|
| iPhantom™
Technical Description |
|
| Welcome
to the iPhantom™ technical description page. Listed on this page are more in-depth technical discussions and explanations
of how the iPhantom™ works. |
|
| Index |
|
|
|
| Technology Overview |
|
| The iPhantom has two external RJ-45 Ethernet ports located
on the back of the unit. One port is labeled 'Internet', while
the other is labeled 'Computer'. The Internet port is intended
to be connected to a broadband Ethernet connection that has
access to the Internet. This traditionally is a broadband
modem, like DSL or Cable. The 'Computer' port can be considered
a clean, protected connection. The Ethernet line that requires
protection is connected to this port. This can be a computer
in the case where an individual computer wishes to have protection,
or the Internet/WAN port of a broadband Ethernet router (including
those implementing NAT, or Network Address Translation). In
the case that the iPhantom is connected to a router, an entire
network can be protected. Since the Internet/WAN port of the
router is the single path out of the network for all computers
connected to it, it will receive the same level of protection
since it is connected to the iPhantom 'Computer' port. |
|
 Return to the top |
|
| System Overview |
|
There
are several aspects that make up the Phantom System. The
entire system was designed from the ground up. This includes
all of the hardware, firmware, and software including the
iPhantom, Phantom Gateways, Application Servers, transport
protocols, etc. The hardware was designed internally by
Phantom Technologies LLC to serve the purpose it performs
specifically. The effort spans numerous years of engineering
talent and effort in all aspects of system engineering.
This is what makes the system so unique.
There
are two key components that are very important to making
the system work. The first is the iPhantom unit. The second
is the Phantom Gateways. We will talk first about the iPhantom,
then about the Phantom Gateways.
The
iPhantom is an advanced piece of embedded hardware which
uses the latest Freescale Semiconductor processor in the
Coldfire family. The processor is the MCF5475 which has
multiple embedded cores enabling it to perform many functions
in hardware greatly enhancing performance. The Coldfire
processor has a hardware encryption engine which allows
encryption to be performed in hardware instead of software.
It is a limited superscalar, super pipelined processor that
has multiple DMA channels, dual Fast Ethernet Controllers,
dedicated single cycle internal SRAM, and other components
which help perform the various aspects for which the iPhantom
is responsible.
Each
iPhantom is programmed with a unique identifier and a unique
key. This ensures that each iPhantom will have its own private
key which is different from every other iPhantom. The identifier
and the key are used to negotiate sessions with Phantom
Gateways. This process will be explained later.
The
Phantom Gateways are concentrators that reside at a high-end,
world class data center with access to various Internet backbones.
They are custom designed hardware with multiple processors
dedicated solely to processing data coming from and going
to the iPhantoms. At a very high level, the iPhantom connects
with the Phantom Gateways which provide a high level of
security.
|
|
| Return to the top |
|
| Protocol And Encryption Overview |
|
| In order to achieve a high level of throughput, and the highest
amount of security possible, the system was designed to use
AES (Advanced Encryption Standard) encryption. In addition,
authentication is also performed on the data packets to ensure
the integrity of the data. This guarantees that the data is
not tampered with when sent between the iPhantom and the Phantom
Gateway. Combined with the hardware acceleration, the iPhantom
is capable of performing single pass ciphers and authentication
on all data packets. Phantom Technologies coupled this with
a custom, proprietary protocol to optimize bandwidth and throughput.
The custom protocol uses the UDP (User Datagram Protocol)
as the transport to move information between the iPhantom
and the Phantom Gateways. All packets entering the iPhantom
'Computer' port will be encapsulated within the Phantom Protocol
and encrypted using strong AES encryption. The system was
purposely designed using the UDP protocol. Many protocols
use TCP as their base transport. This is true of many applications
accessing the Internet on a PC including Web Browsing, E-mail,
etc. TCP is a data transport which uses acknowledgments to
guarantee data transmission. UDP does not. Since all data
leaving the PC needing the TCP functionality already check
acknowledgments and other aspects of the TCP protocol, there
is no need to duplicate this in the secure Phantom Protocol
transport. We call this TCP over UDP. This avoids duplicate
acknowledgments and greatly enhances the speed of the secure
connection. Every IP packet leaving the iPhantom protected
network will be encapsulated in the UDP packet, encrypted, and sent to the Phantom Gateway to which it is connected.
