entropy. ECDH is a key agreement protocol allowing two parties to establish a shared secret over an insecure channel.

CRYSTALS-Kyber

Kyber is a quantum-safe algorithm allowing two parties to establish a shared secret using an asymmetric cryptosystem.

Random Number

It is important to have a good source of Random Data.