Press release

Castle Shield Holdings, LLC Announces a Secure, Enterprise Data-in-Motion VPN Solution

Sponsored by Businesswire

Castle Shield Holdings, LLC., announces the availability of its Aeolus VPN enterprise data-in-motion solution which offers point-to-point asymmetric and symmetric encryption for UDP and TCP. Aeolus VPN offers a streamlined approach to privacy that results in more stability and lower latency that is a perfect addition to enterprise data-in-motion security.

This press release features multimedia. View the full release here:

Platform Comparison Chart (Graphic: Business Wire)

Platform Comparison Chart (Graphic: Business Wire)

Castle Shield’s Aeolus VPN solution, based on WireGuard® VPN, provides enterprises with an easy to configure, encrypted point-to-point VPN connections that are secure, fast, and provides high levels of privacy for robust data-in-motion needs without compromising performance. Aeolus VPN provides the following key features:

  • Symmetrical Encryption

    Aeolus VPN provides customers with a choice of three symmetrical encryption ciphers: AES-256-GCM, ChaCha20, and Cipherloc Corporation’s (OTCQB:CLOK) Polymorphic Encryption Core (PEC) which is symmetrically quantum resistant and has a FIPS 140-2 validation certificate, #3381. Castle-shield’s use of the PEC is as an AES modality with a mathematical improvement in the overall symmetrical encryption strength.

  • Asymmetric Encryption

    Asymmetric encryption, also known as public key encryption (PKE), uses a public-key, private-key pairing. Data encrypted with the private key can only be decrypted with the public key, and vice versa. The sender and the recipient use two different keys. Aeolus VPN provides customers with best-in-class asymmetric encryption that is equally important for holistically protecting data-in-motion. For all three symmetric ciphers, the encryption key is asymmetrically exchanged between two or more network points.

    Aeolus VPN uses the following asymmetric key algorithms and hash functions:

    • Poly1305 for message authentication, which is great for installations that do not have cryptographic hardware acceleration.
    • Curve25519 for elliptic-curve Diffie-Hellman (ECDH) key agreement.
    • BLAKE2s for hashing, which is faster than SHA-3.
    • SipHash24 for hash table keys. HKDF for key derivation (as described in RFC5869).
    • 1.5 Round Trip Time (1.5-RTT) handshake that is based on the Noise Protocol Framework and provides forward secrecy.

Additionally, Aeolus VPN includes built-in protection against key impersonation, denial-of-service and replay attacks.

Aeolus VPN is platform agnostic and runs on Windows, Linux, and macOS. Aeolus VPN configured with either AES-256-GCM and ChaCha20 symmetrical encryption ciphers are available on all three platforms. Currently, the PEC encryption implementation is only available on Windows and macOS.

  • Multi-Network Protocol Support

    Aeolus VPN supports both UDP and TCP.

  • Performance

    Preliminary, in-house testing demonstrates:

    • Aeolus VPN download speeds are about 58.8% faster than OpenVPN and IPsec.
    • On average, Aeolus VPN is approximately 14.6% faster than OpenVPN on UDP and 56.1% faster than OpenVPN on TCP.
    • The average speed loss was approximately 19.1% for Aeolus VPN, 20.6% for OpenVPN on UDP, and 58.1% for OpenVPN on TCP.
    • Aeolus VPN’s performance is on par with the basic performance of the WireGuard.

Note: These general performance results vary slightly depending on the symmetrical cipher or symmetrical encryption modality that is in use.

  • Quantum-Resistance

    For quantum-resistant symmetrical encryption, Aeolus VPN leverages Cipherloc’s innovative Polymorphic Encryption Core (PEC) solution that takes any existing encryption cipher and makes it stronger, agile and scalable.

    Aeolus VPN’s WireGuard foundation is not asymmetrically quantum-resistant by default; however, the pre-shared key parameter can be used to add a layer of post-quantum secrecy in the future. For asymmetrical quantum-resistance, Castle Shield has laid the foundation for asymmetrical encryption algorithms to run as a truly post-quantum handshake on top of Aeolus VPN. As an example, this would allow the encryption key to be inserted into Aeolus VPN’s pre-shared key slot.

“We chose WireGuard as the foundation because it has a very small code base of approximately 4,000 lines of code as compared to OpenVPN and IPsec that each have over 400,000 lines of code. This means that Aeolus VPN has a smaller attack surface and it has the added security measure of not responding to unauthenticated packets. More importantly, the Aeolus VPN integration of WireGuard offers a secure data-in-motion solution that runs on Windows, Linux, and macOS, provides proven asymmetric key exchange, has sophisticated hashing functions, leverages message authentication for added security, and works equally well for UDP and TCP protocols,” said Dr. Milton Mattox, Chief Technology Officer at Castle Shield Holdings, LLC.

Aeolus VPN is available today for Beta testing and proofs of concept and comes with the PEC as the default symmetrical encryption for Windows and macOS. Aeolus VPN enables enterprises to securely encrypt point-to-point data-in-motion connections without compromising performance and flexibility.

About Castle Shield Holdings, LLC

Founded in 2019, Castle Shield offers a complete range of enterprise-grade cybersecurity solutions that protects enterprises and consumers against all internal and external cyber threats. Our quantum-resistant solutions (Fides) stand strong as the last line of defense for enterprise and consumer data in the emerging quantum computing threat landscape. Legion, our Security Information Event Management or (SIEM) product portfolio and Fides work together to strengthen your overall data security. We monitor and address threat vectors through our scalable, multi-tenant SIEM platform, protecting enterprise systems and data in an efficient, cost-effective manner. In addition, we utilize an advanced compliance platform (Senate) and expert analysis with an in-depth understanding of dynamic compliance standards and industry best practices to highlight cyber risk factors. Our Senate system provides comprehensive ratings for third party vendors based on technical risk scores, compliance, and financial impact in the event of a breach. Our 360° proactive security solutions are what sets Castle Shield apart independent of your IT back-bone whether cloud, hybrid or premise based. For further information, please go to