With this in mind, any outside potential threats and intruders,
will see the same type of UDP packet with an encrypted payload
regardless of the contents of the packets and the application
generating them (Web Browser, Amyl Client, Financial Application,
etc.). |
|
| Return to the top |
|
| Session Establishment |
|
When
the iPhantom is connected to the network desiring protection,
it will automatically detect the local network settings
if it is configured in DHCP mode and the local network connection
is using DHCP. Once this happens, the iPhantom will attempt
to establish a session with a Phantom Gateway. To do this,
the iPhantom will use its unique ID to negotiate a session
with the Phantom Gateway. The unique ID is used, as will
be seen, to determine whether a subscription is up to date
and eliminates the need to use the local IP Address of the
system using the iPhantom for negotiation.
When
the iPhantom connects to a Phantom Gateway, the Phantom
Gateway queries the Central Server to determine a number
of things. The first is the status of the iPhantom. If the
iPhantom is active, the Central Server also determines which
Phantom Gateway the iPhantom should ultimately connect to.
The Central Server will choose the best suited and least
loaded Phantom Gateway that should handle the session with
the iPhantom. The original Phantom Gateway is alerted of
this, and the session can be forwarded and completed by
this different and better Phantom Gateway. This allows the
iPhantom to connect to the best connection consistently
and update its Phantom Gateway list dynamically.
Once
the Central Server provides the information for which Phantom
Gateway will handle the session and that the subscription
status of the iPhantom is active, the rest of the session
establishment will complete within the Phantom Gateway.
The Phantom Gateway associates the unique ID of the iPhantom,
the return IP Address of the iPhantom, and a virtual IP
address from a pool of IP Addresses held within the Phantom
Gateway.
Now
that a session is established with the Phantom Gateway,
the iPhantom can transport secure protocol UDP packets between
itself and the Phantom Gateway. |
|
| Return to the top |
|
| Privacy Technique |
|
There
are a few main aspects when it comes to securing an Internet
connection, especially when it comes to privacy. The first
aspect involves protecting data between the iPhantom and
the Phantom Gateways to prevent intruders from evaluating
the data leaving a network. The second is protecting the
IP Address of the network using the iPhantom from the sites
and servers it accesses. The system covers both of these
aspects. All data between the iPhantom and Phantom Gateways
are encrypted using AES and are made to look the same by
packaging the packets within the custom UDP protocol running
the system. Once data reaches the Phantom Gateways, the
original IP Address is replaced with the IP Address associated
during session establishment. This is what the endpoint
sees on the Internet. So, if the destination were to be
a malicious site, they would have to go through your gatekeeper
in order to get to your system. This prevents port scans
and protects the identity of the computer or network using
the iPhantom.
There
are many iPhantom that connect to the Phantom Gateways.
All of the individual connections are secured using encryption
with the unique keys held within the iPhantoms. So from
the outside world, all of these connections look like ciphered
(scrambled) data that make no sense. On the outside (Internet
Side) of the Phantom Gateways, all of the requests coming
from the iPhantoms are decrypted and sent out with their
virtual IP addresses. All of this data coming from all of
the iPhantoms are blended together to offer an even greater
level of identity protection.
|
|
| Return to the top |
|
| Internet Security |
|
| This
is the heart of the system. Since the Phantom Gateways behave
as your gatekeepers, they provide unparalleled security to
your network. First, the network connection coming out of
the iPhantom 'Computer' port is protected with the highest,
most advanced firewall protection available today used by
Corporations and Governments to protect their most sensitive
systems. This means that if anyone wants to communicate with
you, they have to get past this protection. Secondly, your
presence to the outside world exists through the Phantom Gateways.
If they anyone wants to communicate with you, they can do
so with the virtual IP Address which points to the Phantom
Gateways, regardless of where your network or computer actually
exist. All of the data running through HTTP, SMTP, POP3, and
FTP are scanned with the most up to date virus definitions
available. As soon as a new definition becomes available,
it is updated in the system automatically. This protects you
from viruses before they reach your PC or network. The system
also implements Network Intrusion Detection to prevent malicious
intruders from reaching your PC or Network. All of your data
to and from the Phantom Gateways is secured with one of the
highest levels of encryption available today. Secure enough
to protect data at the Top Secret level in the U.S. government
with estimates in the trillions of years to crack. |
|
| Return to the top |
|
|
