As famous computer scientist Donald Knuth once quipped, "software is hard." Security specialist Ross Anderson added further: "security is hard." What of security software?
Is a bad idea to have non-specialized developers writing secure and or cryptographic code - when even specialists get it wrong sometimes?
We think so. That is why we offer the know-how required to not only implement, but also audit security critical code, to assess its design and ensure correct behavior.
What we specialize in
- Software Vulnerabilities
- Secure Implementation
- Risk Assessment
- Intellectual Property Protection
Cryptographic software is sensitive to bad implementations. Implementation flaws have plagued RSA and other public key schemes for years. Naive AES implementations are vulnerable to cache-timing attacks. Cryptographic random number generators are frequently not-so-random. Generally, side-channel attacks can be difficult to thwart, and are applicable to AES, RSA and Elliptic Curve cryptosystems.
We research and keep track of the best possible cryptographic primitives that ensure the safety of our clients' data in the long run, but also provide strategic advantages. One of the best ways to provide and ensure authenticity, integrity, and to secure data is through resiliant and properly implemented cryptography.
Reduce risks introduced by software vulnerabilities. Using static and dynamic techniques to address and eliminate vulnerabilities in software and binary applications, we check for potential exploitable issues before your products are shipped.
Digital signatures are often used to authenticate licenses, binaries, and other important data files. For more conservative applications, like network traffic encryption, we employ tried and tested algorithms for cryptographic applications such as NSA's Suite B to protect our clients' intellectual property with a high level of confidence.
We provide guidance for getting through this process in an optimal and efficient manner. We will help you identify informational assets and containers, identify threat and risk scenarios, analyze risks, and produce a mitigation approach. Organizations often employ the Risk Management process for internal structure or because of new client requirements. We understand the challenges associated with major changes and have the complementing products and services such as continuous monitoring and penetration testing to help ensure every guideline is met.
Intellectual Property Protection
Intellectual property is one of the most important assets to an organization. However, a lack of suitable solutions currently exists amongst the copy protection market. Kryptos Logic focuses on on three key areas of software protection: Digital Rights Management, Intellectual Property, and Anti-Piracy. We thwart reverse engineering and circumvention by taking advantage of new techniques and avoiding the common protection pitfall of "more of the same", which has traditionally been the approach of the current copy protection market. Our services provide for both games and applications in the online delivery of content (SaaS) and traditional download distribution.