Project image
)}
$3,157
pledged of $50,000pledged of $50,000 goal
21
backers
Funding Unsuccessful
The project's funding goal was not reached on Sat, January 31 2015 7:59 PM UTC +00:00
Last updated January 31, 2015

Protect your computer from Wi-Fi hacks with VPEx

Connect to the Internet from anywhere with the same security you have at home, without anyone holding your keys and charging you fees.

Protect your computer from Wi-Fi hacks with VPEx

Connect to the Internet from anywhere with the same security you have at home, without anyone holding your keys and charging you fees.

$3,157
pledged of $50,000pledged of $50,000 goal
21
backers
Funding Unsuccessful
The project's funding goal was not reached on Sat, January 31 2015 7:59 PM UTC +00:00
Last updated January 31, 2015

About

Every day brings stories of servers getting hacked, identities getting stolen, and personal data being compromised. While some people aren't concerned with their lack of privacy, nobody wants to share their account information and personal photos with the world. And hardly anyone would be happy when service providers look at their traffic to determine what should be allowed to pass, or be slowed down. Also, many people around the world are uncomfortable with governments capturing all communications, and aren't willing to just let politicians decide if that violates their constitutional rights. That's why we're here, as we believe we need and deserve the ability to communicate privately and securely. 

The best way to protect digital communications is to encrypt everything that leaves a computer, and only let the intended recipient decrypt it. We started developing hardware and software a few years ago to achieve this goal, and while we're not all the way there, we're ready to start locking down the insecure Internet.  

Our Solution

Our first step addresses the most vulnerable part of the Internet: open wi-fi networks, which are very susceptible to all kinds of hacks. You can read why open wi-fi is a threat here  or here or here . 

Open wi-fi hotspots are vulnerable because, well, they are open. Since you send and receive data over the air, others can receive it also – it's just a radio, after all. While SSL encryption is used by some websites, not all websites encrypt data, and even when they do, there are holes (SSL is not perfect). And your computer can be tricked into connecting to the wrong network, or your data can just be intercepted by a man in the middle. If you're just reading the news on your laptop in a coffee shop, it might not matter, but many computers and mobile devices are accessing the Internet in the background, exchanging personal information, often without your knowledge. 

Unlike most encryption systems, we're not satisfied with a software-only approach. We go into more detail about this philosophy at http://www.xoware.com/technology/why-hardware-encryption/, but basically using dedicated hardware adds two very important layers of security: if you don't have the hardware with your unique key, you're not getting in, and encryption can't be compromised by malware that has taken over a computer, because it's performed in a separate device. 

To protect against wi-fi attacks, we have developed an inexpensive two-part solution that is very easy to use. The ExoKey, which is a small (a little more than an inch square) USB device that plugs into your laptop (and soon, your phone or tablet) and encrypts its network interface; and the ExoNet, a gateway that is connected to your home or office network, and provides a trusted connection to the Internet from wherever you are. Together, these devices create what we call VPEx, the Virtual Private Exonetwork. 

This is often referred to as a virtual private network, or VPN, but we call it an exonetwork because the boundaries between your home network and the Internet (and its “cloud” of servers) are blurred. It's now all one giant exonetwork, and data that travels over it should always be encrypted to keep it private. 

The ExoKey (http://www.xoware.com/products/exokey/) is essentially a powerful computer (for its size, anyway) that handles security for your portable or mobile device over its micro-USB interface. 

The ExoKey
The ExoKey
ExoKey, naked
ExoKey, naked

We developed the ExoKey instead of relying on a software app that you would download, because the security subsystem should not be part of the computing system. If a computer gets compromised, then software-based security is of little value – malware laughs at software-based security. In our solution, all important information, such as keys and passwords, are stored on the ExoKey, and never given out to the computer it is plugged into. The ExoKey encrypts all data that a computer sends out, and decrypts everything received by the computer. 

The ExoNet VPEx Gateway ( http://www.xoware.com/products/exonet/ ) is not very big either (about 3.2” x 3.5”), and is also a very powerful network computer with Ethernet interfaces and encryption hardware. It has a more powerful system chip (SoC), more DRAM, and more flash memory than the typical consumer routers that it resembles. The SoC has special silicon for encryption and network processing (which is why it isn't as cheap as those commodity routers). The primary function of the gateway is to provide a secure connection to the Internet, even when you are connecting via an untrusted, open network. 

