Cryptography

The security challenge

In today's threat landscape securing communication, storage of assets, performing authentication and validation is fundamental to any digital services and electronic products. Existing services and products must be updated to include these security mechanisms. At the same time, security often adds to complexity, cost in terms of development, performance as well as computing resources.

Finding, selecting the security solution for a given service or product is therefor paramount, but can be very hard. Implementing, integrating, validating and manage the security solution during the lifetime of the service or product also brings their sets of challenges.

What Assured can help you with

Through workshops and discussion based on our experience we can provide advisory on what security solution your service or product requires to secure assets, meet a diverse set of requirements including use cases, usability, performance, manufacturing and cost. Assured supports in development and integration as well as we perform testing and verification of the solution, ensuring that the solution provides the identified security needed.

Assured can also assist in developing adapted security solutions that match the requirements in terms of resource utilisation, performance, power consumption and cost. This includes adaption of software and hardware.

Security mechanisms often rely on cryptographic secrets and public key infrastructure. Assured can provide advisory, and support related to key generation, key injection during production and personalisation as well as Public Key Infrastructure (PKI) definition, setup and management. This advisory often includes work related to random number generation and validation of random number generators.

Examples of what we have done

• Review of the NaCl based cryptographic protocols SaltChannel and SaltChannel v2
• Advisory of low cost, embedded authentication and hardware root of trust for a high volume IoT solution. The work included component selection and proof of concept integration
• Development of high performance (multi GByte/s) IEEE P1619 memory encryption for integration in edge processor
• Development of a Ed25519 based HW root of trust for cost sensitive HW solution
• Development of the threat model, security solution and digital HW design for the Tillitis Key Open Authentication Platform
• Development of AES-SIV-CMAC, key generators etc in hardware
• Development crypto, hashing and random generation HW for the Cryptech Open HSM
• Review of access control and authentication of a debug and service protocol used in vehicles
• Providing recommendations and advisory on acceptance testing of supplier provided random number generators used to derive keys

Areas and keywords we like to talk about

• Cryptographic and hashing algoritms such as AES, PRINCE, ChaCha, Poly1305, BLAKE2, SHA-256, AES-SIV
• Elliptic Curves such as P-256, Curve25519, ECDH, EdDSA
• Random numbers and things like FiGaRO, TRNG, DRBG, CSPRNG, SP 800-90, AIS-20, NIST SP 140-2
• PKI, certificates, X.509, alt names, management
• Protocols such as TLS, Wireguard, Axolotl Ratchet
• Libraries such as NaCl, OpenSSL, BoringSSL, Mbed, Monocypher
• Secure hardware such HSMs, Secure Elements, ARM TrustZone, biometrics
• Identity and authentication mechanisms such as 2FA, Webauthn, FIDO2, TOTP

References

• 2022: Tillitis Key 1 FPGA based SoC
• 2020: FPGA based Network Time Security (NTS) server implementation
• 2018: Public Statement on Review of Salt Channel V2 Specification
• 2015: Security Advisory CVE-2014-3260. Crypto implementation flaws in Pacom GMS System
• 2014-2020: CrypTech Open HSM