Hopr's AMTD Protection for Workloads, APIs, and Data
The protection of workloads, APIs, and data with a moving target defense occurs through the use of novel cloud native technologies capable of performing Synchronous Ephemeral Encryption between any two trusted endpoints connected to the Internet anywhere in the world.
Hopr's eXceptionally Tamper Resistant APIs (XTRA) is a cutting-edge product designed to secure communication between two or more endpoints on a network. XTRA secures communication by harnessing the power of the patented Codes Hidden In Plain Sight (CHIPS™) technology to ensure encrypted and tamper-resistant communication. As a robust software solution that boasts a multitude of security-focused features, XTRA is specifically designed to address cybersecurity concerns with the utmost efficiency and reliability.
XTRA employs a sidecar architecture deployed alongside workloads. It consists of two sidecars: a proxy server and a key server. The proxy container in XTRA utilizes Envoy, an open-source, high-performance, edge, and service proxy designed for cloud-native applications, to handle traffic encryption and decryption. The key server container in XTRA utilizes CHIPS™ patented technology to handle seed generation. These sidecars work together to provide various features in XTRA, including high-frequency key rotation and end-to-end encrypted communication channels for workloads.
Envoy Proxy: XTRA's proxy container handles traffic encryption and decryption by leveraging Envoy, an open-source, high-performance edge and service proxy designed for cloud-native applications.
XTRA: XTRA's key server container utilizes CHIPS patented technology for seed generation.
Container Runtime Environment: XTRA is designed to function within a container runtime environment, necessitating the installation of a container runtime engine on the system. Docker, Podman, and LXD are examples of container runtime environments. The choice of the specific container runtime environment will depend on the user's environment and requirements.
Operating System: Container runtime environments can be deployed on various operating systems, including Windows, Linux, and macOS. However, Linux distributions, such as Ubuntu, Debian, and CentOS, are the most commonly used operating systems for container runtime environments.
Good To Have Software:
Container Orchestration: Container orchestration is essential for managing and automating the deployment, scaling, and maintenance of containerized applications. There are various container orchestration tools available, including Kubernetes (K3s, K8s, etc.), Docker Swarm, and Apache Mesos. These tools provide the necessary infrastructure to efficiently manage containers and ensure their seamless operation within a distributed environment.
NOTE: K3s is used by Hopr for testing purposes of XTRA
Internet Connection: A stable internet connection is required to download and update both the container runtime environment and the container images used by the application. This connectivity is essential for fetching the necessary software components and keeping them up to date, ensuring the smooth functioning of the application within the containerized environment.
Storage: For XTRA, a minimum of 200 MiB of available storage is required in the deployment environment. However, the specific storage needs may vary depending on various factors, including the type of container runtime environment being used. It is recommended to consider the specific requirements and recommendations of the chosen container runtime environment when determining the storage capacity for XTRA.