The development of a cryptographic product, from a protocol on a whiteboard to an industrial grade implementation, is a long and complex process. Our experts will help you avoid common (and less common) pitfalls at any stage of the development.
Related technology
Embedded Cryptographic Libraries
Give us the instruction set of your microcontroller and we do the rest.
We have more than 16 years of experience in developing and delivering cycle-accurate optimized cryptographic libraries. Our software can be declined on a variety of hardware platforms and support standard and advanced cryptographic algorithms.
Related services
Statistical Randomness Analysis
Don't give bad randomness a chance.
Any cryptographic algorithm requires randomness at some point. And it's better be good! Even the most advanced cryptosystem will eventually fail if associated with a bad TRNG or PRNG, putting at risk the full stack of security measures you carefully crafted. Hopefully, we've got you covered.
Cryptographic Protocols
Security by design is not an abstract concept.
Beware of alleged "military grade secure" products. It is one thing to use AES-256 or RSA-4096, using it correctly is a different kettle of fish.
We can help you build innovative products that require any standard or advanced cryptographic tools, such as elliptic curves, identity-based encryption, anonymous signatures, e-cash, DRM, Pay-TV and many others.
CSPN
« Certification Sécuritaire de Premier Niveau »
The French information security agency (ANSSI) developed the CSPN certification as a lightweight alternative to CC certifications. If CC/EMVco certification is too long or too expensive for your product, CSPN might be just what you are looking for.
Standardization
Opening the way to mid-term cryptography revolutions.
ISO/IEC SC 27 is the arena where international crypto standards are conceived. We work within ISO for a world that offers better security and better privacy to the global industry, gov-related institutions and above all, to users.
Related research project
Tisphanie
How (in)secure are mobile phones?
The main goal of the Tisphanie project is to propose a systematic and structured methodology, together with the related tools and evaluation process enabling the concerned users (MNOs, application developers, police laboratories, civil security operators) to efficiently assess the security of all major components embedded in personal devices (mobile handsets, PDAs, netbooks, PMR terminals) for critical or value-added applications.
Cryptographic Algorithms and Protocols Analysis
Are you aware of all the latest cryptography advances? We certainly are. And we put our expertise at your service to evaluate any cryptographic algorithm or protocol your engineers chose to include in your product. Does it require one of those new lightweight block ciphers? Or perhaps, a lightning fast signature algorithm? You name it.
We extract a cryptographic model from the specifications of the applicative architecture and identify the threat model that best captures your security expectations. Based on the latest advances of cryptanalysis techniques and/or using security proving, we then provide a quantitative security level assessment (aka. number of bits of security) as to how well the security solution effectively resists the identified security threats.
We provide a quantitative security level assessment
Cryptographic algorithms and protocols are the heart of your security product, so you should choose them wisely. We can help you make the right choice, confirm that you did, or suggest (tailor-made) alternatives.
Source Code Review
Writing code is hard. Writing secure code is even harder. Writing secure cryptographic code is an art. Our experts can help you review your code to make sure it is bullet proof. Whether it is high level Java code for your Android app, Swift or Objective-C code for your iOS app, Python, C, or assembly code on dedicated hardware, we can help.
We do not restrict to bug finding. We provide recommendation concerning the architecture, APIs and style. We let you know whether the implementation really conforms to the security requirements you aim for.
Are you compliant with the SEI CERT Coding Standards? Want to find out? Contact us now!
Side Channel Analysis
Given the low-level specifications and/or software code, we let you know whether the implementation really conforms to the identified security requirements or not. Security-related or cryptographic code often leaves the door open to a number of practical attacks that are hardly taken into account at the specification level (timing attacks, physical attacks enabling key recovery such as side channels and fault injection, security-impacting bugs, internal trapdoors and kleptographic hacks).
Find out whether your security product, application or architecture is worth your investments.
Related publications
-
Supplemental Access Control (PACE v2): Security Analysis of PACE Integrated Mapping.Jean-Sébastien Coron, Aline Gouget, Thomas Icart,
Pascal Paillier.In Cryptography and Security 2012, pp. 207-232, 2012. -
On Second-Order Differential Power Analysis.Marc Joye,Pascal Paillier, Berry Schoenmakers.In CHES 2005, pp. 293-308, 2005.