Surveillance Everywhere
How do you guarantee the safety of your data when the very hardware that processes it has potential back doors built into its firmware?
Although such hardware might be able to read memory, network traffic, and other system resources, and potentially even relay that data to surveillance partners,
if no one can understand the data, then it is still safe as long as the encryption holds.
Encryption Everywhere
Arch uses multiple layers of end-to-end encryption to guarantee data security in untrusted environments.
That encryption itself consists of multiple algorithms from the standard AES and SHA algorithms to graph-based techniques.
In the future, it will use quantum-resistant algorithms as advised by NIST. Data is always encrypted no matter its state: at rest, in transit, or during processing.
Where data is at rest in a database or file system, it is structured in a way that individual records cannot be identified, and therefore metadata about the data cannot be understood.
When per-row encryption is used, the keys are dis-associated from their corresponding record, such that the only way to access the right key is through Arch,
which itself is a controlled process that is encrypted and obfuscated.
Where data is in transit, it is encrypted and wrapped in an envelope, which is again encrypted to create a messaging system that will hold even if network traffic is compromised.
Every microservice in Arch communicates with each other using this encrypted envelope pattern and so will your application when you build upon it to so that an end-to-end encryption system
can exist across the entire platform.
When data is processed in memory, it is processed in a way where it does not lose its encryption, even when transferring encryption methodologies across architectural layers.