ExoNet PCB Assembly
ExoNet PCB Assembly

We developed the ExoNet, instead of offering a service in the cloud, so that you can own this connection, instead of renting it from a company you don't know.  When it's connected to your home or office network, the ExoNet can receive encrypted data from your ExoKey, and forward it to the Internet over your DSL or cable (or, if you're lucky, fiber) modem, which is much harder to snoop. 

VPEx is based on IPSec, an industry standard protocol for encryption; however, we have modified it so that the encryption keys they use are managed by these two devices, and are only exchanged over a very secure connection (like their USB ports). We have created a simple user interface that lets you define a fixed relationship between the ExoKey and the ExoNet, so you do not have to configure IPSec (that will make you happy, unless you make your living setting up VPNs for other people). 

Unlike traditional encryption solutions, where keys (also called certificates) are managed by third party Certificate Authorities (CA), VPEx uses a peer-based key management system: plug the ExoKey into the ExoNet, and they exchange keys.  You do not have to rely on the CA or pay them, or worry about their servers getting hacked or just accessed without your approval. We have designed our software so that it will allow the expansion of the trusted network beyond a direct connection (this is important if we want to make end-to-end encryption possible everywhere). 

ExoNet + ExoKey
ExoNet + ExoKey

How it works   

There are a few steps that are required before using the VPEx system. First, the ExoKey host driver must be installed on whatever computer you want to use it with. Today, the ExoKey works with Windows (7 and 8.x) and Mac OS X (10.5 or newer) computers, using the drivers we provide. The driver modifies the network configuration on the host laptop so that all data is routed to the ExoKey when you choose to use it, and it opens a dedicated browser window to manage the ExoKey (the ExoKey has an embedded web server that is used for enabling it and managing its Secure Relationships). No user information is stored on the host computer; it is all kept in the ExoKey, as are its encryption keys

ExoKey Gateway Management Page
ExoKey Gateway Management Page

The first time you plug an ExoKey into a laptop, you will need to change its password, and then plug it into the ExoNet that you want to register it with. 

ExoNet Status Page
ExoNet Status Page

The ExoNet only needs to be plugged into your local network (and AC power through its micro-USB power port), where it can be accessed by a web browser on a computer also connected to that network. When an ExoKey is registered with an ExoNet (which requires a password and a name), the two devices exchange encryption keys, and the ExoNet tells the ExoKey its address. After that finishes, they have a Secure Relationship, and the ExoKey can be used anywhere away from your home or office. 

Registering an ExoKey with an ExoNet is simple.  Here is a short, horribly shot video that nonetheless still shows how easy it is to create a Secure Relationship between an ExoKey and and ExoNet:

 project video thumbnail
Replay with sound
Play with
sound

Using the ExoKey is just as simple.  After logging into the app on your computer, just click on the ExoNet that you want to connect to, as shown in this equally horribly shot video:

 project video thumbnail
Replay with sound
Play with
sound

                  When will it ship?   

The ExoNet and the ExoKey have been in beta testing since early July. The production PCBs are ready to build (we're in the middle of our last pilot build to wring out the production assembly process, and we need to make sure they meet emissions regulations), and they have been working for months without major problems. We have ordered the custom molds for the plastic enclosures, and should see the first parts in February. 

We've been testing and improving our software continuously, and our base level product works now.  Given the lead times of the custom parts, we can't ship until March or so. However, one of the advantages of using Kickstarter is that you will tell us how many we should build. Without this campaign, we would have to guess, and that's not easy (and often terrifying). We are targeting March 2015 for our first shipments.  

    Where is this designed and assembled?            

Our products are designed and assembled in California. The hardware was designed in Santa Barbara and San Diego, and our software is developed all over the world, for not only do we use open source software (u-boot, Linux, IPSec, STUN, DynDNS, etc.) as much as possible, but members of our software development team (employees and consultants) live in California and Europe. Our contract manufacturer is a top tier EMS provider, with factories on four continents, but for our customers in North America, we will build the products here, in Fremont, CA. 

In order to be able to build these products in the U.S., we had to design them so that assembly and testing does not require a lot of labor. The PCB assemblies in both products are 100% machine assembled – no parts are hand soldered. They are also programmed and tested by computers – they just need to be plugged into our test system, which will program their NAND flash and then automatically test them without requiring manual testing. We also designed minimalist enclosures that do not require tools or much time to assemble – they use inexpensive parts that snap together. 

