QuantumSafe CyberResilient Webserver

Strategy

To deploy good practices in CyberResilience and improve on them through research and by violating the RFCs if needed.

To review the latest developments in Quantum Computing and deploy select QuantumSafe I.e. Post Quantum Encryption Algorithms for data-in-transit and data-at-rest.

To minimise the infrastructure and operational costs through Open Source so that ToughVPS can be offered free.

Register for free ToughVPS

ToughVPS will be happy to host your website on a CyberResilient QuantumSafe WebServer. Please join the waiting list by sending an email click here.

Vision

By 2025-2030 the “Quantum Computers” will pose an increasingly serious threat to the existing digital assets such as Webservers. ToughVPS prepares its defences from 2020.

Objective

To be the world’s first CyberResilient and QuantumSafe WebServer available free to everyone.

CyberThreat Model “CIA Triad”

Availability

of ToughVPS.com gets a low priority. Although ToughVPS uses a basic WAF, the server can go down easily under DDOS, DDOS or EvilMaid attacks. ToughVPS does use CDN or Reverse Proxy solutions as they do not allow granular cyber security measures.

Integrity

Integrity of webserver and websites hosted gets medium priority due to the ransomware menace. I have improved the cyber hygiene but that is not enough. Good quality backups and BCP/DR are important."

Confidentiality

through cryptographic commun- ication gets the highest priority as we move closer to the Post Quantum world.

Scope & Intended Usage

ToughVPS is an illustration of a Virtual Private Server. It hosts simple websites for multiple domains using a CyberResilient and QuantumSafe framework.”

ToughVPS framework should be PCI/HIPAA/NIST compliant. However, I will not be wasting money on getting an accreditation. Remember this is an academic experiment.
ToughVPS framework should be PCI/HIPAA/NIST compliant. However, I will not be wasting money on getting an accreditation. Remember this is an academic experiment.
Please note crypto mining or other dodgy stuff and illegal activities are strictly prohibited.

Hardening Guides

ToughVPS framework considers the following hardening guides. However, it does not deploy recommendations that may deteriorate the WebServer functionality or performance.
• Lynis 3
• SSHaudit
• CIS Benchmark Guides (various)
• Dutch guidance on TLS
• SSL Labs Rating Guide
Your recommendations to add more standards are welcome.

Cyber Resilience Tests

This is where ToughVPS usually beats your own organisations and employers hands down. Compare our scores with yours!!
• SecurityHeaders
• Mozilla Observatory
• Internet.nl
• Qualys SSLtest
Your recommendations to add more tests are welcome.

Framework Features

1. ToughVPS uses “Open Source”.
2. ToughVPS is transparent. Details of the framework, all code and all configurations are available for independent security audit (except of course my passwords and the private keys for asymmetric encryption).

Below is the list of the main components of the framework.
• Hardened Linux distro and Kernel
• Hardened Webserver
• OpenSSL (In progress PQC fork)
• Hardened Transport Layer Security

• Website TLS Protocol - Only TLS 1.3 (TLS 1.2 used temporarily for testing)
• Website Key Exchange >= 4096 bits
• Website Cipher >= 256 bits.

Success Criteria

There is nothing called “success” in defensive CyberSecurity.
• If this humble “proof-of-concept” at ToughVPS resists cyber-attacks, we will call it “luck”.
• If ToughVPS survives the quantum challenge between 2020-2030, we can call it “enigma”.
• If ToughVPS becomes the “Platinum Standard” for others, we can call it “serendipity”.
CyberSecurity is an asymmetrical warfare and what we need is humility, confidence and perseverance.

Cryptography Objectives

• For symmetric encryption, ToughVPS currently use a minimum of 256bits. It enables 384, 512, 521 etc bits where available. Here the simple objective is to increase the size and complexity every year between 2020-2030.
• For asymmetric encryption, I am currently experimenting the PQC fork of OpenSSL. This is a short-term objective for 2020-21.
• The medium-term objective is to survive until 2025 using the so called “hybrid algorithms”.
• The long-term objective until 2030 is to survive using only newer PQ algorithms such as NTRU.

Privacy Policy Cookie Policy and Disclaimer