Digital safe24 de julho de 2018
By Suzel Tunes | FAPESP Research for Innovation – Since its foundation in 2012, Dinamo Networks, based in São Paulo, Brazil, has specialized in the development of encryption, digital signature and certification solutions to protect confidential data in the virtual environment. It already has some 400 customers, mainly in the financial services industry, including the Central Bank of Brazil. With support from FAPESP’s Innovative Research in Small Business Program (PIPE), it is currently developing a new architecture for hardware security modules (HSMs) to expand the possibilities for cloud-based data encryption.
“An HSM is like a digital safe. It stores cryptographic keys,” explains electrical engineer Enilton Antônio do Nascimento Júnior, one of Dinamo’s founding partners. These keys are used to decode the encrypted messages created by cryptographic techniques to protect confidential data. An HSM is also a device that acts as a cryptographic service provider, managing the key lifecycle and executing digital signatures.
According to Nascimento, rising demand for encryption will require firms in the sector to switch from the current model, which “centers on the sale of HSM equipment” to a model consisting of cloud-based encryption services offered by data centers. This is the type of service Dinamo aims to create via the project under development.
“Today, every company establishes its own data security structure, even with data stored in the cloud, and this leads to higher cost,” he says. In the near future, smaller firms will subscribe to data center services instead of acquiring HSMs with less processing capacity, and the data centers are Dinamo’s potential customers.
The tool Dinamo is developing will be capable of processing the security of a gigantic amount of data in the cloud. “We’re talking about very large-scale processing for millions of people and thousands of companies, with millions of transactions per second,” Nascimento explains. “Our project will produce a platform designed to guarantee a very high level of security for very large volumes of data.”
To obtain this result, mechatronic engineers, mathematicians and risk analysts at Dinamo (which currently has 25 employees) are working on a new HSM architecture that combines hardware (the physical part of the equipment) and firmware. Also known as “embedded software”, the firmware receives operating instructions from the programming in the hardware.
Nascimento notes that similar tools already exist in the international marketplace. “The main difference featured by our product will be its high concentrated capacity, enabling massive demand to be met for a low cost per transaction,” he says.
Trusted Service Provider
Nascimento graduated in electrical engineering from the University of Brasília (UnB) in 1993 and almost immediately started working in information security. “To begin with, the main difficulty was getting customers to see information security as an essential requirement,” he recalls. “Few understood the importance of security and the benefits of implementing it.”
Today, the situation is entirely different. “Demand for encryption in virtual environments is steadily growing,” he says. “Last year, for example, the Brazilian government created the figure of the Trusted Service Provider, or TSP, which exactly suits our offering.” The government will certify TSPs to store digital certificates in remotely accessed HSMs, he explains. They will be audited and supervised by the Information technology Institute (ITI), a new federal agency directly subordinate to the Office of the President’s Chief of Staff.
On July 10, 2018, the Brazilian Senate passed a law that originated in the lower house (PLC 53/2018) to establish a general personal data protection framework, including rules that govern the collection, treatment and secure storage of personal data by both the government and private enterprise.
The project itself has undergone adjustments in response to the constant growth in demand. “The level of security required by the market has risen since we had the idea,” Nascimento says, adding that alarm about the growing number of hacking attacks, invasions and identity thefts has obliged Dinamo to refine the project both to match the high level of security needed now and to make it flexible enough to adapt to new requirements that will come soon. “The digital certificates we use at present, for example, have twice the level of security they had four years ago,” he notes.
The project has completed PIPE Stage 1, proving the product’s technical feasibility. Dinamo is now preparing to proceed with development and plans to put the first units on sale next year.
According to Nascimento, in addition to the technological evolution the project will enable the firm to achieve, Dinamo expects to grow its share of the encryption market and become a global HSM benchmark. Its plans are boldly ambitious: it wants to multiply sales revenue up to tenfold in a period of five to eight years.