Our goal extends well beyond just securing wi-fi.  If we just sold the devices as a VPN solution, it would still be a great step forward, as existing VPN products are far more expensive and extremely complicated to set up. However, just using it for that purpose would be a waste of hardware; once you have a pair of devices that have a Secure Relationship (which means the two devices have exchanged keys and address information over a secure connection), that pair can be expanded into a very large network of trusted connections (we expect to have that capability before the end of the Summer 2015). 

Right now, the ExoKey can have Secure Relationships with multiple ExoNet gateways, and the ExoNet can also have Secure Relationships with multiple ExoKeys. When an ExoKey is plugged into an ExoNet, they will be able to privately share their connections with each other, allowing both devices to grow their trusted network. 

We designed the ExoKey and the ExoNet with three major requirements: first, they must provide the highest level of security; second, they must be incredibly easy to use; and third, they have to be inexpensive. If it's not very secure, there is no reason to use it. If it's not easy to use, most people will not use it. If it's too expensive, not enough people will buy it. If we don't meet these design objectives, we will not achieve our overall goal of enabling private communications for everyone, regardless of where they are. 


                      A little bit about x.o.ware

x.o.ware, inc. was started in April 2011 to create products that protect the privacy of digital communications and data. The engineering team has several decades of experience developing hardware and software for networking and security products. 

                                  Etc. 

After this campaign is over, and every Kickstarter backer has received their hardware, the ExoKey and ExoNet will be offered for sale for $39.95 and $65, respectively. Like all electronics, the prices will drop when we get to higher volumes (but if we don't sell any now, we won't get to higher volumes – so don't wait for that). When we are selling hundreds of thousands of ExoKeys, the price will drop to $29.95. In the millions, we will be able to sell them for $19.95. They might approach $10 if we can sell tens of millions -- but don't expect them to be free if we are selling hundreds of millions, although some businesses might give them away to customers to use so they can securely connect to their servers (not only does the ExoKey encrypt data, but it also can authenticate the user, which is important for transactions where money or personal information is being exchanged). 

Unfortunately, we may not be able to immediately export these products outside the U.S.. Since they are designed to perform encryption (using AES256), they might require an export license (it's hard to tell for sure). However, our manufacturing partner has factories in other countries, so we plan to sell to customers in Europe, Asia, and South America next year, from plants that are located in those continents.   

We often get asked why we didn't use a flash drive form factor for the ExoKey, but the initial design actually did.  However, as we realized that people will want to use the ExoKey with tablets and phones, we re-designed it. Not only so that it would consume less power and not drain a phone's battery, but that it would also fit easily on the back of a mobile device.  Since we went to all of that trouble to make the ExoKey capable of working with phones, we will focus on supporting Android and iOS devices in 2015. 

One feature of the ExoKey allows you to securely access devices on your home network from the Internet.  The ExoNet can scan your network, and determine which devices are accessible from the Internet, and then pass that information to your ExoKey.  The ExoKey receives a list of devices that have local addresses, and then makes them available remotely, over the encrypted connection.

The benefit of this feature is that any networked device, like a surveillance camera or thermostat, for example, will no longer need to be accessed through a third party portal (many popular cameras transmit their video stream to the manufacturer's server, and let you access it from there). If you have a networked device that can be accessed from a computer on your local network, VPEx will allow you to securely and easily access it from anywhere. That means you will not have to use products that give their manufacturers information about your home network. Many companies are now working to create their version or part of the Internet of Things (IoT), and we want to make sure that you will be able to own your IoT. 

We will also be adding the ability to link two ExoNet gateways together, so that two physically separate networks can be connected as one. There are already products that can do this, but not for anywhere near $170 (the price of two ExoNets and an ExoKey). The challenge here is not actually implementing this (we can do that now), but creating a simple user interface for setting this up.  This will take a few more months, but it's important. We don't want you to waste your time trying to figure out how to use these things, asyou can already buy products from other companies that will waste your time and confuse you. 

By the time we enter into production, we will focus on adding the capabilities that allow you to expand the network of trusted connections. Enterprise gateways are also planned, to give businesses the capability to let their employees securely connect to their networks with an ExoKey, and to allow website operators to give their visitors secure access. 

We will never charge for firmware upgrades. Unlike companies that do charge for updates, the cost of developing new software will be covered by selling more products. 

