Quick Links:

Technology Quick Facts

Alliance Collaborator Technology Overview

Caruso Application Hosting Platform

The Alliance Collaborator service is designed using ThoughtRealm's own proprietary hosting platform, which is called, "Caruso". The Caruso hosting architecture is developed internally by ThoughtRealm for the purpose of providing an application hosting environment that is both safe and application oriented.

To accomplish this, the Caruso technology uses no Web stack based technologies, such as Web Servers, Web Browsers, HTTP, FTP, etc. Instead, with the exception of data storage, the Caruso platform provides all of it its own services and technical needs, including: proprietary protocols, channel encryption, end-user Client software, file transfer and storage, application servers and scripting environments, and server load balancing, just to name a few of the services provided by the Caruso platform.

By using our own technologies, ThoughtRealm is able to offer internet capable hosted applications that exhibit few-to-none of the weaknesses of the Web, such as its poor security, while still providing all the benefits of distributed architectures. The founders of ThoughtRealm have been working on the elements of the Caruso architecture for over 10 years. Caruso is the culmination of these efforts.

Caruso Client Description

The Caruso platform can be divided into two basic areas; which are: elements that reside on the end-user's computer and elements that reside on our servers. All of the elements that reside on the end-user's computer as a whole are known as the "Alliance Secure Client Access Software", or just "Client" for short. The elements that reside on our servers provide the requisite functionality to host and service the various application needs of a hosted application. Collaborator is one such application service that is hosted on our servers.

The Client is installed with a small downloadable installer, which is approximately 4 meg. Once installed, it is self maintaining, requiring very little intervention for future updates, when they are available.

The Client has several purposes, first and foremost being to establish and support secure communication channels with our servers. When the Client runs, it prompts the end user for credentials, by which it establishes a secure communication session with our servers. After that, it is basically a proxy between the user and the server; gathering feedback from the user and providing it to the Server, while also receiving instructions and data from the server and displaying it to the user.

Caruso Secure Channels

The Client communicates with our servers over secure, encrypted channels. The Caruso secure channel architecture was specifically designed to provide numerous benefits, some of which are:

  • Provide native user identification during channel negotiation without exchanging the secret passwords
  • Require two user passwords to reduce risks of dictionary and brute-force attacks
  • Provide cryptographically strong encryption and key security mechanisms, without requiring public key distribution methods
  • Provide "always on" encryption, meaning everything is encrypted from start to finish of the session
  • Inherently resist common attacks, especially "Man-In-The-Middle" attacks
  • Provide constant key mutation over time for supporting long term, persistent channel security in the form of an efficient stream cipher
  • Sufficiently obscure channel contents so as to mask possible leakage that is inherent with all block ciphers
  • Inherently resist cryptanalysis

When you enter your credentials and login, the Client negotiates and establishes a secure channel to one of our application servers. Unlike the Web, this is a persistent channel, meaning that it stays connected for the entire duration of your session. While a persistent channel does have some drawbacks, it has numerous benefits, which will be discussed later in this document.

Although the Caruso secure channel protocol is proprietary, it is implemented using industry standard, cryptographically strong block ciphers and hashes. From a technical perspective, the Caruso secure channel pattern implements two stream ciphers at each session endpoint, one for input and one for output. Each stream cipher is based on a block cipher using a CBC variant feedback mode that is obscured by means of a random bit stream. The current implementation uses Blowfish for the block cipher with 448 bit keys and a 16 round iteration; while the random stream is generated using a 128-bit LFSR (Linear Feedback Shift Register). The streams are initialized at different stages during sign-on using random values emitted from the server combined with the hashed output of the user's private passwords; a process referred to as "promotion" within the Caruso channel pattern. Blowfish was chosen for the current implementation due to its speed, especially with 32 bit systems, as well as its history of resisting cryptanalysis. Also, it offers a public domain license that is not encumbered by patenting restrictions. However, future channel implementations may use different ciphers, based on the needs of particular systems. [The Blowfish block cipher was invented by Mr. Bruce Schneier. More information on the Blowfish cipher may be found at http://www.schneier.com/blowfish.html

Also, unlike SSL, there are no key management or negotiation mechanisms; only private keys are used. All key distributions are initially handled logistically through external policies and procedures and are self governed by users or administrators.

Caruso Security Benefits

Unlike the Web, all data and communications are encrypted between the Client and our servers. With Caruso, there is no such thing as an unencrypted session. In contrast, the Web protocols, such as HTTP, are, for all practical purposes, completely ignorant of encryption. As a result, SSL must be employed to protect Web data in transit. Unfortunately, since the web is able to operate in these dual modes, data can very easily be compromised in transit unintentionally, simply by programmers forgetting to require the necessary security features in every single web page of a particular site. Also, Web servers can be tricked into operating in unsecure modes through various attacks.

