It is a real pleasure to introduce Carlos Vaca to you, senior programmer at Kriptos. I visited Carlos at Kriptos’s headquarters in Quito where we spoke about the Kriptos Enhanced Security (KES) project and about the impact this technology can have in businesses throughout the world.
Before commenting on this last, let me share his short bio with you. Carlos is a senior programmer at Kriptos and he is in charge of developing the backend of Kriptos. He is a seasoned professional with more than 10 years in experience. He is a specialist in writing Python language and also in Django and Flask frameworks. He is extremely passionate and creative; always interested in learning and creating. His passions, aside from programming, include playing soccer, tennis and photography.
What is KES?
The Kriptos Enhanced Security (KES) is a cybersecurity tool with which we intend to provide better security standards to protect data from our customers. The main driver behind the KES project was the fact that we were going to create a classification algorithm. In order to train the machine learning algorithm we were required to store documents that belong to our customers. For this to be feasible we were compelled to maintain high safety standards.
"In order to be able to train our classification algorithm, we needed to store thousands of documents. A lot of this information is sensitive which is why we cannot save it without it being encrypted. This is the main reason behind KES, a tool that allows us to encrypt the content of the documents."
How does Kriptos Enhanced Security (KES) work?
One of the main requirements, when we started to develop the software in Kriptos, was that the information had to be encrypted with RSA, a cryptography system used to cypher content. The dilemma we faced at the beginning is that RSA has a disadvantage. The problem is that RSA is limited to approximately 470 characters. This prompted the use of AES-256 as a complement for encrypting texts (it allows you to cypher any number of characters) and the use of RSA-4096 for the encryption of the AES keys.
How can this help other companies or software developers?
"At the end of the year we hope to release the KES code so that other companies can implement it in their systems and protect the transmission of any type of data or metadata. Sharing is part of our commitment as Kriptos."
What suggestions could you give to other programmers or companies that try to safely handle and transmit information?
There are many forms of encryption. I would recommend to investigate and find the options that are better suited to the needs of the company. My second suggestion would be to find the right specialist that can help with the implementation of the code. A lot of money can be lost by hiring the wrong talent!!
"I believe that the main thing that we can do for other companies and developers is to raise awareness by continually promoting a healthy culture of cybersecurity.
Basic architecture of KES operation
Carlos, could you give us some tips you consider important?
- From the beginning of development, security must be present at all times.
- NEVER store data without encryption.
- It is essential to have a specialized team in cybersecurity.