We have not started this campaign to finance product development, as we are almost ready to go into production. We have already placed our first production orders (which, given we are a start-up company, means we have already paid for them). However, marketing consumer products (especially something so new that nobody else is selling it) can be even more difficult than developing them. We are utilizing Kickstarter to help us launch our marketing campaign, and guide our manufacturing plans. We're not looking for funding, we're looking for customers.

Questions We Expect to Get Asked

Too many for this page, go here to see them.  

Risks and challenges

We have designed plastic enclosures that have been fabricated using 3-D printers, but have not yet produced those parts using injection molds that will be used in production. Since 3-D printing does not have the resolution of injection molding, we will not be 100% certain the parts will fit perfectly until we get those first samples made. However, since the 3-D printed parts are almost a perfect fit, we expect that we can tweak the molds if necessary. Also, our plastic parts will be fabricated in California, so we won't have to wait for them to be shipped from China.

There are a few ICs in the design of both products that have long lead times. While we have parts on order (or already in stock at our contract manufacturer), if we have underestimated the demand for them (and we hope we have), not every order will ship on time.

We still have to refine our manufacturing software so that we can efficiently and quickly test the products. We don't expect this to be an issue, but if we have underestimated the scope of this task, it could also delay volume shipments.

We still have to build our support team, write product documentation (even though they are incredibly easy to use, we don't want to make you guess), and get a system in place to ship these products. However, we have time, and we need to know how many we will be shipping to come up with an appropriate plan.

Learn about accountability on Kickstarter
Questions about this project? Check out the FAQ

Support

  1. Select this reward

    Pledge $99 or more About $99

    Now you can own your network. You will receive an ExoNet and an ExoKey, allowing you to create a secure connection from anywhere to your home or office.

    Less
    Estimated delivery
    Ships to Only United States
    9 backers
    $

    By pledging you agree to Kickstarter's Terms of Use, Privacy Policy, and Cookie Policy.

    Kickstarter is not a store.

    It's a way to bring creative projects to life.

    Learn more about accountability.
  2. Select this reward

    Pledge $139 or more About $139

    An ExoNet and two ExoKeys, so you and a friend can use open hotspots without worrying who is watching everything you do.

    Less
    Estimated delivery
    Ships to Only United States
    6 backers
    $

    By pledging you agree to Kickstarter's Terms of Use, Privacy Policy, and Cookie Policy.

    Kickstarter is not a store.

    It's a way to bring creative projects to life.

    Learn more about accountability.
  3. Select this reward

    Pledge $169 or more About $169

    With the ExoKey and the two ExoNet VPEx Gateways that you receive, you can create a permanent, always secure connection between two distant (or nearby) locations, and also access the Internet from any untrusted location.

    Less
    Estimated delivery
    Ships to Only United States
    0 backers
    $

    By pledging you agree to Kickstarter's Terms of Use, Privacy Policy, and Cookie Policy.

    Kickstarter is not a store.

    It's a way to bring creative projects to life.

    Learn more about accountability.
  4. Select this reward

    Pledge $175 or more About $175

    An ExoNet and three ExoKeys, so you and two friends or family members can use open hotspots without fear.

    Less
    Estimated delivery
    Ships to Only United States
    1 backer
    $

    By pledging you agree to Kickstarter's Terms of Use, Privacy Policy, and Cookie Policy.

    Kickstarter is not a store.

    It's a way to bring creative projects to life.

    Learn more about accountability.
  5. Select this reward

    Pledge $229 or more About $229

    This family pack that consists of an ExoNet and five (5) ExoKeys allows you and four of your friends or relatives or co-workers to get that secure, trusted Internet access from anywhere.

    Less
    Estimated delivery
    Ships to Only United States
    2 backers
    $

    By pledging you agree to Kickstarter's Terms of Use, Privacy Policy, and Cookie Policy.

    Kickstarter is not a store.

    It's a way to bring creative projects to life.

    Learn more about accountability.
  6. Select this reward

    Pledge $399 or more About $399

    This ExoFamily pack consists of an ExoNet and ten (10) ExoKeys for your extended family.

    Less
    Estimated delivery
    Ships to Only United States
    2 backers
    $

    By pledging you agree to Kickstarter's Terms of Use, Privacy Policy, and Cookie Policy.

    Kickstarter is not a store.

    It's a way to bring creative projects to life.

    Learn more about accountability.

Funding period

- (45 days)