None of that is possible with Caruso. With Caruso, all communications are natively encrypted. Additionally, they are encrypted at the application endpoints, so that network layered attacks cannot occur either, such as MITM attacks on the TCP/IP stack itself. While those are possible with SSL, they are not possible with the Caruso Client or Servers.

An additional benefit of the Caruso secure channel is that it does not transmit private keys when establishing the session. Instead, random session keys are generated algorithmically by both the Servers and the Client, using transformations of the user's credentials combined with random channel data provided by the Server. This allows the session to be established and the user identified without the Client having to transmit your passwords to the Server.

In contrast, the Web must transmit your passwords or some other form of authorization to the server, in order for the Web site to identify and authorize you. As a result, Hackers that are able to redirect your Web browser to an identical looking (but fake) website, a process known as spoofing, are able to gather the passwords of unwitting users that attempt to login. Usually, this attack is accomplished in combination with Phishing.

With Caruso channels, that is not possible, since the credentials are never transmitted. Even if a hacker is somehow able to make your Client connect to the wrong server, they would not be able to get your passwords, since they are not actually transmitted to the server during login. Thus, this has the effect of rendering phishing and spoofing attacks ineffective.

Also, for security reasons, the Client does not open any inbound communication ports. ALL Caruso channels are outbound. As a result, there are is no way for an attacker to gain access to your system via network communications through the Client. This is true for file transfers as well. In comparison, FTP, when not operating in passive mode, must allow for inbound access to handle file transfers. Not so with Caruso. All Caruso channels are outbound.

Lastly, Caruso channels are inherently resistant to Man-In-The-Middle attacks. Without public key exchanges and password transfers that can compromise the channel security, Caruso channels are not practically subject to Man-In-The-Middle attacks. This assumes, of course, that a hacker does not have access to your passwords. As a result, you must make sure that you do not divulge or otherwise compromise your passwords. Otherwise, a hacker might be able to execute Man-In-The-Middle attacks, as would be true for any block cipher implementation.

There are many more benefits to the Caruso channels. Unfortunately, the scope of this document does not permit them to be described here. As you can see, the benefits of the Caruso secure channels far outweigh the cost of our proprietary technologies.

Caruso Network Benefits

The Caruso platform was designed to provide numerous benefits relating to networking efficiency. For one, the proprietary protocols employed by Caruso are very network friendly. Compared to commensurate Web traffic, Caruso requires much less traffic to be transferred in order to support the needs of a Caruso application. This is especially true during the initial connection. In comparison, a Caruso channel transfers a small fraction of the comparable traffic transferred from a SSL enabled Web page when it is first loaded. As a result, our application servers are able to handle much more user traffic for a particular application. Likewise, the end-user's network environment is impacted much less by a Caruso user than a comparable Web app user.

Additionally, the persistent channels are much more network friendly than the non-persistent connections of the Web stack, which uses transient TCP/IP connections to fetch much of a page's data. In truth, non-persistent sessions actually work against the underlying TCP/IP philosophy and, as a result, incur much more overhead and are less efficient. In contrast, Caruso's persistent channels require much less TCP/IP overhead.

Also, persistent channels provide for a more efficient security mechanism. Due to the use of transient connections, a Web application must re-identify and / or re-authorize a particular Browser session on every data request. This is because the Web traffic over TCP/IP has no way to know from one connection to the next who is connecting, without re-authorizing every connection. While this process is optimally handled by the Web server itself for the most part, this still results in a major server side inefficiency that is manifested in slow server responses.

In contrast, Caruso persistent channels are promoted to a trusted state during the initial connection negotiation. After that, they do not need to re-authorize the user for every data request. While the initial connection startup may incur a relatively large server process to authorize the user and startup the channel, subsequent traffic for the duration of the session is highly optimized. And, of course, "relatively large" is still quite small when compared to loading an average SSL enabled web page. In actuality, the Caruso channel requires the exchange of only 6 small TCP/IP packets to startup a session, including server load balancing.

There are other networking related benefits achieved by the Caruso channels, such as reducing "slow start progressions". However, the scope of this document does not provide for explaining them in detail.

Requesting More Info on Caruso

Given the scope of this document, it is not possible to describe the Caruso architecture in great detail. Instead, this document has simply provided some technical overview. If you wish to request more detail regarding the Caruso platform, please contact us at info@thoughtrealm.com.